VirtualBox

Ticket #21219: VBoxHardening.log

File VBoxHardening.log, 370.1 KB (added by bobJ, 23 months ago)
Line 
12cf4.4310: \SystemRoot\System32\ntdll.dll:
22cf4.4310: CreationTime: 2022-10-12T06:33:27.046293800Z
32cf4.4310: LastWriteTime: 2022-10-12T06:33:27.080493500Z
42cf4.4310: ChangeTime: 2022-10-12T07:45:52.982665600Z
52cf4.4310: FileAttributes: 0x20
62cf4.4310: Size: 0x1ef5b8
72cf4.4310: NT Headers: 0xe8
82cf4.4310: Timestamp: 0xb5ced1c6
92cf4.4310: Machine: 0x8664 - amd64
102cf4.4310: Timestamp: 0xb5ced1c6
112cf4.4310: Image Version: 10.0
122cf4.4310: SizeOfImage: 0x1f8000 (2064384)
132cf4.4310: Resource Dir: 0x186000 LB 0x700a0
142cf4.4310: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
152cf4.4310: [Raw version resource data: 0x1860f0 LB 0x380, codepage 0x0 (reserved 0x0)]
162cf4.4310: ProductName: Microsoft® Windows® Operating System
172cf4.4310: ProductVersion: 10.0.19041.2130
182cf4.4310: FileVersion: 10.0.19041.2130 (WinBuild.160101.0800)
192cf4.4310: FileDescription: NT Layer DLL
202cf4.4310: \SystemRoot\System32\kernel32.dll:
212cf4.4310: CreationTime: 2022-08-30T05:15:38.755109600Z
222cf4.4310: LastWriteTime: 2022-08-30T05:15:38.776566700Z
232cf4.4310: ChangeTime: 2022-10-12T06:34:16.510777100Z
242cf4.4310: FileAttributes: 0x20
252cf4.4310: Size: 0xbb030
262cf4.4310: NT Headers: 0xe8
272cf4.4310: Timestamp: 0x4d6d72d1
282cf4.4310: Machine: 0x8664 - amd64
292cf4.4310: Timestamp: 0x4d6d72d1
302cf4.4310: Image Version: 10.0
312cf4.4310: SizeOfImage: 0xbd000 (774144)
322cf4.4310: Resource Dir: 0xbb000 LB 0x520
332cf4.4310: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
342cf4.4310: [Raw version resource data: 0xbb0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
352cf4.4310: ProductName: Microsoft® Windows® Operating System
362cf4.4310: ProductVersion: 10.0.19041.1889
372cf4.4310: FileVersion: 10.0.19041.1889 (WinBuild.160101.0800)
382cf4.4310: FileDescription: Windows NT BASE API Client DLL
392cf4.4310: \SystemRoot\System32\KernelBase.dll:
402cf4.4310: CreationTime: 2022-10-12T06:33:27.563780700Z
412cf4.4310: LastWriteTime: 2022-10-12T06:33:27.616545400Z
422cf4.4310: ChangeTime: 2022-10-12T07:45:52.990706200Z
432cf4.4310: FileAttributes: 0x20
442cf4.4310: Size: 0x2d3d10
452cf4.4310: NT Headers: 0xf0
462cf4.4310: Timestamp: 0xb0fac6c9
472cf4.4310: Machine: 0x8664 - amd64
482cf4.4310: Timestamp: 0xb0fac6c9
492cf4.4310: Image Version: 10.0
502cf4.4310: SizeOfImage: 0x2d2000 (2957312)
512cf4.4310: Resource Dir: 0x2a8000 LB 0x548
522cf4.4310: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
532cf4.4310: [Raw version resource data: 0x2a80b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
542cf4.4310: ProductName: Microsoft® Windows® Operating System
552cf4.4310: ProductVersion: 10.0.19041.2130
562cf4.4310: FileVersion: 10.0.19041.2130 (WinBuild.160101.0800)
572cf4.4310: FileDescription: Windows NT BASE API Client DLL
582cf4.4310: \SystemRoot\System32\apisetschema.dll:
592cf4.4310: CreationTime: 2019-12-07T09:08:13.518339400Z
602cf4.4310: LastWriteTime: 2019-12-07T09:08:13.518339400Z
612cf4.4310: ChangeTime: 2022-10-12T06:34:15.891889000Z
622cf4.4310: FileAttributes: 0x20
632cf4.4310: Size: 0x1f538
642cf4.4310: NT Headers: 0xd0
652cf4.4310: Timestamp: 0x31288ce0
662cf4.4310: Machine: 0x8664 - amd64
672cf4.4310: Timestamp: 0x31288ce0
682cf4.4310: Image Version: 10.0
692cf4.4310: SizeOfImage: 0x20000 (131072)
702cf4.4310: Resource Dir: 0x1f000 LB 0x408
712cf4.4310: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
722cf4.4310: [Raw version resource data: 0x1f060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
732cf4.4310: ProductName: Microsoft® Windows® Operating System
742cf4.4310: ProductVersion: 10.0.19041.1
752cf4.4310: FileVersion: 10.0.19041.1 (WinBuild.160101.0800)
762cf4.4310: FileDescription: ApiSet Schema DLL
772cf4.4310: NtOpenDirectoryObject failed on \Driver: 0xc0000022
782cf4.4310: supR3HardenedWinFindAdversaries: 0x0
792cf4.4310: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Programs\Oracle\VirtualBox'
802cf4.4310: Calling main()
812cf4.4310: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
822cf4.4310: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Programs\Oracle\VirtualBox'
832cf4.4310: SUPR3HardenedMain: Respawn #1
842cf4.4310: System32: \Device\HarddiskVolume3\Windows\System32
852cf4.4310: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
862cf4.4310: KnownDllPath: C:\Windows\System32
872cf4.4310: supR3HardenedWinInit: Performing a limited self purification...
882cf4.4310: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION
892cf4.4310: *0000000000000000-000000007ffdffff 0x0001/0x0000 0x0000000
902cf4.4310: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
912cf4.4310: 000000007ffe1000-000000007ffe4fff 0x0001/0x0000 0x0000000
922cf4.4310: *000000007ffe5000-000000007ffe5fff 0x0002/0x0002 0x0020000
932cf4.4310: 000000007ffe6000-00000031e21fffff 0x0001/0x0000 0x0000000
942cf4.4310: *00000031e2200000-00000031e22cbfff 0x0000/0x0004 0x0020000
952cf4.4310: 00000031e22cc000-00000031e22cefff 0x0004/0x0004 0x0020000
962cf4.4310: 00000031e22cf000-00000031e23fffff 0x0000/0x0004 0x0020000
972cf4.4310: *00000031e2400000-00000031e24b8fff 0x0000/0x0004 0x0020000
982cf4.4310: 00000031e24b9000-00000031e24bbfff 0x0104/0x0004 0x0020000
992cf4.4310: 00000031e24bc000-00000031e24fffff 0x0004/0x0004 0x0020000
1002cf4.4310: 00000031e2500000-000001c2c618ffff 0x0001/0x0000 0x0000000
1012cf4.4310: *000001c2c6190000-000001c2c6190fff 0x0002/0x0002 0x0040000
1022cf4.4310: 000001c2c6191000-000001c2c619ffff 0x0001/0x0000 0x0000000
1032cf4.4310: *000001c2c61a0000-000001c2c61a0fff 0x0002/0x0002 0x0040000
1042cf4.4310: 000001c2c61a1000-000001c2c61affff 0x0001/0x0000 0x0000000
1052cf4.4310: *000001c2c61b0000-000001c2c61ccfff 0x0002/0x0002 0x0040000
1062cf4.4310: 000001c2c61cd000-000001c2c61cffff 0x0001/0x0000 0x0000000
1072cf4.4310: *000001c2c61d0000-000001c2c61d3fff 0x0002/0x0002 0x0040000
1082cf4.4310: 000001c2c61d4000-000001c2c61dffff 0x0001/0x0000 0x0000000
1092cf4.4310: *000001c2c61e0000-000001c2c61e0fff 0x0002/0x0002 0x0040000
1102cf4.4310: 000001c2c61e1000-000001c2c61effff 0x0001/0x0000 0x0000000
1112cf4.4310: *000001c2c61f0000-000001c2c61f1fff 0x0004/0x0004 0x0020000
1122cf4.4310: 000001c2c61f2000-000001c2c61fffff 0x0001/0x0000 0x0000000
1132cf4.4310: *000001c2c6200000-000001c2c6200fff 0x0002/0x0002 0x0040000
1142cf4.4310: 000001c2c6201000-000001c2c620ffff 0x0001/0x0000 0x0000000
1152cf4.4310: *000001c2c6210000-000001c2c621ffff 0x0004/0x0004 0x0040000
1162cf4.4310: *000001c2c6220000-000001c2c62e8fff 0x0002/0x0002 0x0040000
1172cf4.4310: 000001c2c62e9000-000001c2c62effff 0x0001/0x0000 0x0000000
1182cf4.4310: *000001c2c62f0000-000001c2c62f4fff 0x0004/0x0004 0x0020000
1192cf4.4310: 000001c2c62f5000-000001c2c63effff 0x0000/0x0004 0x0020000
1202cf4.4310: *000001c2c63f0000-000001c2c63f1fff 0x0004/0x0004 0x0020000
1212cf4.4310: 000001c2c63f2000-000001c2c6451fff 0x0000/0x0004 0x0020000
1222cf4.4310: 000001c2c6452000-000001c2c653ffff 0x0001/0x0000 0x0000000
1232cf4.4310: *000001c2c6540000-000001c2c654efff 0x0004/0x0004 0x0020000
1242cf4.4310: 000001c2c654f000-000001c2c654ffff 0x0000/0x0004 0x0020000
1252cf4.4310: *000001c2c6550000-000001c2c655efff 0x0000/0x0004 0x0020000
1262cf4.4310: 000001c2c655f000-000001c2c6757fff 0x0004/0x0004 0x0020000
1272cf4.4310: 000001c2c6758000-000001c2c6758fff 0x0000/0x0004 0x0020000
1282cf4.4310: 000001c2c6759000-000001c2c675ffff 0x0001/0x0000 0x0000000
1292cf4.4310: *000001c2c6760000-000001c2c678dfff 0x0004/0x0004 0x0020000
1302cf4.4310: 000001c2c678e000-000001c2c685ffff 0x0000/0x0004 0x0020000
1312cf4.4310: 000001c2c6860000-00007df4163bffff 0x0001/0x0000 0x0000000
1322cf4.4310: *00007df4163c0000-00007df4163c4fff 0x0002/0x0002 0x0040000
1332cf4.4310: 00007df4163c5000-00007df4164bffff 0x0000/0x0002 0x0040000
1342cf4.4310: *00007df4164c0000-00007df5164dffff 0x0000/0x0004 0x0020000
1352cf4.4310: *00007df5164e0000-00007df5184dffff 0x0000/0x0004 0x0020000
1362cf4.4310: 00007df5184e0000-00007df5184e0fff 0x0004/0x0004 0x0020000
1372cf4.4310: 00007df5184e1000-00007df5184effff 0x0001/0x0000 0x0000000
1382cf4.4310: *00007df5184f0000-00007df5184f0fff 0x0002/0x0002 0x0040000
1392cf4.4310: 00007df5184f1000-00007df5184fffff 0x0001/0x0000 0x0000000
1402cf4.4310: *00007df518500000-00007df518522fff 0x0002/0x0002 0x0040000
1412cf4.4310: 00007df518523000-00007df51852ffff 0x0001/0x0000 0x0000000
1422cf4.4310: *00007df518530000-00007df519ddefff 0x0000/0x0001 0x0040000
1432cf4.4310: 00007df519ddf000-00007df519e75fff 0x0001/0x0001 0x0040000
1442cf4.4310: 00007df519e76000-00007df51a2f2fff 0x0000/0x0001 0x0040000
1452cf4.4310: 00007df51a2f3000-00007df51a2f3fff 0x0001/0x0001 0x0040000
1462cf4.4310: 00007df51a2f4000-00007ff4f2bddfff 0x0000/0x0001 0x0040000
1472cf4.4310: 00007ff4f2bde000-00007ff4f2be2fff 0x0002/0x0001 0x0040000
1482cf4.4310: 00007ff4f2be3000-00007ff503911fff 0x0000/0x0001 0x0040000
1492cf4.4310: 00007ff503912000-00007ff505acffff 0x0001/0x0001 0x0040000
1502cf4.4310: 00007ff505ad0000-00007ff505adbfff 0x0002/0x0001 0x0040000
1512cf4.4310: 00007ff505adc000-00007ff505b00fff 0x0001/0x0001 0x0040000
1522cf4.4310: 00007ff505b01000-00007ff505b04fff 0x0002/0x0001 0x0040000
1532cf4.4310: 00007ff505b05000-00007ff505b65fff 0x0001/0x0001 0x0040000
1542cf4.4310: 00007ff505b66000-00007ff505b6efff 0x0002/0x0001 0x0040000
1552cf4.4310: 00007ff505b6f000-00007ff51852ffff 0x0000/0x0001 0x0040000
1562cf4.4310: 00007ff518530000-00007ff69ab7ffff 0x0001/0x0000 0x0000000
1572cf4.4310: *00007ff69ab80000-00007ff69ab80fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VirtualBoxVM.exe
1582cf4.4310: 00007ff69ab81000-00007ff69abeafff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VirtualBoxVM.exe
1592cf4.4310: 00007ff69abeb000-00007ff69abebfff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VirtualBoxVM.exe
1602cf4.4310: 00007ff69abec000-00007ff69ac3efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VirtualBoxVM.exe
1612cf4.4310: 00007ff69ac3f000-00007ff69ac41fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VirtualBoxVM.exe
1622cf4.4310: 00007ff69ac42000-00007ff69ac44fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VirtualBoxVM.exe
1632cf4.4310: 00007ff69ac45000-00007ff69ac47fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VirtualBoxVM.exe
1642cf4.4310: 00007ff69ac48000-00007ff69ac48fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VirtualBoxVM.exe
1652cf4.4310: 00007ff69ac49000-00007ff69ac4afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VirtualBoxVM.exe
1662cf4.4310: 00007ff69ac4b000-00007ff69ac4bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VirtualBoxVM.exe
1672cf4.4310: 00007ff69ac4c000-00007ff69ac93fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VirtualBoxVM.exe
1682cf4.4310: 00007ff69ac94000-00007ffb5681ffff 0x0001/0x0000 0x0000000
1692cf4.4310: *00007ffb56820000-00007ffb56820fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
1702cf4.4310: 00007ffb56821000-00007ffb56935fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
1712cf4.4310: 00007ffb56936000-00007ffb56ab2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
1722cf4.4310: 00007ffb56ab3000-00007ffb56ab6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
1732cf4.4310: 00007ffb56ab7000-00007ffb56ab7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
1742cf4.4310: 00007ffb56ab8000-00007ffb56af1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
1752cf4.4310: 00007ffb56af2000-00007ffb5744ffff 0x0001/0x0000 0x0000000
1762cf4.4310: *00007ffb57450000-00007ffb57450fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
1772cf4.4310: 00007ffb57451000-00007ffb574cefff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
1782cf4.4310: 00007ffb574cf000-00007ffb57501fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
1792cf4.4310: 00007ffb57502000-00007ffb57502fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
1802cf4.4310: 00007ffb57503000-00007ffb57503fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
1812cf4.4310: 00007ffb57504000-00007ffb5750cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
1822cf4.4310: 00007ffb5750d000-00007ffb58d8ffff 0x0001/0x0000 0x0000000
1832cf4.4310: *00007ffb58d90000-00007ffb58d90fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1842cf4.4310: 00007ffb58d91000-00007ffb58eacfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1852cf4.4310: 00007ffb58ead000-00007ffb58ef5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1862cf4.4310: 00007ffb58ef6000-00007ffb58ef6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1872cf4.4310: 00007ffb58ef7000-00007ffb58ef8fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1882cf4.4310: 00007ffb58ef9000-00007ffb58f01fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1892cf4.4310: 00007ffb58f02000-00007ffb58f87fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1902cf4.4310: 00007ffb58f88000-00007ffffffeffff 0x0001/0x0000 0x0000000
1912cf4.4310: kernel32.dll: timestamp 0x4d6d72d1 (rc=VINF_SUCCESS)
1922cf4.4310: kernelbase.dll: timestamp 0xb0fac6c9 (rc=VINF_SUCCESS)
1932cf4.4310: VirtualBoxVM.exe: timestamp 0x63505e85 (rc=VINF_SUCCESS)
1942cf4.4310: \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
1952cf4.4310: '\Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
1962cf4.4310: VirtualBoxVM.exe: Differences in section #7 (.00cfg) between file and memory:
1972cf4.4310: 00007ff69ac53000 / 0x00d3000: 00 != 90
1982cf4.4310: 00007ff69ac53001 / 0x00d3001: 0d != c6
1992cf4.4310: 00007ff69ac53002 / 0x00d3002: ba != e1
2002cf4.4310: 00007ff69ac53003 / 0x00d3003: 9a != 58
2012cf4.4310: 00007ff69ac53004 / 0x00d3004: f6 != fb
2022cf4.4310: 00007ff69ac53010 / 0x00d3010: 20 != 30
2032cf4.4310: 00007ff69ac53011 / 0x00d3011: ab != c7
2042cf4.4310: 00007ff69ac53012 / 0x00d3012: be != e1
2052cf4.4310: 00007ff69ac53013 / 0x00d3013: 9a != 58
2062cf4.4310: 00007ff69ac53014 / 0x00d3014: f6 != fb
2072cf4.4310: Restored 0x28 bytes of original file content at 00007ff69ac53000
2082cf4.4310: VirtualBoxVM.exe: Differences in section #8 (.rsrc) between file and memory:
2092cf4.4310: 00007ff69ac925f4 / 0x01125f4: 00 != 50
2102cf4.4310: 00007ff69ac925f5 / 0x01125f5: 00 != 41
2112cf4.4310: 00007ff69ac925f6 / 0x01125f6: 00 != 44
2122cf4.4310: 00007ff69ac925f7 / 0x01125f7: 00 != 44
2132cf4.4310: 00007ff69ac925f8 / 0x01125f8: 00 != 49
2142cf4.4310: 00007ff69ac925f9 / 0x01125f9: 00 != 4e
2152cf4.4310: 00007ff69ac925fa / 0x01125fa: 00 != 47
2162cf4.4310: 00007ff69ac925fb / 0x01125fb: 00 != 58
2172cf4.4310: 00007ff69ac925fc / 0x01125fc: 00 != 58
2182cf4.4310: 00007ff69ac925fd / 0x01125fd: 00 != 50
2192cf4.4310: 00007ff69ac925fe / 0x01125fe: 00 != 41
2202cf4.4310: 00007ff69ac925ff / 0x01125ff: 00 != 44
2212cf4.4310: Restored 0xa0c bytes of original file content at 00007ff69ac925f4
2222cf4.4310: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
2232cf4.4310: ntdll.dll: Differences in section #8 (.00cfg) between file and memory:
2242cf4.4310: 00007ffb58f15000 / 0x0185000: 90 != 30
2252cf4.4310: 00007ffb58f15001 / 0x0185001: 0b != c7
2262cf4.4310: 00007ffb58f15002 / 0x0185002: e3 != e1
2272cf4.4310: Restored 0x8 bytes of original file content at 00007ffb58f15000
2282cf4.4310: kernel32.dll: Differences in section #2 (.rdata) between file and memory:
2292cf4.4310: 00007ffb574d3218 / 0x0083218: 20 != 90
2302cf4.4310: 00007ffb574d3219 / 0x0083219: 62 != c6
2312cf4.4310: 00007ffb574d321a / 0x008321a: 47 != e1
2322cf4.4310: 00007ffb574d321b / 0x008321b: 57 != 58
2332cf4.4310: 00007ffb574d3220 / 0x0083220: 40 != 30
2342cf4.4310: 00007ffb574d3221 / 0x0083221: 64 != c7
2352cf4.4310: 00007ffb574d3222 / 0x0083222: 47 != e1
2362cf4.4310: 00007ffb574d3223 / 0x0083223: 57 != 58
2372cf4.4310: Restored 0x2000 bytes of original file content at 00007ffb574d3000
2382cf4.4310: kernelbase.dll: Differences in section #2 (.rdata) between file and memory:
2392cf4.4310: 00007ffb569e7638 / 0x01c7638: 10 != 90
2402cf4.4310: 00007ffb569e7639 / 0x01c7639: 88 != c6
2412cf4.4310: 00007ffb569e763a / 0x01c763a: 8b != e1
2422cf4.4310: 00007ffb569e763b / 0x01c763b: 56 != 58
2432cf4.4310: 00007ffb569e7640 / 0x01c7640: c0 != 30
2442cf4.4310: 00007ffb569e7641 / 0x01c7641: 8b != c7
2452cf4.4310: 00007ffb569e7642 / 0x01c7642: 8b != e1
2462cf4.4310: 00007ffb569e7643 / 0x01c7643: 56 != 58
2472cf4.4310: Restored 0x2000 bytes of original file content at 00007ffb569e6000
2482cf4.4310: supHardNtVpCheckHandles:
2492cf4.4310: supR3HardenedWinInit: SUPHARDNTVPKIND_SELF_PURIFICATION_LIMITED -> VINF_SUCCESS, cFixes=5
2502cf4.4310: \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
2512cf4.4310: '\Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
2522cf4.4310: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VirtualBoxVM.exe)
2532cf4.4310: supR3HardNtEnableThreadCreationEx:
2542cf4.4310: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffb58e04c10 pvNtTerminateThread=00007ffb58e2db10
2552cf4.4310: supR3HardenedWinDoReSpawn(1): New child 4434.2c74 [kernel32].
2562cf4.4310: supR3HardNtChildGatherData: PebBaseAddress=0000001e081a8000 cbPeb=0x388
2572cf4.4310: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffb58d90000 uNtDllChildAddr=00007ffb58d90000
2582cf4.4310: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffb58e04c10
2592cf4.4310: supR3HardenedWinSetupChildInit: Initial context:
260 rax=0000000000000000 rbx=0000000000000000 rcx=00007ff69ab8b7a0 rdx=0000001e081a8000
261 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
262 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
263 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
264 rip=00007ffb58de2680 rsp=0000001e07fcfe48 rbp=0000000000000000 ctxflags=0010001b
265 cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
266 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
267 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
268 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
269 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
2702cf4.4310: supR3HardenedWinSetupChildInit: Start child.
2712cf4.4310: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
2722cf4.4310: supR3HardNtChildPurify: Startup delay kludge #1/0: 270 ms, 15 sleeps
2732cf4.4310: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
2742cf4.4310: *0000000000000000-000000007ffdffff 0x0001/0x0000 0x0000000
2752cf4.4310: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
2762cf4.4310: 000000007ffe1000-000000007ffe4fff 0x0001/0x0000 0x0000000
2772cf4.4310: *000000007ffe5000-000000007ffe5fff 0x0002/0x0002 0x0020000
2782cf4.4310: 000000007ffe6000-0000001e07ecffff 0x0001/0x0000 0x0000000
2792cf4.4310: *0000001e07ed0000-0000001e07fcafff 0x0000/0x0004 0x0020000
2802cf4.4310: 0000001e07fcb000-0000001e07fcdfff 0x0104/0x0004 0x0020000
2812cf4.4310: 0000001e07fce000-0000001e07fcffff 0x0004/0x0004 0x0020000
2822cf4.4310: 0000001e07fd0000-0000001e07ffffff 0x0001/0x0000 0x0000000
2832cf4.4310: *0000001e08000000-0000001e081a7fff 0x0000/0x0004 0x0020000
2842cf4.4310: 0000001e081a8000-0000001e081aafff 0x0004/0x0004 0x0020000
2852cf4.4310: 0000001e081ab000-0000001e081fffff 0x0000/0x0004 0x0020000
2862cf4.4310: 0000001e08200000-000001666664ffff 0x0001/0x0000 0x0000000
2872cf4.4310: *0000016666650000-000001666666ffff 0x0004/0x0004 0x0020000
2882cf4.4310: *0000016666670000-000001666668cfff 0x0002/0x0002 0x0040000
2892cf4.4310: 000001666668d000-000001666668ffff 0x0001/0x0000 0x0000000
2902cf4.4310: *0000016666690000-0000016666693fff 0x0002/0x0002 0x0040000
2912cf4.4310: 0000016666694000-000001666669ffff 0x0001/0x0000 0x0000000
2922cf4.4310: *00000166666a0000-00000166666a0fff 0x0002/0x0002 0x0040000
2932cf4.4310: 00000166666a1000-00000166666affff 0x0001/0x0000 0x0000000
2942cf4.4310: *00000166666b0000-00000166666b1fff 0x0004/0x0004 0x0020000
2952cf4.4310: 00000166666b2000-00007df55c60ffff 0x0001/0x0000 0x0000000
2962cf4.4310: *00007df55c610000-00007df55c610fff 0x0002/0x0002 0x0040000
2972cf4.4310: 00007df55c611000-00007df55c61ffff 0x0001/0x0000 0x0000000
2982cf4.4310: *00007df55c620000-00007df55c642fff 0x0002/0x0002 0x0040000
2992cf4.4310: 00007df55c643000-00007df55c64ffff 0x0001/0x0000 0x0000000
3002cf4.4310: *00007df55c650000-00007df55defefff 0x0000/0x0001 0x0040000
3012cf4.4310: 00007df55deff000-00007df55df95fff 0x0001/0x0001 0x0040000
3022cf4.4310: 00007df55df96000-00007df55e412fff 0x0000/0x0001 0x0040000
3032cf4.4310: 00007df55e413000-00007df55e413fff 0x0001/0x0001 0x0040000
3042cf4.4310: 00007df55e414000-00007ff536cfdfff 0x0000/0x0001 0x0040000
3052cf4.4310: 00007ff536cfe000-00007ff536d02fff 0x0002/0x0001 0x0040000
3062cf4.4310: 00007ff536d03000-00007ff547a31fff 0x0000/0x0001 0x0040000
3072cf4.4310: 00007ff547a32000-00007ff549c85fff 0x0001/0x0001 0x0040000
3082cf4.4310: 00007ff549c86000-00007ff549c8efff 0x0002/0x0001 0x0040000
3092cf4.4310: 00007ff549c8f000-00007ff55c64ffff 0x0000/0x0001 0x0040000
3102cf4.4310: 00007ff55c650000-00007ff69ab7ffff 0x0001/0x0000 0x0000000
3112cf4.4310: *00007ff69ab80000-00007ff69ab80fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VirtualBoxVM.exe
3122cf4.4310: 00007ff69ab81000-00007ff69abeafff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VirtualBoxVM.exe
3132cf4.4310: 00007ff69abeb000-00007ff69abebfff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VirtualBoxVM.exe
3142cf4.4310: 00007ff69abec000-00007ff69ac3efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VirtualBoxVM.exe
3152cf4.4310: 00007ff69ac3f000-00007ff69ac3ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VirtualBoxVM.exe
3162cf4.4310: 00007ff69ac40000-00007ff69ac40fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VirtualBoxVM.exe
3172cf4.4310: 00007ff69ac41000-00007ff69ac45fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VirtualBoxVM.exe
3182cf4.4310: 00007ff69ac46000-00007ff69ac4bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VirtualBoxVM.exe
3192cf4.4310: 00007ff69ac4c000-00007ff69ac93fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VirtualBoxVM.exe
3202cf4.4310: 00007ff69ac94000-00007ffb58d8ffff 0x0001/0x0000 0x0000000
3212cf4.4310: *00007ffb58d90000-00007ffb58d90fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3222cf4.4310: 00007ffb58d91000-00007ffb58eacfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3232cf4.4310: 00007ffb58ead000-00007ffb58ef5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3242cf4.4310: 00007ffb58ef6000-00007ffb58f01fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3252cf4.4310: 00007ffb58f02000-00007ffb58f10fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3262cf4.4310: 00007ffb58f11000-00007ffb58f11fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3272cf4.4310: 00007ffb58f12000-00007ffb58f14fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3282cf4.4310: 00007ffb58f15000-00007ffb58f87fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3292cf4.4310: 00007ffb58f88000-00007ffffffeffff 0x0001/0x0000 0x0000000
3302cf4.4310: VirtualBoxVM.exe: Differences in section #8 (.rsrc) between file and memory:
3312cf4.4310: 00007ff69ac925f4 / 0x01125f4: 00 != 50
3322cf4.4310: 00007ff69ac925f5 / 0x01125f5: 00 != 41
3332cf4.4310: 00007ff69ac925f6 / 0x01125f6: 00 != 44
3342cf4.4310: 00007ff69ac925f7 / 0x01125f7: 00 != 44
3352cf4.4310: 00007ff69ac925f8 / 0x01125f8: 00 != 49
3362cf4.4310: 00007ff69ac925f9 / 0x01125f9: 00 != 4e
3372cf4.4310: 00007ff69ac925fa / 0x01125fa: 00 != 47
3382cf4.4310: 00007ff69ac925fb / 0x01125fb: 00 != 58
3392cf4.4310: 00007ff69ac925fc / 0x01125fc: 00 != 58
3402cf4.4310: 00007ff69ac925fd / 0x01125fd: 00 != 50
3412cf4.4310: 00007ff69ac925fe / 0x01125fe: 00 != 41
3422cf4.4310: 00007ff69ac925ff / 0x01125ff: 00 != 44
3432cf4.4310: Restored 0xa0c bytes of original file content at 00007ff69ac925f4
3442cf4.4310: supR3HardNtChildPurify: cFixes=1 g_fSupAdversaries=0x80000000
3452cf4.4310: supR3HardNtChildPurify: Startup delay kludge #1/1: 517 ms, 31 sleeps
3462cf4.4310: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
3472cf4.4310: *0000000000000000-000000007ffdffff 0x0001/0x0000 0x0000000
3482cf4.4310: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
3492cf4.4310: 000000007ffe1000-000000007ffe4fff 0x0001/0x0000 0x0000000
3502cf4.4310: *000000007ffe5000-000000007ffe5fff 0x0002/0x0002 0x0020000
3512cf4.4310: 000000007ffe6000-0000001e07ecffff 0x0001/0x0000 0x0000000
3522cf4.4310: *0000001e07ed0000-0000001e07fcafff 0x0000/0x0004 0x0020000
3532cf4.4310: 0000001e07fcb000-0000001e07fcdfff 0x0104/0x0004 0x0020000
3542cf4.4310: 0000001e07fce000-0000001e07fcffff 0x0004/0x0004 0x0020000
3552cf4.4310: 0000001e07fd0000-0000001e07ffffff 0x0001/0x0000 0x0000000
3562cf4.4310: *0000001e08000000-0000001e081a7fff 0x0000/0x0004 0x0020000
3572cf4.4310: 0000001e081a8000-0000001e081aafff 0x0004/0x0004 0x0020000
3582cf4.4310: 0000001e081ab000-0000001e081fffff 0x0000/0x0004 0x0020000
3592cf4.4310: 0000001e08200000-000001666664ffff 0x0001/0x0000 0x0000000
3602cf4.4310: *0000016666650000-000001666666ffff 0x0004/0x0004 0x0020000
3612cf4.4310: *0000016666670000-000001666668cfff 0x0002/0x0002 0x0040000
3622cf4.4310: 000001666668d000-000001666668ffff 0x0001/0x0000 0x0000000
3632cf4.4310: *0000016666690000-0000016666693fff 0x0002/0x0002 0x0040000
3642cf4.4310: 0000016666694000-000001666669ffff 0x0001/0x0000 0x0000000
3652cf4.4310: *00000166666a0000-00000166666a0fff 0x0002/0x0002 0x0040000
3662cf4.4310: 00000166666a1000-00000166666affff 0x0001/0x0000 0x0000000
3672cf4.4310: *00000166666b0000-00000166666b1fff 0x0004/0x0004 0x0020000
3682cf4.4310: 00000166666b2000-00007df55c60ffff 0x0001/0x0000 0x0000000
3692cf4.4310: *00007df55c610000-00007df55c610fff 0x0002/0x0002 0x0040000
3702cf4.4310: 00007df55c611000-00007df55c61ffff 0x0001/0x0000 0x0000000
3712cf4.4310: *00007df55c620000-00007df55c642fff 0x0002/0x0002 0x0040000
3722cf4.4310: 00007df55c643000-00007df55c64ffff 0x0001/0x0000 0x0000000
3732cf4.4310: *00007df55c650000-00007df55defefff 0x0000/0x0001 0x0040000
3742cf4.4310: 00007df55deff000-00007df55df95fff 0x0001/0x0001 0x0040000
3752cf4.4310: 00007df55df96000-00007df55e412fff 0x0000/0x0001 0x0040000
3762cf4.4310: 00007df55e413000-00007df55e413fff 0x0001/0x0001 0x0040000
3772cf4.4310: 00007df55e414000-00007ff536cfdfff 0x0000/0x0001 0x0040000
3782cf4.4310: 00007ff536cfe000-00007ff536d02fff 0x0002/0x0001 0x0040000
3792cf4.4310: 00007ff536d03000-00007ff547a31fff 0x0000/0x0001 0x0040000
3802cf4.4310: 00007ff547a32000-00007ff549c85fff 0x0001/0x0001 0x0040000
3812cf4.4310: 00007ff549c86000-00007ff549c8efff 0x0002/0x0001 0x0040000
3822cf4.4310: 00007ff549c8f000-00007ff55c64ffff 0x0000/0x0001 0x0040000
3832cf4.4310: 00007ff55c650000-00007ff69ab7ffff 0x0001/0x0000 0x0000000
3842cf4.4310: *00007ff69ab80000-00007ff69ab80fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VirtualBoxVM.exe
3852cf4.4310: 00007ff69ab81000-00007ff69abeafff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VirtualBoxVM.exe
3862cf4.4310: 00007ff69abeb000-00007ff69abebfff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VirtualBoxVM.exe
3872cf4.4310: 00007ff69abec000-00007ff69ac3efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VirtualBoxVM.exe
3882cf4.4310: 00007ff69ac3f000-00007ff69ac4bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VirtualBoxVM.exe
3892cf4.4310: 00007ff69ac4c000-00007ff69ac93fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VirtualBoxVM.exe
3902cf4.4310: 00007ff69ac94000-00007ffb58d8ffff 0x0001/0x0000 0x0000000
3912cf4.4310: *00007ffb58d90000-00007ffb58d90fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3922cf4.4310: 00007ffb58d91000-00007ffb58eacfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3932cf4.4310: 00007ffb58ead000-00007ffb58ef5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3942cf4.4310: 00007ffb58ef6000-00007ffb58ef9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3952cf4.4310: 00007ffb58efa000-00007ffb58f01fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3962cf4.4310: 00007ffb58f02000-00007ffb58f10fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3972cf4.4310: 00007ffb58f11000-00007ffb58f11fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3982cf4.4310: 00007ffb58f12000-00007ffb58f14fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3992cf4.4310: 00007ffb58f15000-00007ffb58f87fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
4002cf4.4310: 00007ffb58f88000-00007ffffffeffff 0x0001/0x0000 0x0000000
4012cf4.4310: supR3HardNtChildPurify: Done after 787 ms and 1 fixes (loop #1).
4024434.2c74: supR3HardenedVmProcessInit: uNtDllAddr=00007ffb58d90000 g_uNtVerCombined=0xa04a6400 (stack ~0000001e07fcec20)
4034434.2c74: ntdll.dll: timestamp 0xb5ced1c6 (rc=VINF_SUCCESS)
4044434.2c74: New simple heap: #1 00000166667c0000 LB 0x400000 (for 2064384 allocation)
4052cf4.4310: supR3HardNtEnableThreadCreationEx:
4064434.2c74: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Programs\Oracle\VirtualBox'
4074434.2c74: System32: \Device\HarddiskVolume3\Windows\System32
4084434.2c74: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
4094434.2c74: KnownDllPath: C:\Windows\System32
4104434.2c74: supR3HardenedVmProcessInit: Opening vboxsup stub...
4114434.2c74: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
4124434.2c74: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
4134434.2c74: Registered Dll notification callback with NTDLL.
4144434.2c74: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
4154434.2c74: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
4164434.2c74: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
4174434.2c74: supR3HardenedDllNotificationCallback: load 00007ffb56820000 LB 0x002d2000 C:\Windows\System32\KERNELBASE.dll [fFlags=0x0]
4184434.2c74: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
4194434.2c74: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
4204434.2c74: supR3HardenedDllNotificationCallback: load 00007ffb57450000 LB 0x000bd000 C:\Windows\System32\KERNEL32.DLL [fFlags=0x0]
4214434.2c74: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
4224434.2c74: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb57450000 'C:\Windows\System32\KERNEL32.DLL'
4234434.2c74: supR3HardenedDllNotificationCallback: load 00007ff69ab80000 LB 0x00114000 C:\Programs\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
4244434.2c74: \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
4254434.2c74: '\Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
4264434.2c74: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VirtualBoxVM.exe)
4274434.2c74: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VirtualBoxVM.exe
4284434.2c74: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffb58e04c10 pvNtTerminateThread=00007ffb58e2db10
4292cf4.4310: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 69 ms.
4304434.2c74: \SystemRoot\System32\ntdll.dll:
4314434.2c74: CreationTime: 2022-10-12T06:33:27.046293800Z
4324434.2c74: LastWriteTime: 2022-10-12T06:33:27.080493500Z
4334434.2c74: ChangeTime: 2022-10-12T07:45:52.982665600Z
4344434.2c74: FileAttributes: 0x20
4354434.2c74: Size: 0x1ef5b8
4364434.2c74: NT Headers: 0xe8
4374434.2c74: Timestamp: 0xb5ced1c6
4384434.2c74: Machine: 0x8664 - amd64
4394434.2c74: Timestamp: 0xb5ced1c6
4404434.2c74: Image Version: 10.0
4414434.2c74: SizeOfImage: 0x1f8000 (2064384)
4424434.2c74: Resource Dir: 0x186000 LB 0x700a0
4434434.2c74: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
4444434.2c74: [Raw version resource data: 0x1860f0 LB 0x380, codepage 0x0 (reserved 0x0)]
4454434.2c74: ProductName: Microsoft® Windows® Operating System
4464434.2c74: ProductVersion: 10.0.19041.2130
4474434.2c74: FileVersion: 10.0.19041.2130 (WinBuild.160101.0800)
4484434.2c74: FileDescription: NT Layer DLL
4494434.2c74: \SystemRoot\System32\kernel32.dll:
4504434.2c74: CreationTime: 2022-08-30T05:15:38.755109600Z
4514434.2c74: LastWriteTime: 2022-08-30T05:15:38.776566700Z
4524434.2c74: ChangeTime: 2022-10-12T06:34:16.510777100Z
4534434.2c74: FileAttributes: 0x20
4544434.2c74: Size: 0xbb030
4554434.2c74: NT Headers: 0xe8
4564434.2c74: Timestamp: 0x4d6d72d1
4574434.2c74: Machine: 0x8664 - amd64
4584434.2c74: Timestamp: 0x4d6d72d1
4594434.2c74: Image Version: 10.0
4604434.2c74: SizeOfImage: 0xbd000 (774144)
4614434.2c74: Resource Dir: 0xbb000 LB 0x520
4624434.2c74: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
4634434.2c74: [Raw version resource data: 0xbb0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
4644434.2c74: ProductName: Microsoft® Windows® Operating System
4654434.2c74: ProductVersion: 10.0.19041.1889
4664434.2c74: FileVersion: 10.0.19041.1889 (WinBuild.160101.0800)
4674434.2c74: FileDescription: Windows NT BASE API Client DLL
4684434.2c74: \SystemRoot\System32\KernelBase.dll:
4694434.2c74: CreationTime: 2022-10-12T06:33:27.563780700Z
4704434.2c74: LastWriteTime: 2022-10-12T06:33:27.616545400Z
4714434.2c74: ChangeTime: 2022-10-12T07:45:52.990706200Z
4724434.2c74: FileAttributes: 0x20
4734434.2c74: Size: 0x2d3d10
4744434.2c74: NT Headers: 0xf0
4754434.2c74: Timestamp: 0xb0fac6c9
4764434.2c74: Machine: 0x8664 - amd64
4774434.2c74: Timestamp: 0xb0fac6c9
4784434.2c74: Image Version: 10.0
4794434.2c74: SizeOfImage: 0x2d2000 (2957312)
4804434.2c74: Resource Dir: 0x2a8000 LB 0x548
4814434.2c74: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
4824434.2c74: [Raw version resource data: 0x2a80b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
4834434.2c74: ProductName: Microsoft® Windows® Operating System
4844434.2c74: ProductVersion: 10.0.19041.2130
4854434.2c74: FileVersion: 10.0.19041.2130 (WinBuild.160101.0800)
4864434.2c74: FileDescription: Windows NT BASE API Client DLL
4874434.2c74: \SystemRoot\System32\apisetschema.dll:
4884434.2c74: CreationTime: 2019-12-07T09:08:13.518339400Z
4894434.2c74: LastWriteTime: 2019-12-07T09:08:13.518339400Z
4904434.2c74: ChangeTime: 2022-10-12T06:34:15.891889000Z
4914434.2c74: FileAttributes: 0x20
4924434.2c74: Size: 0x1f538
4934434.2c74: NT Headers: 0xd0
4944434.2c74: Timestamp: 0x31288ce0
4954434.2c74: Machine: 0x8664 - amd64
4964434.2c74: Timestamp: 0x31288ce0
4974434.2c74: Image Version: 10.0
4984434.2c74: SizeOfImage: 0x20000 (131072)
4994434.2c74: Resource Dir: 0x1f000 LB 0x408
5004434.2c74: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
5014434.2c74: [Raw version resource data: 0x1f060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
5024434.2c74: ProductName: Microsoft® Windows® Operating System
5034434.2c74: ProductVersion: 10.0.19041.1
5044434.2c74: FileVersion: 10.0.19041.1 (WinBuild.160101.0800)
5054434.2c74: FileDescription: ApiSet Schema DLL
5064434.2c74: NtOpenDirectoryObject failed on \Driver: 0xc0000022
5074434.2c74: supR3HardenedWinFindAdversaries: 0x0
5084434.2c74: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Programs\Oracle\VirtualBox'
5094434.2c74: Calling main()
5104434.2c74: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
5114434.2c74: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Programs\Oracle\VirtualBox'
5124434.2c74: \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
5134434.2c74: '\Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
5144434.2c74: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VirtualBoxVM.exe)
5154434.2c74: SUPR3HardenedMain: Respawn #2
5164434.2c74: supR3HardNtEnableThreadCreationEx:
5174434.2c74: supR3HardenedDllNotificationCallback: load 00007ffb56f70000 LB 0x00125000 C:\Windows\System32\RPCRT4.dll [fFlags=0x0]
5184434.2c74: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll)
5194434.2c74: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
5204434.2c74: supR3HardenedDllNotificationCallback: load 00007ffb57db0000 LB 0x0009c000 C:\Windows\System32\sechost.dll [fFlags=0x0]
5214434.2c74: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
5224434.2c74: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\sechost.dll)
5234434.2c74: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sechost.dll
5244434.2c74: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
5254434.2c74: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntdll.dll)
5264434.2c74: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntdll.dll
5274434.2c74: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
5284434.2c74: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
5294434.2c74: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
5304434.2c74: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5314434.2c74: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb58d90000 'C:\Windows\System32\ntdll.dll'
5324434.2c74: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffb58e04c10 pvNtTerminateThread=00007ffb58e2db10
5334434.2c74: supR3HardenedWinDoReSpawn(2): New child 2580.3500 [kernel32].
5344434.2c74: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
5354434.2c74: supR3HardNtChildGatherData: PebBaseAddress=0000006fe2b04000 cbPeb=0x388
5364434.2c74: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffb58d90000 uNtDllChildAddr=00007ffb58d90000
5374434.2c74: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffb58e04c10
5384434.2c74: supR3HardenedWinSetupChildInit: Initial context:
539 rax=0000000000000000 rbx=0000000000000000 rcx=00007ff69ab8b7a0 rdx=0000006fe2b04000
540 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
541 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
542 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
543 rip=00007ffb58de2680 rsp=0000006fe298fe88 rbp=0000000000000000 ctxflags=0010001b
544 cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
545 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
546 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
547 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
548 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
5494434.2c74: kernel32.dll: timestamp 0x4d6d72d1 (rc=VINF_SUCCESS)
5504434.2c74: supR3HardenedWinSetupChildInit: Start child.
5514434.2c74: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
5524434.2c74: supR3HardNtChildPurify: Startup delay kludge #1/0: 269 ms, 15 sleeps
5534434.2c74: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
5544434.2c74: *0000000000000000-000000007ffdffff 0x0001/0x0000 0x0000000
5554434.2c74: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
5564434.2c74: 000000007ffe1000-000000007ffe4fff 0x0001/0x0000 0x0000000
5574434.2c74: *000000007ffe5000-000000007ffe5fff 0x0002/0x0002 0x0020000
5584434.2c74: 000000007ffe6000-0000006fe288ffff 0x0001/0x0000 0x0000000
5594434.2c74: *0000006fe2890000-0000006fe298afff 0x0000/0x0004 0x0020000
5604434.2c74: 0000006fe298b000-0000006fe298dfff 0x0104/0x0004 0x0020000
5614434.2c74: 0000006fe298e000-0000006fe298ffff 0x0004/0x0004 0x0020000
5624434.2c74: 0000006fe2990000-0000006fe29fffff 0x0001/0x0000 0x0000000
5634434.2c74: *0000006fe2a00000-0000006fe2b03fff 0x0000/0x0004 0x0020000
5644434.2c74: 0000006fe2b04000-0000006fe2b06fff 0x0004/0x0004 0x0020000
5654434.2c74: 0000006fe2b07000-0000006fe2bfffff 0x0000/0x0004 0x0020000
5664434.2c74: 0000006fe2c00000-000001913316ffff 0x0001/0x0000 0x0000000
5674434.2c74: *0000019133170000-000001913318ffff 0x0004/0x0004 0x0020000
5684434.2c74: *0000019133190000-00000191331acfff 0x0002/0x0002 0x0040000
5694434.2c74: 00000191331ad000-00000191331affff 0x0001/0x0000 0x0000000
5704434.2c74: *00000191331b0000-00000191331b3fff 0x0002/0x0002 0x0040000
5714434.2c74: 00000191331b4000-00000191331bffff 0x0001/0x0000 0x0000000
5724434.2c74: *00000191331c0000-00000191331c0fff 0x0002/0x0002 0x0040000
5734434.2c74: 00000191331c1000-00000191331cffff 0x0001/0x0000 0x0000000
5744434.2c74: *00000191331d0000-00000191331d1fff 0x0004/0x0004 0x0020000
5754434.2c74: 00000191331d2000-00007df586e1ffff 0x0001/0x0000 0x0000000
5764434.2c74: *00007df586e20000-00007df586e20fff 0x0002/0x0002 0x0040000
5774434.2c74: 00007df586e21000-00007df586e2ffff 0x0001/0x0000 0x0000000
5784434.2c74: *00007df586e30000-00007df586e52fff 0x0002/0x0002 0x0040000
5794434.2c74: 00007df586e53000-00007df586e5ffff 0x0001/0x0000 0x0000000
5804434.2c74: *00007df586e60000-00007df58870efff 0x0000/0x0001 0x0040000
5814434.2c74: 00007df58870f000-00007df5887a5fff 0x0001/0x0001 0x0040000
5824434.2c74: 00007df5887a6000-00007df588c22fff 0x0000/0x0001 0x0040000
5834434.2c74: 00007df588c23000-00007df588c23fff 0x0001/0x0001 0x0040000
5844434.2c74: 00007df588c24000-00007ff56150dfff 0x0000/0x0001 0x0040000
5854434.2c74: 00007ff56150e000-00007ff561512fff 0x0002/0x0001 0x0040000
5864434.2c74: 00007ff561513000-00007ff572241fff 0x0000/0x0001 0x0040000
5874434.2c74: 00007ff572242000-00007ff574495fff 0x0001/0x0001 0x0040000
5884434.2c74: 00007ff574496000-00007ff57449efff 0x0002/0x0001 0x0040000
5894434.2c74: 00007ff57449f000-00007ff586e5ffff 0x0000/0x0001 0x0040000
5904434.2c74: 00007ff586e60000-00007ff69ab7ffff 0x0001/0x0000 0x0000000
5914434.2c74: *00007ff69ab80000-00007ff69ab80fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VirtualBoxVM.exe
5924434.2c74: 00007ff69ab81000-00007ff69abeafff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VirtualBoxVM.exe
5934434.2c74: 00007ff69abeb000-00007ff69abebfff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VirtualBoxVM.exe
5944434.2c74: 00007ff69abec000-00007ff69ac3efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VirtualBoxVM.exe
5954434.2c74: 00007ff69ac3f000-00007ff69ac3ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VirtualBoxVM.exe
5964434.2c74: 00007ff69ac40000-00007ff69ac40fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VirtualBoxVM.exe
5974434.2c74: 00007ff69ac41000-00007ff69ac45fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VirtualBoxVM.exe
5984434.2c74: 00007ff69ac46000-00007ff69ac4bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VirtualBoxVM.exe
5994434.2c74: 00007ff69ac4c000-00007ff69ac93fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VirtualBoxVM.exe
6004434.2c74: 00007ff69ac94000-00007ffb58d8ffff 0x0001/0x0000 0x0000000
6014434.2c74: *00007ffb58d90000-00007ffb58d90fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
6024434.2c74: 00007ffb58d91000-00007ffb58eacfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
6034434.2c74: 00007ffb58ead000-00007ffb58ef5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
6044434.2c74: 00007ffb58ef6000-00007ffb58f01fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
6054434.2c74: 00007ffb58f02000-00007ffb58f10fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
6064434.2c74: 00007ffb58f11000-00007ffb58f11fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
6074434.2c74: 00007ffb58f12000-00007ffb58f14fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
6084434.2c74: 00007ffb58f15000-00007ffb58f87fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
6094434.2c74: 00007ffb58f88000-00007ffffffeffff 0x0001/0x0000 0x0000000
6104434.2c74: VirtualBoxVM.exe: timestamp 0x63505e85 (rc=VINF_SUCCESS)
6114434.2c74: \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
6124434.2c74: '\Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
6134434.2c74: VirtualBoxVM.exe: Differences in section #8 (.rsrc) between file and memory:
6144434.2c74: 00007ff69ac925f4 / 0x01125f4: 00 != 50
6154434.2c74: 00007ff69ac925f5 / 0x01125f5: 00 != 41
6164434.2c74: 00007ff69ac925f6 / 0x01125f6: 00 != 44
6174434.2c74: 00007ff69ac925f7 / 0x01125f7: 00 != 44
6184434.2c74: 00007ff69ac925f8 / 0x01125f8: 00 != 49
6194434.2c74: 00007ff69ac925f9 / 0x01125f9: 00 != 4e
6204434.2c74: 00007ff69ac925fa / 0x01125fa: 00 != 47
6214434.2c74: 00007ff69ac925fb / 0x01125fb: 00 != 58
6224434.2c74: 00007ff69ac925fc / 0x01125fc: 00 != 58
6234434.2c74: 00007ff69ac925fd / 0x01125fd: 00 != 50
6244434.2c74: 00007ff69ac925fe / 0x01125fe: 00 != 41
6254434.2c74: 00007ff69ac925ff / 0x01125ff: 00 != 44
6264434.2c74: Restored 0xa0c bytes of original file content at 00007ff69ac925f4
6274434.2c74: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
6284434.2c74: supR3HardNtChildPurify: cFixes=1 g_fSupAdversaries=0x80000000
6294434.2c74: supR3HardNtChildPurify: Startup delay kludge #1/1: 517 ms, 30 sleeps
6304434.2c74: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
6314434.2c74: *0000000000000000-000000007ffdffff 0x0001/0x0000 0x0000000
6324434.2c74: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
6334434.2c74: 000000007ffe1000-000000007ffe4fff 0x0001/0x0000 0x0000000
6344434.2c74: *000000007ffe5000-000000007ffe5fff 0x0002/0x0002 0x0020000
6354434.2c74: 000000007ffe6000-0000006fe288ffff 0x0001/0x0000 0x0000000
6364434.2c74: *0000006fe2890000-0000006fe298afff 0x0000/0x0004 0x0020000
6374434.2c74: 0000006fe298b000-0000006fe298dfff 0x0104/0x0004 0x0020000
6384434.2c74: 0000006fe298e000-0000006fe298ffff 0x0004/0x0004 0x0020000
6394434.2c74: 0000006fe2990000-0000006fe29fffff 0x0001/0x0000 0x0000000
6404434.2c74: *0000006fe2a00000-0000006fe2b03fff 0x0000/0x0004 0x0020000
6414434.2c74: 0000006fe2b04000-0000006fe2b06fff 0x0004/0x0004 0x0020000
6424434.2c74: 0000006fe2b07000-0000006fe2bfffff 0x0000/0x0004 0x0020000
6434434.2c74: 0000006fe2c00000-000001913316ffff 0x0001/0x0000 0x0000000
6444434.2c74: *0000019133170000-000001913318ffff 0x0004/0x0004 0x0020000
6454434.2c74: *0000019133190000-00000191331acfff 0x0002/0x0002 0x0040000
6464434.2c74: 00000191331ad000-00000191331affff 0x0001/0x0000 0x0000000
6474434.2c74: *00000191331b0000-00000191331b3fff 0x0002/0x0002 0x0040000
6484434.2c74: 00000191331b4000-00000191331bffff 0x0001/0x0000 0x0000000
6494434.2c74: *00000191331c0000-00000191331c0fff 0x0002/0x0002 0x0040000
6504434.2c74: 00000191331c1000-00000191331cffff 0x0001/0x0000 0x0000000
6514434.2c74: *00000191331d0000-00000191331d1fff 0x0004/0x0004 0x0020000
6524434.2c74: 00000191331d2000-00007df586e1ffff 0x0001/0x0000 0x0000000
6534434.2c74: *00007df586e20000-00007df586e20fff 0x0002/0x0002 0x0040000
6544434.2c74: 00007df586e21000-00007df586e2ffff 0x0001/0x0000 0x0000000
6554434.2c74: *00007df586e30000-00007df586e52fff 0x0002/0x0002 0x0040000
6564434.2c74: 00007df586e53000-00007df586e5ffff 0x0001/0x0000 0x0000000
6574434.2c74: *00007df586e60000-00007df58870efff 0x0000/0x0001 0x0040000
6584434.2c74: 00007df58870f000-00007df5887a5fff 0x0001/0x0001 0x0040000
6594434.2c74: 00007df5887a6000-00007df588c22fff 0x0000/0x0001 0x0040000
6604434.2c74: 00007df588c23000-00007df588c23fff 0x0001/0x0001 0x0040000
6614434.2c74: 00007df588c24000-00007ff56150dfff 0x0000/0x0001 0x0040000
6624434.2c74: 00007ff56150e000-00007ff561512fff 0x0002/0x0001 0x0040000
6634434.2c74: 00007ff561513000-00007ff572241fff 0x0000/0x0001 0x0040000
6644434.2c74: 00007ff572242000-00007ff574495fff 0x0001/0x0001 0x0040000
6654434.2c74: 00007ff574496000-00007ff57449efff 0x0002/0x0001 0x0040000
6664434.2c74: 00007ff57449f000-00007ff586e5ffff 0x0000/0x0001 0x0040000
6674434.2c74: 00007ff586e60000-00007ff69ab7ffff 0x0001/0x0000 0x0000000
6684434.2c74: *00007ff69ab80000-00007ff69ab80fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VirtualBoxVM.exe
6694434.2c74: 00007ff69ab81000-00007ff69abeafff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VirtualBoxVM.exe
6704434.2c74: 00007ff69abeb000-00007ff69abebfff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VirtualBoxVM.exe
6714434.2c74: 00007ff69abec000-00007ff69ac3efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VirtualBoxVM.exe
6724434.2c74: 00007ff69ac3f000-00007ff69ac4bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VirtualBoxVM.exe
6734434.2c74: 00007ff69ac4c000-00007ff69ac93fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VirtualBoxVM.exe
6744434.2c74: 00007ff69ac94000-00007ffb58d8ffff 0x0001/0x0000 0x0000000
6754434.2c74: *00007ffb58d90000-00007ffb58d90fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
6764434.2c74: 00007ffb58d91000-00007ffb58eacfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
6774434.2c74: 00007ffb58ead000-00007ffb58ef5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
6784434.2c74: 00007ffb58ef6000-00007ffb58ef9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
6794434.2c74: 00007ffb58efa000-00007ffb58f01fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
6804434.2c74: 00007ffb58f02000-00007ffb58f10fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
6814434.2c74: 00007ffb58f11000-00007ffb58f11fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
6824434.2c74: 00007ffb58f12000-00007ffb58f14fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
6834434.2c74: 00007ffb58f15000-00007ffb58f87fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
6844434.2c74: 00007ffb58f88000-00007ffffffeffff 0x0001/0x0000 0x0000000
6854434.2c74: supR3HardNtChildPurify: Done after 801 ms and 1 fixes (loop #1).
6862580.3500: supR3HardenedVmProcessInit: uNtDllAddr=00007ffb58d90000 g_uNtVerCombined=0xa04a6400 (stack ~0000006fe298ec60)
6874434.2c74: supR3HardenedEarlyCompact: Removed heap 1 (0x000166667c0000 LB 0x400000)
6882580.3500: ntdll.dll: timestamp 0xb5ced1c6 (rc=VINF_SUCCESS)
6892580.3500: New simple heap: #1 00000191332e0000 LB 0x400000 (for 2064384 allocation)
6904434.2c74: supR3HardNtEnableThreadCreationEx:
6912580.3500: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Programs\Oracle\VirtualBox'
6922580.3500: System32: \Device\HarddiskVolume3\Windows\System32
6932580.3500: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
6942580.3500: KnownDllPath: C:\Windows\System32
6952580.3500: supR3HardenedVmProcessInit: Opening vboxsup...
6962580.3500: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
6972580.3500: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
6982580.3500: Registered Dll notification callback with NTDLL.
6992580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
7002580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
7012580.3500: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
7022580.3500: supR3HardenedDllNotificationCallback: load 00007ffb56820000 LB 0x002d2000 C:\Windows\System32\KERNELBASE.dll [fFlags=0x0]
7032580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
7042580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
7052580.3500: supR3HardenedDllNotificationCallback: load 00007ffb57450000 LB 0x000bd000 C:\Windows\System32\KERNEL32.DLL [fFlags=0x0]
7062580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
7072580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb57450000 'C:\Windows\System32\KERNEL32.DLL'
7082580.3500: supR3HardenedDllNotificationCallback: load 00007ff69ab80000 LB 0x00114000 C:\Programs\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
7092580.3500: \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
7102580.3500: '\Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
7112580.3500: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VirtualBoxVM.exe)
7122580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VirtualBoxVM.exe
7132580.3500: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffb58e04c10 pvNtTerminateThread=00007ffb58e2db10
7144434.2c74: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 69 ms.
7152580.3500: \SystemRoot\System32\ntdll.dll:
7162580.3500: CreationTime: 2022-10-12T06:33:27.046293800Z
7172580.3500: LastWriteTime: 2022-10-12T06:33:27.080493500Z
7182580.3500: ChangeTime: 2022-10-12T07:45:52.982665600Z
7192580.3500: FileAttributes: 0x20
7202580.3500: Size: 0x1ef5b8
7212580.3500: NT Headers: 0xe8
7222580.3500: Timestamp: 0xb5ced1c6
7232580.3500: Machine: 0x8664 - amd64
7242580.3500: Timestamp: 0xb5ced1c6
7252580.3500: Image Version: 10.0
7262580.3500: SizeOfImage: 0x1f8000 (2064384)
7272580.3500: Resource Dir: 0x186000 LB 0x700a0
7282580.3500: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
7292580.3500: [Raw version resource data: 0x1860f0 LB 0x380, codepage 0x0 (reserved 0x0)]
7302580.3500: ProductName: Microsoft® Windows® Operating System
7312580.3500: ProductVersion: 10.0.19041.2130
7322580.3500: FileVersion: 10.0.19041.2130 (WinBuild.160101.0800)
7332580.3500: FileDescription: NT Layer DLL
7342580.3500: \SystemRoot\System32\kernel32.dll:
7352580.3500: CreationTime: 2022-08-30T05:15:38.755109600Z
7362580.3500: LastWriteTime: 2022-08-30T05:15:38.776566700Z
7372580.3500: ChangeTime: 2022-10-12T06:34:16.510777100Z
7382580.3500: FileAttributes: 0x20
7392580.3500: Size: 0xbb030
7402580.3500: NT Headers: 0xe8
7412580.3500: Timestamp: 0x4d6d72d1
7422580.3500: Machine: 0x8664 - amd64
7432580.3500: Timestamp: 0x4d6d72d1
7442580.3500: Image Version: 10.0
7452580.3500: SizeOfImage: 0xbd000 (774144)
7462580.3500: Resource Dir: 0xbb000 LB 0x520
7472580.3500: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
7482580.3500: [Raw version resource data: 0xbb0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
7492580.3500: ProductName: Microsoft® Windows® Operating System
7502580.3500: ProductVersion: 10.0.19041.1889
7512580.3500: FileVersion: 10.0.19041.1889 (WinBuild.160101.0800)
7522580.3500: FileDescription: Windows NT BASE API Client DLL
7532580.3500: \SystemRoot\System32\KernelBase.dll:
7542580.3500: CreationTime: 2022-10-12T06:33:27.563780700Z
7552580.3500: LastWriteTime: 2022-10-12T06:33:27.616545400Z
7562580.3500: ChangeTime: 2022-10-12T07:45:52.990706200Z
7572580.3500: FileAttributes: 0x20
7582580.3500: Size: 0x2d3d10
7592580.3500: NT Headers: 0xf0
7602580.3500: Timestamp: 0xb0fac6c9
7612580.3500: Machine: 0x8664 - amd64
7622580.3500: Timestamp: 0xb0fac6c9
7632580.3500: Image Version: 10.0
7642580.3500: SizeOfImage: 0x2d2000 (2957312)
7652580.3500: Resource Dir: 0x2a8000 LB 0x548
7662580.3500: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
7672580.3500: [Raw version resource data: 0x2a80b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
7682580.3500: ProductName: Microsoft® Windows® Operating System
7692580.3500: ProductVersion: 10.0.19041.2130
7702580.3500: FileVersion: 10.0.19041.2130 (WinBuild.160101.0800)
7712580.3500: FileDescription: Windows NT BASE API Client DLL
7722580.3500: \SystemRoot\System32\apisetschema.dll:
7732580.3500: CreationTime: 2019-12-07T09:08:13.518339400Z
7742580.3500: LastWriteTime: 2019-12-07T09:08:13.518339400Z
7752580.3500: ChangeTime: 2022-10-12T06:34:15.891889000Z
7762580.3500: FileAttributes: 0x20
7772580.3500: Size: 0x1f538
7782580.3500: NT Headers: 0xd0
7792580.3500: Timestamp: 0x31288ce0
7802580.3500: Machine: 0x8664 - amd64
7812580.3500: Timestamp: 0x31288ce0
7822580.3500: Image Version: 10.0
7832580.3500: SizeOfImage: 0x20000 (131072)
7842580.3500: Resource Dir: 0x1f000 LB 0x408
7852580.3500: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
7862580.3500: [Raw version resource data: 0x1f060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
7872580.3500: ProductName: Microsoft® Windows® Operating System
7882580.3500: ProductVersion: 10.0.19041.1
7892580.3500: FileVersion: 10.0.19041.1 (WinBuild.160101.0800)
7902580.3500: FileDescription: ApiSet Schema DLL
7912580.3500: NtOpenDirectoryObject failed on \Driver: 0xc0000022
7922580.3500: supR3HardenedWinFindAdversaries: 0x0
7932580.3500: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Programs\Oracle\VirtualBox'
7942580.3500: Calling main()
7952580.3500: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
7962580.3500: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Programs\Oracle\VirtualBox'
7972580.3500: \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
7982580.3500: '\Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
7992580.3500: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VirtualBoxVM.exe)
8002580.3500: SUPR3HardenedMain: Final process, opening VBoxDrv...
8012580.3500: supR3HardenedEarlyCompact: Removed heap 1 (0x000191332e0000 LB 0x400000)
8022580.3500: supR3HardNtEnableThreadCreationEx:
8032580.3500: \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VBoxSupLib.dll: Signature #1/2: info status: 24202
8042580.3500: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VBoxSupLib.dll)
8052580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VBoxSupLib.dll
8062580.3500: supR3HardenedMonitor_LdrLoadDll: pName=C:\Programs\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
8072580.3500: supR3HardenedScreenImage/NtCreateSection: cache hit (24202) on \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
8082580.3500: supR3HardenedDllNotificationCallback: load 00007ffb4fdd0000 LB 0x00005000 C:\Programs\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
8092580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (24202) on \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
8102580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (24202) on \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
8112580.3500: supR3HardenedMonitor_LdrLoadDll: pName=C:\Programs\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8122580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fdd0000 'C:\Programs\Oracle\VirtualBox\VBoxSupLib.DLL'
8132580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (24202) on \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
8142580.3500: supR3HardenedMonitor_LdrLoadDll: pName=C:\Programs\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8152580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fdd0000 'C:\Programs\Oracle\VirtualBox\VBoxSupLib.DLL'
8162580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fdd0000 'C:\Programs\Oracle\VirtualBox\VBoxSupLib.DLL'
8172580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8182580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'rpcrt4.dll'.
8192580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wintrust.dll)
8202580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wintrust.dll
8212580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8222580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8232580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll)
8242580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
8252580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8262580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8272580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcrt.dll)
8282580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
8292580.3500: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
8302580.3500: supR3HardenedDllNotificationCallback: load 00007ffb57b30000 LB 0x0009e000 C:\Windows\System32\msvcrt.dll [fFlags=0x0]
8312580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8322580.3500: supR3HardenedDllNotificationCallback: load 00007ffb56f70000 LB 0x00125000 C:\Windows\System32\RPCRT4.dll [fFlags=0x0]
8332580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
8342580.3500: supR3HardenedDllNotificationCallback: load 00007ffb56780000 LB 0x00069000 C:\Windows\System32\Wintrust.dll [fFlags=0x0]
8352580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
8362580.3500: supR3HardenedDllNotificationCallback: load 00007ffb56680000 LB 0x00100000 C:\Windows\System32\ucrtbase.dll [fFlags=0x0]
8372580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ucrtbase.dll)
8382580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ucrtbase.dll
8392580.3500: supR3HardenedDllNotificationCallback: load 00007ffb56520000 LB 0x00156000 C:\Windows\System32\CRYPT32.dll [fFlags=0x0]
8402580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\crypt32.dll)
8412580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\crypt32.dll
8422580.3500: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
8432580.3500: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
8442580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56820000 'api-ms-win-core-synch-l1-2-0'
8452580.3500: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
8462580.3500: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
8472580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56820000 'api-ms-win-core-fibers-l1-1-1'
8482580.3500: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
8492580.3500: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
8502580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56820000 'api-ms-win-core-fibers-l1-1-1'
8512580.3500: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
8522580.3500: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
8532580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56820000 'api-ms-win-core-synch-l1-2-0'
8542580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msasn1.dll)
8552580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msasn1.dll
8562580.3500: supR3HardenedDllNotificationCallback: load 00007ffb56020000 LB 0x00012000 C:\Windows\SYSTEM32\MSASN1.dll [fFlags=0x0]
8572580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
8582580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56780000 'C:\Windows\system32\Wintrust.dll'
8592580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcrypt.dll)
8602580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
8612580.3500: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
8622580.3500: supR3HardenedDllNotificationCallback: load 00007ffb564a0000 LB 0x00027000 C:\Windows\System32\bcrypt.dll [fFlags=0x0]
8632580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
8642580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb564a0000 'C:\Windows\system32\bcrypt.dll'
8652580.3500: bcrypt.dll loaded at 00007ffb564a0000, BCryptOpenAlgorithmProvider at 00007ffb564a51e0, preloading providers:
8662580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll)
8672580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
8682580.3500: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8692580.3500: supR3HardenedDllNotificationCallback: load 00007ffb56b00000 LB 0x00082000 C:\Windows\System32\bcryptprimitives.dll [fFlags=0x0]
8702580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
8712580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56b00000 'C:\Windows\system32\bcryptprimitives.dll'
8722580.3500: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=000001913385f510)
8732580.3500: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=00000191338603a0)
8742580.3500: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=00000191338606c0)
8752580.3500: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=00000191338609e0)
8762580.3500: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000019133860d00)
8772580.3500: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000019133861020)
8782580.3500: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000019133861340)
8792580.3500: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000019133861660)
8802580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptsp.dll)
8812580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptsp.dll
8822580.3500: supR3HardenedDllNotificationCallback: load 00007ffb55d70000 LB 0x00018000 C:\Windows\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
8832580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
8842580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'bcrypt.dll'.
8852580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rsaenh.dll)
8862580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
8872580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
8882580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
8892580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
8902580.3500: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8912580.3500: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8922580.3500: supR3HardenedDllNotificationCallback: load 00007ffb554a0000 LB 0x00034000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
8932580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8942580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
8952580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptbase.dll)
8962580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptbase.dll
8972580.3500: supR3HardenedDllNotificationCallback: load 00007ffb55d90000 LB 0x0000c000 C:\Windows\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
8982580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
8992580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
9002580.3500: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9012580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb57450000 'C:\Windows\System32\kernel32.dll'
9022580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
9032580.3500: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9042580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56780000 'C:\Windows\System32\WINTRUST.DLL'
9052580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
9062580.3500: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
9072580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\CRYPT32.dll'
9082580.3500: supR3HardenedDllNotificationCallback: load 00007ffb570a0000 LB 0x0001d000 C:\Windows\System32\imagehlp.dll [fFlags=0x0]
9092580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\imagehlp.dll)
9102580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imagehlp.dll
9112580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9122580.3500: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9132580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
9142580.3500: supR3HardenedDllNotificationCallback: load 00007ffb57db0000 LB 0x0009c000 C:\Windows\System32\sechost.dll [fFlags=0x0]
9152580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
9162580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\sechost.dll)
9172580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sechost.dll
9182580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9192580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
9202580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gpapi.dll)
9212580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gpapi.dll
9222580.3500: supR3HardenedDllNotificationCallback: load 00007ffb54e00000 LB 0x00023000 C:\Windows\SYSTEM32\gpapi.dll [fFlags=0x0]
9232580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
9242580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\profapi.dll)
9252580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\profapi.dll
9262580.3500: supR3HardenedDllNotificationCallback: load 00007ffb563e0000 LB 0x0001f000 C:\Windows\SYSTEM32\profapi.dll [fFlags=0x0]
9272580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\profapi.dll [lacks WinVerifyTrust]
9282580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9292580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
9302580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptnet.dll)
9312580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptnet.dll
9322580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
9332580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
9342580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
9352580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9362580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9372580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9382580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9392580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9402580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
9412580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9422580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9432580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9442580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9452580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9462580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
9472580.3500: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9482580.3500: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9492580.3500: supR3HardenedDllNotificationCallback: load 00007ffb36460000 LB 0x00031000 C:\Windows\System32\cryptnet.dll [fFlags=0x0]
9502580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9512580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9522580.3500: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
9532580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb36460000 'C:\Windows\System32\cryptnet.dll'
9542580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9552580.3500: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
9562580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb36460000 'C:\Windows\System32\cryptnet.dll'
9572580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9582580.3500: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
9592580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb36460000 'C:\Windows\System32\cryptnet.dll'
9602580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9612580.3500: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
9622580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb36460000 'C:\Windows\System32\cryptnet.dll'
9632580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9642580.3500: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
9652580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb36460000 'C:\Windows\System32\cryptnet.dll'
9662580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9672580.3500: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
9682580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb36460000 'C:\Windows\System32\cryptnet.dll'
9692580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9702580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb36460000 'C:\Windows\System32\cryptnet.dll'
9712580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9722580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb36460000 'C:\Windows\System32\cryptnet.dll'
9732580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9742580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb36460000 'C:\Windows\System32\cryptnet.dll'
9752580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9762580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb36460000 'C:\Windows\System32\cryptnet.dll'
9772580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9782580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb36460000 'C:\Windows\System32\cryptnet.dll'
9792580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb36460000 'C:\Windows\System32\cryptnet.dll'
9802580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9812580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb36460000 'C:\Windows\System32\cryptnet.dll'
9822580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
9832580.3500: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9842580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
9852580.3500: supR3HardenedDllNotificationCallback: load 00007ffb57510000 LB 0x000ae000 C:\Windows\System32\advapi32.dll [fFlags=0x0]
9862580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9872580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.
9882580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
9892580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\advapi32.dll)
9902580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\advapi32.dll
9912580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9922580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9932580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9942580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
9952580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
9962580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume3\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
9972580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\sechost.dll [lacks WinVerifyTrust]
9982580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9992580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10002580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
10012580.3500: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10022580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
10032580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
10042580.3500: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10052580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
10062580.3500: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
10072580.3500: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000191338a8260
10082580.3500: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000191338a8260
10092580.3500: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6D74D0FCB83F607A8F565F61FCB8AC8870582858
10102580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
10112580.3500: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10122580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56f70000 'C:\Windows\System32\rpcrt4.dll'
10132580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10142580.3500: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10152580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
10162580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
10172580.3500: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10182580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
10192580.3500: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0516~31bf3856ad364e35~amd64~~10.0.19041.2130.cat'; file='\SystemRoot\System32\ntdll.dll'
10202580.3500: g_pfnWinVerifyTrust=00007ffb56781f00
10212580.3500: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
10222580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10232580.3500: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10242580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
10252580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
10262580.3500: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10272580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
10282580.3500: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\crypt32.dll'
10292580.3500: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
10302580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10312580.3500: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10322580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
10332580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
10342580.3500: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10352580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
10362580.3500: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\wintrust.dll'
10372580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10382580.3500: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10392580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
10402580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
10412580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\advapi32.dll'
10422580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10432580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
10442580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
10452580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptnet.dll'
10462580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10472580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
10482580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
10492580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\profapi.dll'
10502580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10512580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
10522580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
10532580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gpapi.dll'
10542580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10552580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
10562580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
10572580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\sechost.dll'
10582580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10592580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
10602580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
10612580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imagehlp.dll'
10622580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10632580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
10642580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
10652580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptbase.dll'
10662580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10672580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
10682580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
10692580.3500: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10702580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
10712580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rsaenh.dll'
10722580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
10732580.3500: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10742580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
10752580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
10762580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptsp.dll'
10772580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
10782580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
10792580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll'
10802580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
10812580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
10822580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll'
10832580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
10842580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
10852580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msasn1.dll'
10862580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
10872580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
10882580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ucrtbase.dll'
10892580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
10902580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
10912580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll'
10922580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
10932580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
10942580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll'
10952580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
10962580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
10972580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VBoxSupLib.dll'
10982580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
10992580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
11002580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VirtualBoxVM.exe'
11012580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
11022580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
11032580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\KernelBase.dll'
11042580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
11052580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
11062580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\kernel32.dll'
11072580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\system32\crypt32.dll'
11082580.3500: supR3HardenedWinIsDesiredRootCA: Adding 0xfddff7de73e49900 CN=EDS ROOT SHA256 CA
11092580.3500: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
11102580.3500: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
11112580.3500: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
11122580.3500: supR3HardenedWinIsDesiredRootCA: Adding 0xe590c1ccad2fd000 CN=Microsoft Intune Root Certification Authority
11132580.3500: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
11142580.3500: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
11152580.3500: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
11162580.3500: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
11172580.3500: supR3HardenedWinIsDesiredRootCA: Adding 0xf3bb4d7e894b420 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC TS Root Certificate Authority 2018
11182580.3500: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
11192580.3500: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
11202580.3500: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018
11212580.3500: supR3HardenedWinIsDesiredRootCA: Adding 0xca58a05dd401ae00 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Time Stamp Root Certificate Authority 2014
11222580.3500: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
11232580.3500: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
11242580.3500: supR3HardenedWinIsDesiredRootCA: Adding 0xbbde687390e6bf00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Trusted Root G4
11252580.3500: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
11262580.3500: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
11272580.3500: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
11282580.3500: supR3HardenedWinIsDesiredRootCA: Adding 0xeae16ef49d40be00 C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
11292580.3500: supR3HardenedWinIsDesiredRootCA: Adding 0x3714f47324e8ad00 C=US, O=Internet Security Research Group, CN=ISRG Root X1
11302580.3500: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
11312580.3500: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
11322580.3500: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
11332580.3500: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
11342580.3500: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
11352580.3500: supR3HardenedWinIsDesiredRootCA: Adding 0xf966ca73e8079500 OU=GlobalSign Root CA - R6, O=GlobalSign, CN=GlobalSign
11362580.3500: supR3HardenedWinIsDesiredRootCA: Adding 0xbebef0d2217f0bfb C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G3
11372580.3500: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
11382580.3500: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
11392580.3500: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
11402580.3500: supR3HardenedWinIsDesiredRootCA: Adding 0xe87add30c52db600 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Code Signing Root R45
11412580.3500: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
11422580.3500: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
11432580.3500: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
11442580.3500: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
11452580.3500: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
11462580.3500: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
11472580.3500: supR3HardenedWinIsDesiredRootCA: Adding 0xfddff7de73e49900 CN=EDS ROOT SHA256 CA
11482580.3500: supR3HardenedWinIsDesiredRootCA: Adding 0x8a35d7a4ad898700 CN=EDS Root CA
11492580.3500: supR3HardenedWinIsDesiredRootCA: skipping - not-self-signed: DC=si, DC=in, CN=EDS Enterprise CA 1 (SHA256)
11502580.3500: supR3HardenedWinIsDesiredRootCA: Adding 0xfdcf879bfa5fd900 DC=si, DC=el, CN=ELCARoot01
11512580.3500: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=42
11522580.3500: SUPR3HardenedMain: Load Runtime...
11532580.3500: \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VBoxRT.dll: Signature #1/2: info status: 24202
11542580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
11552580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
11562580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.
11572580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140_1.dll'.
11582580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp140.dll'.
11592580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
11602580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'ws2_32.dll'.
11612580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
11622580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VBoxRT.dll
11632580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
11642580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
11652580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
11662580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
11672580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
11682580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ws2_32.dll) WinVerifyTrust
11692580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
11702580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
11712580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
11722580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
11732580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
11742580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
11752580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
11762580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
11772580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
11782580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
11792580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
11802580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.
11812580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140_1.dll'.
11822580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcp140.dll) WinVerifyTrust
11832580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcp140.dll
11842580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
11852580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
11862580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
11872580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
11882580.3500: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
11892580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vcruntime140.dll'.
11902580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll)
11912580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll
11922580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
11932580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
11942580.3500: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140.dll'.
11952580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\vcruntime140.dll)
11962580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\vcruntime140.dll
11972580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
11982580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
11992580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vcruntime140.dll [lacks WinVerifyTrust]
12002580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
12012580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
12022580.3500: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12032580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
12042580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vcruntime140.dll'.
12052580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll) WinVerifyTrust
12062580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
12072580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
12082580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vcruntime140.dll [redoing WinVerifyTrust]
12092580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
12102580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
12112580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vcruntime140.dll [lacks WinVerifyTrust]
12122580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
12132580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
12142580.3500: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140.dll'
12152580.3500: supR3HardenedMonitor_LdrLoadDll: pName=C:\Programs\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
12162580.3500: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VBoxRT.dll
12172580.3500: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vcruntime140.dll
12182580.3500: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll [avoiding WinVerifyTrust]
12192580.3500: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp140.dll
12202580.3500: supR3HardenedDllNotificationCallback: load 00007ffb3a650000 LB 0x0001b000 C:\Windows\SYSTEM32\VCRUNTIME140.dll [fFlags=0x0]
12212580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vcruntime140.dll
12222580.3500: supR3HardenedDllNotificationCallback: load 00007ffb44730000 LB 0x0000c000 C:\Windows\SYSTEM32\VCRUNTIME140_1.dll [fFlags=0x0]
12232580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll [avoiding WinVerifyTrust]
12242580.3500: supR3HardenedDllNotificationCallback: load 00007ffb14fd0000 LB 0x0008e000 C:\Windows\SYSTEM32\MSVCP140.dll [fFlags=0x0]
12252580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp140.dll
12262580.3500: supR3HardenedDllNotificationCallback: load 00007ffb586d0000 LB 0x0006b000 C:\Windows\System32\WS2_32.dll [fFlags=0x0]
12272580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
12282580.3500: supR3HardenedDllNotificationCallback: load 00007ffb0a860000 LB 0x006c4000 C:\Programs\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
12292580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VBoxRT.dll
12302580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
12312580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
12322580.3500: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
12332580.3500: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
12342580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56820000 'api-ms-win-core-synch-l1-2-0'
12352580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
12362580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
12372580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
12382580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
12392580.3500: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
12402580.3500: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
12412580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56820000 'api-ms-win-core-fibers-l1-1-1'
12422580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
12432580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
12442580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
12452580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
12462580.3500: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
12472580.3500: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
12482580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56820000 'api-ms-win-core-synch-l1-2-0'
12492580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
12502580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
12512580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
12522580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
12532580.3500: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
12542580.3500: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
12552580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56820000 'api-ms-win-core-fibers-l1-1-1'
12562580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
12572580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
12582580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
12592580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
12602580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
12612580.3500: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
12622580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb57450000 'C:\Windows\System32\kernel32.dll'
12632580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
12642580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
12652580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
12662580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
12672580.3500: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
12682580.3500: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
12692580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56820000 'api-ms-win-core-string-l1-1-0'
12702580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
12712580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
12722580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
12732580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
12742580.3500: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
12752580.3500: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
12762580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56820000 'api-ms-win-core-localization-l1-2-1'
12772580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
12782580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
12792580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
12802580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
12812580.3500: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
12822580.3500: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
12832580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56820000 'api-ms-win-core-datetime-l1-1-1'
12842580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
12852580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
12862580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
12872580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
12882580.3500: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
12892580.3500: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
12902580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56820000 'api-ms-win-core-localization-obsolete-l1-2-0'
12912580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
12922580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
12932580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
12942580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
12952580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VBoxRT.dll
12962580.3500: supR3HardenedMonitor_LdrLoadDll: pName=C:\Programs\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12972580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0a860000 'C:\Programs\Oracle\VirtualBox\VBoxRT.dll'
12982580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
12992580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
13002580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
13012580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
13022580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VBoxRT.dll
13032580.3500: supR3HardenedMonitor_LdrLoadDll: pName=C:\Programs\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
13042580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0a860000 'C:\Programs\Oracle\VirtualBox\VBoxRT.dll'
13052580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
13062580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
13072580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
13082580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
13092580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VBoxRT.dll
13102580.3500: supR3HardenedMonitor_LdrLoadDll: pName=C:\Programs\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
13112580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0a860000 'C:\Programs\Oracle\VirtualBox\VBoxRT.dll'
13122580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
13132580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
13142580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
13152580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
13162580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VBoxRT.dll
13172580.3500: supR3HardenedMonitor_LdrLoadDll: pName=C:\Programs\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
13182580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0a860000 'C:\Programs\Oracle\VirtualBox\VBoxRT.dll'
13192580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
13202580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
13212580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
13222580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
13232580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VBoxRT.dll
13242580.3500: supR3HardenedMonitor_LdrLoadDll: pName=C:\Programs\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
13252580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0a860000 'C:\Programs\Oracle\VirtualBox\VBoxRT.dll'
13262580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
13272580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
13282580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
13292580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
13302580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VBoxRT.dll
13312580.3500: supR3HardenedMonitor_LdrLoadDll: pName=C:\Programs\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
13322580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0a860000 'C:\Programs\Oracle\VirtualBox\VBoxRT.dll'
13332580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
13342580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
13352580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
13362580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
13372580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0a860000 'C:\Programs\Oracle\VirtualBox\VBoxRT.dll'
13382580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
13392580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
13402580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
13412580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
13422580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0a860000 'C:\Programs\Oracle\VirtualBox\VBoxRT.dll'
13432580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
13442580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
13452580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
13462580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
13472580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0a860000 'C:\Programs\Oracle\VirtualBox\VBoxRT.dll'
13482580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
13492580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
13502580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
13512580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
13522580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0a860000 'C:\Programs\Oracle\VirtualBox\VBoxRT.dll'
13532580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
13542580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
13552580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
13562580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
13572580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0a860000 'C:\Programs\Oracle\VirtualBox\VBoxRT.dll'
13582580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
13592580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
13602580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
13612580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
13622580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0a860000 'C:\Programs\Oracle\VirtualBox\VBoxRT.dll'
13632580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
13642580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
13652580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
13662580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
13672580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0a860000 'C:\Programs\Oracle\VirtualBox\VBoxRT.dll'
13682580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
13692580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
13702580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
13712580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
13722580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VBoxRT.dll
13732580.3500: supR3HardenedMonitor_LdrLoadDll: pName=C:\Programs\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
13742580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0a860000 'C:\Programs\Oracle\VirtualBox\VBoxRT.dll'
13752580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
13762580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
13772580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
13782580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
13792580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0a860000 'C:\Programs\Oracle\VirtualBox\VBoxRT.dll'
13802580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
13812580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
13822580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
13832580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
13842580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0a860000 'C:\Programs\Oracle\VirtualBox\VBoxRT.dll'
13852580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
13862580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
13872580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
13882580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
13892580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0a860000 'C:\Programs\Oracle\VirtualBox\VBoxRT.dll'
13902580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
13912580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
13922580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
13932580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
13942580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0a860000 'C:\Programs\Oracle\VirtualBox\VBoxRT.dll'
13952580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
13962580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
13972580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
13982580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
13992580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0a860000 'C:\Programs\Oracle\VirtualBox\VBoxRT.dll'
14002580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
14012580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
14022580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
14032580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
14042580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0a860000 'C:\Programs\Oracle\VirtualBox\VBoxRT.dll'
14052580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
14062580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
14072580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
14082580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
14092580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0a860000 'C:\Programs\Oracle\VirtualBox\VBoxRT.dll'
14102580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
14112580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
14122580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
14132580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
14142580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0a860000 'C:\Programs\Oracle\VirtualBox\VBoxRT.dll'
14152580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
14162580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
14172580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
14182580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
14192580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0a860000 'C:\Programs\Oracle\VirtualBox\VBoxRT.dll'
14202580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
14212580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
14222580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
14232580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
14242580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0a860000 'C:\Programs\Oracle\VirtualBox\VBoxRT.dll'
14252580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
14262580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
14272580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
14282580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
14292580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0a860000 'C:\Programs\Oracle\VirtualBox\VBoxRT.dll'
14302580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
14312580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
14322580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
14332580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
14342580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0a860000 'C:\Programs\Oracle\VirtualBox\VBoxRT.dll'
14352580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
14362580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
14372580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
14382580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
14392580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0a860000 'C:\Programs\Oracle\VirtualBox\VBoxRT.dll'
14402580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
14412580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
14422580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
14432580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
14442580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0a860000 'C:\Programs\Oracle\VirtualBox\VBoxRT.dll'
14452580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
14462580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
14472580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
14482580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
14492580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0a860000 'C:\Programs\Oracle\VirtualBox\VBoxRT.dll'
14502580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
14512580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
14522580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
14532580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
14542580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VBoxRT.dll
14552580.3500: supR3HardenedMonitor_LdrLoadDll: pName=C:\Programs\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
14562580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0a860000 'C:\Programs\Oracle\VirtualBox\VBoxRT.dll'
14572580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
14582580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
14592580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
14602580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
14612580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0a860000 'C:\Programs\Oracle\VirtualBox\VBoxRT.dll'
14622580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
14632580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
14642580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
14652580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
14662580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0a860000 'C:\Programs\Oracle\VirtualBox\VBoxRT.dll'
14672580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
14682580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
14692580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0a860000 'C:\Programs\Oracle\VirtualBox\VBoxRT.dll'
14702580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
14712580.3500: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
14722580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
14732580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
14742580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'
14752580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll
14762580.3500: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
14772580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56780000 'C:\Windows\system32\Wintrust.dll'
14782580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
14792580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
14802580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
14812580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
14822580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\system32\crypt32.dll'
14832580.3500: SUPR3HardenedMain: Load TrustedMain...
14842580.3430: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-appmodel-runtime-l1-1-2) -> 0x0, fPresent=1
14852580.3430: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-appmodel-runtime-l1-1-2 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
14862580.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'.
14872580.3430: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
14882580.3430: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll)
14892580.3430: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll
14902580.3430: supR3HardenedDllNotificationCallback: load 00007ffb54cf0000 LB 0x00012000 C:\Windows\SYSTEM32\kernel.appcore.dll [fFlags=0x0]
14912580.3430: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll [avoiding WinVerifyTrust]
14922580.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb54cf0000 'api-ms-win-appmodel-runtime-l1-1-2'
14932580.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
14942580.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
14952580.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
14962580.3430: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
14972580.3430: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
14982580.3430: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
14992580.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
15002580.3430: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
15012580.3430: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'
15022580.3500: \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VirtualBoxVM.dll: Signature #1/2: info status: 24202
15032580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
15042580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
15052580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'uicommon.dll'.
15062580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
15072580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vcruntime140.dll'.
15082580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vcruntime140_1.dll'.
15092580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcp140.dll'.
15102580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5corevbox.dll'.
15112580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5guivbox.dll'.
15122580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5widgetsvbox.dll'.
15132580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'user32.dll'.
15142580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'ole32.dll'.
15152580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'oleaut32.dll'.
15162580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'winmm.dll'.
15172580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VirtualBoxVM.dll) WinVerifyTrust
15182580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VirtualBoxVM.dll
15192580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
15202580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
15212580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
15222580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
15232580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
15242580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winmm.dll) WinVerifyTrust
15252580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winmm.dll
15262580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
15272580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
15282580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15292580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15302580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
15312580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
15322580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
15332580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
15342580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
15352580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
15362580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\oleaut32.dll) WinVerifyTrust
15372580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
15382580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
15392580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
15402580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
15412580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
15422580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
15432580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
15442580.3500: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
15452580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
15462580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\combase.dll)
15472580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\combase.dll
15482580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
15492580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
15502580.3500: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
15512580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll)
15522580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
15532580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
15542580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
15552580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
15562580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
15572580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
15582580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #49 'gdi32.dll'.
15592580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #50 'user32.dll'.
15602580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #51 'combase.dll'.
15612580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ole32.dll) WinVerifyTrust
15622580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ole32.dll
15632580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15642580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15652580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
15662580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
15672580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [lacks WinVerifyTrust]
15682580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15692580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15702580.3500: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
15712580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
15722580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'gdi32.dll'.
15732580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\user32.dll)
15742580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\user32.dll
15752580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15762580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15772580.3500: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
15782580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'win32u.dll'.
15792580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32.dll)
15802580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32.dll
15812580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
15822580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
15832580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
15842580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
15852580.3500: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
15862580.3500: '\Device\HarddiskVolume3\Windows\System32\win32u.dll' has no imports
15872580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\win32u.dll)
15882580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\win32u.dll
15892580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15902580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15912580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
15922580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
15932580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
15942580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
15952580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
15962580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
15972580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
15982580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'gdi32.dll'.
15992580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\user32.dll) WinVerifyTrust
16002580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
16012580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Programs\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
16022580.3500: \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\Qt5WidgetsVBox.dll: Signature #1/2: info status: 24202
16032580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16042580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16052580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
16062580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
16072580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
16082580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
16092580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
16102580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
16112580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5guivbox.dll'.
16122580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5corevbox.dll'.
16132580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'uxtheme.dll'.
16142580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'dwmapi.dll'.
16152580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
16162580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
16172580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
16182580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
16192580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcp140.dll'.
16202580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'msvcp140_1.dll'.
16212580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'vcruntime140.dll'.
16222580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'vcruntime140_1.dll'.
16232580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Programs\Oracle\VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust
16242580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\Qt5WidgetsVBox.dll
16252580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
16262580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Programs\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
16272580.3500: \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\Qt5GuiVBox.dll: Signature #1/2: info status: 24202
16282580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
16292580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
16302580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll
16312580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
16322580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
16332580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vcruntime140.dll
16342580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140_1.dll'...
16352580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140_1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp140_1.dll' [rcNtRedir=0xc0150008]
16362580.3500: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp140_1.dll'.
16372580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp140.dll'.
16382580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140.dll'.
16392580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcp140_1.dll)
16402580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcp140_1.dll
16412580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
16422580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
16432580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp140.dll
16442580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16452580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16462580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
16472580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16482580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16492580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
16502580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
16512580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
16522580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
16532580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
16542580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
16552580.3500: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
16562580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
16572580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #72 'user32.dll'.
16582580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #74 'gdi32.dll'.
16592580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shell32.dll)
16602580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shell32.dll
16612580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
16622580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
16632580.3500: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\dwmapi.dll'.
16642580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16652580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'win32u.dll'.
16662580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'user32.dll'.
16672580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'gdi32.dll'.
16682580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dwmapi.dll)
16692580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dwmapi.dll
16702580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uxtheme.dll'...
16712580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'uxtheme.dll' -> '\Device\HarddiskVolume3\Windows\System32\uxtheme.dll' [rcNtRedir=0xc0150008]
16722580.3500: Detected WinVerifyTrust recursion: rc=22900 '\Device\HarddiskVolume3\Windows\System32\uxtheme.dll'.
16732580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16742580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
16752580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'user32.dll'.
16762580.3500: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\uxtheme.dll)
16772580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
16782580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
16792580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Programs\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
16802580.3500: \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\Qt5CoreVBox.dll: Signature #1/2: info status: 24202
16812580.3500: Detected WinVerifyTrust recursion: rc=24202 '\Device\HarddiskVolume3\Programs\Oracle\VirtualBox\Qt5CoreVBox.dll'.
16822580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'mpr.dll'.
16832580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'userenv.dll'.
16842580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'version.dll'.
16852580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'netapi32.dll'.
16862580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
16872580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
16882580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ole32.dll'.
16892580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'shell32.dll'.
16902580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'user32.dll'.
16912580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'winmm.dll'.
16922580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp140.dll'.
16932580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcp140_1.dll'.
16942580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'vcruntime140.dll'.
16952580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'vcruntime140_1.dll'.
16962580.3500: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Programs\Oracle\VirtualBox\Qt5CoreVBox.dll)
16972580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\Qt5CoreVBox.dll
16982580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
16992580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Programs\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
17002580.3500: \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\Qt5GuiVBox.dll: Signature #1/2: info status: 24202
17012580.3500: Detected WinVerifyTrust recursion: rc=24202 '\Device\HarddiskVolume3\Programs\Oracle\VirtualBox\Qt5GuiVBox.dll'.
17022580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'd3d11.dll'.
17032580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'dxgi.dll'.
17042580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
17052580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
17062580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'opengl32.dll'.
17072580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
17082580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
17092580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp140.dll'.
17102580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'vcruntime140.dll'.
17112580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'vcruntime140_1.dll'.
17122580.3500: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Programs\Oracle\VirtualBox\Qt5GuiVBox.dll)
17132580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\Qt5GuiVBox.dll
17142580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
17152580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
17162580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll
17172580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
17182580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
17192580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vcruntime140.dll
17202580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
17212580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
17222580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp140.dll
17232580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17242580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17252580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
17262580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17272580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17282580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
17292580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
17302580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
17312580.3500: Detected WinVerifyTrust recursion: rc=22900 '\Device\HarddiskVolume3\Windows\System32\opengl32.dll'.
17322580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17332580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
17342580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
17352580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
17362580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'glu32.dll'.
17372580.3500: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\opengl32.dll)
17382580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\opengl32.dll
17392580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
17402580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
17412580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
17422580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
17432580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Programs\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
17442580.3500: supR3HardenedScreenImage/Imports: cache hit (24202) on \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
17452580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
17462580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume3\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
17472580.3500: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\dxgi.dll'.
17482580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17492580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'win32u.dll'.
17502580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dxgi.dll)
17512580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dxgi.dll
17522580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
17532580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume3\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
17542580.3500: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\d3d11.dll'.
17552580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17562580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'dxgi.dll'.
17572580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'win32u.dll'.
17582580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\d3d11.dll)
17592580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\d3d11.dll
17602580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
17612580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
17622580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll
17632580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
17642580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
17652580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vcruntime140.dll
17662580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140_1.dll'...
17672580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140_1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp140_1.dll' [rcNtRedir=0xc0150008]
17682580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp140_1.dll [lacks WinVerifyTrust]
17692580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
17702580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
17712580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp140.dll
17722580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
17732580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
17742580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
17752580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17762580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17772580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
17782580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
17792580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
17802580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [lacks WinVerifyTrust]
17812580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
17822580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
17832580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
17842580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
17852580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
17862580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
17872580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
17882580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
17892580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
17902580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netapi32.dll'...
17912580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'netapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\netapi32.dll' [rcNtRedir=0xc0150008]
17922580.3500: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\netapi32.dll'.
17932580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17942580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\netapi32.dll)
17952580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\netapi32.dll
17962580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
17972580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume3\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
17982580.3500: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\version.dll'.
17992580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18002580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\version.dll)
18012580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\version.dll
18022580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'...
18032580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume3\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008]
18042580.3500: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\userenv.dll'.
18052580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
18062580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\userenv.dll)
18072580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\userenv.dll
18082580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
18092580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
18102580.3500: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
18112580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\mpr.dll)
18122580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\mpr.dll
18132580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18142580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18152580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
18162580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18172580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18182580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
18192580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18202580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18212580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
18222580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18232580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18242580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
18252580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18262580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18272580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
18282580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
18292580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
18302580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
18312580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18322580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18332580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
18342580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18352580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18362580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
18372580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18382580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18392580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
18402580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
18412580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
18422580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust]
18432580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
18442580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
18452580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
18462580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
18472580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp140.dll
18482580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
18492580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
18502580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18512580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18522580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18532580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18542580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
18552580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
18562580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
18572580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
18582580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume3\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
18592580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dxgi.dll [lacks WinVerifyTrust]
18602580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18612580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18622580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
18632580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
18642580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
18652580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18662580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18672580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
18682580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
18692580.3500: Detected WinVerifyTrust recursion: rc=22900 '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
18702580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18712580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
18722580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'opengl32.dll'.
18732580.3500: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\glu32.dll)
18742580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\glu32.dll
18752580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18762580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18772580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
18782580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18792580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18802580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
18812580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
18822580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
18832580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
18842580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18852580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18862580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
18872580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
18882580.3500: supR3HardenedScreenImage/Imports: cache hit (22900) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
18892580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18902580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18912580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
18922580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18932580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18942580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
18952580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
18962580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'd3d11.dll'.
18972580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'dxgi.dll'.
18982580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
18992580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
19002580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'opengl32.dll'.
19012580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
19022580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
19032580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp140.dll'.
19042580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'vcruntime140.dll'.
19052580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'vcruntime140_1.dll'.
19062580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Programs\Oracle\VirtualBox\Qt5GuiVBox.dll) WinVerifyTrust
19072580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
19082580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Programs\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
19092580.3500: supR3HardenedScreenImage/Imports: cache hit (24202) on \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust]
19102580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
19112580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
19122580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll
19132580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
19142580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
19152580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
19162580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
19172580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp140.dll
19182580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19192580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19202580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
19212580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
19222580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
19232580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
19242580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
19252580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
19262580.3500: supR3HardenedScreenImage/Imports: cache hit (22900) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
19272580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
19282580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
19292580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
19302580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
19312580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Programs\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
19322580.3500: supR3HardenedScreenImage/Imports: cache hit (24202) on \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
19332580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
19342580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume3\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
19352580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dxgi.dll [lacks WinVerifyTrust]
19362580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
19372580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume3\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
19382580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d11.dll [lacks WinVerifyTrust]
19392580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
19402580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
19412580.3500: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Programs\Oracle\VirtualBox\Qt5CoreVBox.dll'
19422580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
19432580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
19442580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp140.dll
19452580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
19462580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
19472580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll
19482580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
19492580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
19502580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
19512580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Programs\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
19522580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uicommon.dll'...
19532580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'uicommon.dll' -> '\Device\HarddiskVolume3\Programs\Oracle\VirtualBox\uicommon.dll' [rcNtRedir=0xc0150008]
19542580.3500: \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\UICommon.dll: Signature #1/2: info status: 24202
19552580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
19562580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
19572580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
19582580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140.dll'.
19592580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vcruntime140_1.dll'.
19602580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
19612580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5guivbox.dll'.
19622580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5widgetsvbox.dll'.
19632580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5helpvbox.dll'.
19642580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'user32.dll'.
19652580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'advapi32.dll'.
19662580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'ole32.dll'.
19672580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'oleaut32.dll'.
19682580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
19692580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Programs\Oracle\VirtualBox\UICommon.dll) WinVerifyTrust
19702580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\UICommon.dll
19712580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
19722580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
19732580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
19742580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
19752580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
19762580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
19772580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
19782580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
19792580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
19802580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
19812580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
19822580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19832580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19842580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [redoing WinVerifyTrust]
19852580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
19862580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
19872580.3500: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\user32.dll'
19882580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5helpvbox.dll'...
19892580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5helpvbox.dll' -> '\Device\HarddiskVolume3\Programs\Oracle\VirtualBox\qt5helpvbox.dll' [rcNtRedir=0xc0150008]
19902580.3500: \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\Qt5HelpVBox.dll: Signature #1/2: info status: 24202
19912580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
19922580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
19932580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
19942580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
19952580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5sqlvbox.dll'.
19962580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
19972580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'vcruntime140.dll'.
19982580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Programs\Oracle\VirtualBox\Qt5HelpVBox.dll) WinVerifyTrust
19992580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\Qt5HelpVBox.dll
20002580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
20012580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Programs\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
20022580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\Qt5WidgetsVBox.dll
20032580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
20042580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Programs\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
20052580.3500: supR3HardenedScreenImage/Imports: cache hit (24202) on \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust]
20062580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
20072580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
20082580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
20092580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Programs\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
20102580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\Qt5CoreVBox.dll
20112580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5sqlvbox.dll'...
20122580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5sqlvbox.dll' -> '\Device\HarddiskVolume3\Programs\Oracle\VirtualBox\qt5sqlvbox.dll' [rcNtRedir=0xc0150008]
20132580.3500: \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\Qt5SqlVBox.dll: Signature #1/2: info status: 24202
20142580.3500: Detected WinVerifyTrust recursion: rc=24202 '\Device\HarddiskVolume3\Programs\Oracle\VirtualBox\Qt5SqlVBox.dll'.
20152580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5corevbox.dll'.
20162580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vcruntime140.dll'.
20172580.3500: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Programs\Oracle\VirtualBox\Qt5SqlVBox.dll)
20182580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\Qt5SqlVBox.dll
20192580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
20202580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Programs\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
20212580.3500: supR3HardenedScreenImage/Imports: cache hit (24202) on \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
20222580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
20232580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Programs\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
20242580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\Qt5WidgetsVBox.dll
20252580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
20262580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
20272580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
20282580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Programs\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
20292580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\Qt5CoreVBox.dll
20302580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
20312580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
20322580.3500: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Programs\Oracle\VirtualBox\Qt5GuiVBox.dll'
20332580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
20342580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Programs\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
20352580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\Qt5CoreVBox.dll
20362580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
20372580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
20382580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll
20392580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
20402580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
20412580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
20422580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Programs\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
20432580.3500: supR3HardenedMonitor_LdrLoadDll: pName=C:\Programs\Oracle\VirtualBox\VirtualBoxVM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
20442580.3500: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VirtualBoxVM.dll
20452580.3500: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\UICommon.dll
20462580.3500: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\Qt5CoreVBox.dll
20472580.3500: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\Qt5GuiVBox.dll
20482580.3500: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\Qt5WidgetsVBox.dll
20492580.3500: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
20502580.3500: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\Qt5HelpVBox.dll
20512580.3500: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
20522580.3500: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll [avoiding WinVerifyTrust]
20532580.3500: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\version.dll [avoiding WinVerifyTrust]
20542580.3500: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\netapi32.dll [avoiding WinVerifyTrust]
20552580.3500: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp140_1.dll [avoiding WinVerifyTrust]
20562580.3500: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d11.dll [avoiding WinVerifyTrust]
20572580.3500: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
20582580.3500: supR3HardenedScreenImage/NtCreateSection: cache hit (22900) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll [avoiding WinVerifyTrust]
20592580.3500: supR3HardenedScreenImage/NtCreateSection: cache hit (22900) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll [avoiding WinVerifyTrust]
20602580.3500: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
20612580.3500: supR3HardenedScreenImage/NtCreateSection: cache hit (24202) on \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\Qt5SqlVBox.dll [avoiding WinVerifyTrust]
20622580.3500: supR3HardenedScreenImage/NtCreateSection: cache hit (22900) on \Device\HarddiskVolume3\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
20632580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\netutils.dll)
20642580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\netutils.dll
20652580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
20662580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\srvcli.dll)
20672580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\srvcli.dll
20682580.3500: supR3HardenedDllNotificationCallback: load 00007ffb3a750000 LB 0x0001d000 C:\Windows\SYSTEM32\MPR.dll [fFlags=0x0]
20692580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
20702580.3500: supR3HardenedDllNotificationCallback: load 00007ffb56360000 LB 0x0002e000 C:\Windows\SYSTEM32\USERENV.dll [fFlags=0x0]
20712580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll [avoiding WinVerifyTrust]
20722580.3500: supR3HardenedDllNotificationCallback: load 00007ffb4c8b0000 LB 0x0000a000 C:\Windows\SYSTEM32\VERSION.dll [fFlags=0x0]
20732580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\version.dll [avoiding WinVerifyTrust]
20742580.3500: supR3HardenedDllNotificationCallback: load 00007ffb4cb40000 LB 0x00019000 C:\Windows\SYSTEM32\NETAPI32.dll [fFlags=0x0]
20752580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\netapi32.dll [avoiding WinVerifyTrust]
20762580.3500: supR3HardenedDllNotificationCallback: load 00007ffb577d0000 LB 0x00354000 C:\Windows\System32\combase.dll [fFlags=0x0]
20772580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [avoiding WinVerifyTrust]
20782580.3500: supR3HardenedDllNotificationCallback: load 00007ffb567f0000 LB 0x00022000 C:\Windows\System32\win32u.dll [fFlags=0x0]
20792580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [avoiding WinVerifyTrust]
20802580.3500: supR3HardenedDllNotificationCallback: load 00007ffb56b90000 LB 0x0009d000 C:\Windows\System32\msvcp_win.dll [fFlags=0x0]
20812580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [avoiding WinVerifyTrust]
20822580.3500: supR3HardenedDllNotificationCallback: load 00007ffb58740000 LB 0x0019d000 C:\Windows\System32\USER32.dll [fFlags=0x0]
20832580.3500: supR3HardenedDllNotificationCallback: load 00007ffb56c30000 LB 0x0010f000 C:\Windows\System32\gdi32full.dll [fFlags=0x0]
20842580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
20852580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'gdi32.dll'.
20862580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'user32.dll'.
20872580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'win32u.dll'.
20882580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32full.dll)
20892580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32full.dll
20902580.3500: supR3HardenedDllNotificationCallback: load 00007ffb573b0000 LB 0x0002b000 C:\Windows\System32\GDI32.dll [fFlags=0x0]
20912580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [avoiding WinVerifyTrust]
20922580.3500: supR3HardenedDllNotificationCallback: load 00007ffb575c0000 LB 0x0012a000 C:\Windows\System32\ole32.dll [fFlags=0x0]
20932580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
20942580.3500: supR3HardenedDllNotificationCallback: load 00007ffb57f80000 LB 0x00743000 C:\Windows\System32\SHELL32.dll [fFlags=0x0]
20952580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [avoiding WinVerifyTrust]
20962580.3500: supR3HardenedDllNotificationCallback: load 00007ffb4c500000 LB 0x00027000 C:\Windows\SYSTEM32\WINMM.dll [fFlags=0x0]
20972580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
20982580.3500: supR3HardenedDllNotificationCallback: load 00007ffb4fdb0000 LB 0x00009000 C:\Windows\SYSTEM32\MSVCP140_1.dll [fFlags=0x0]
20992580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp140_1.dll [avoiding WinVerifyTrust]
21002580.3500: supR3HardenedDllNotificationCallback: load 00007ffb55980000 LB 0x0000c000 C:\Windows\SYSTEM32\NETUTILS.DLL [fFlags=0x0]
21012580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\netutils.dll [avoiding WinVerifyTrust]
21022580.3500: supR3HardenedDllNotificationCallback: load 00007ffb44510000 LB 0x00028000 C:\Windows\SYSTEM32\SRVCLI.DLL [fFlags=0x0]
21032580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\srvcli.dll [avoiding WinVerifyTrust]
21042580.3500: supR3HardenedDllNotificationCallback: load 00007ffb130c0000 LB 0x005c6000 C:\Programs\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
21052580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\Qt5CoreVBox.dll
21062580.3500: supR3HardenedDllNotificationCallback: load 00007ffb54e80000 LB 0x000f3000 C:\Windows\SYSTEM32\dxgi.dll [fFlags=0x0]
21072580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
21082580.3500: supR3HardenedDllNotificationCallback: load 00007ffb510a0000 LB 0x00263000 C:\Windows\SYSTEM32\d3d11.dll [fFlags=0x0]
21092580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d11.dll [avoiding WinVerifyTrust]
21102580.3500: supR3HardenedDllNotificationCallback: load 00007ffb433c0000 LB 0x0002c000 C:\Windows\SYSTEM32\GLU32.dll [fFlags=0x0]
21112580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (22900) on \Device\HarddiskVolume3\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
21122580.3500: supR3HardenedDllNotificationCallback: load 00007ffb13e30000 LB 0x00127000 C:\Windows\SYSTEM32\OPENGL32.dll [fFlags=0x0]
21132580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (22900) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll [avoiding WinVerifyTrust]
21142580.3500: supR3HardenedDllNotificationCallback: load 00007ffb0dbf0000 LB 0x0067c000 C:\Programs\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
21152580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\Qt5GuiVBox.dll
21162580.3500: supR3HardenedDllNotificationCallback: load 00007ffb53940000 LB 0x0009e000 C:\Windows\SYSTEM32\UxTheme.dll [fFlags=0x0]
21172580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (22900) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll [avoiding WinVerifyTrust]
21182580.3500: supR3HardenedDllNotificationCallback: load 00007ffb53a80000 LB 0x0002f000 C:\Windows\SYSTEM32\dwmapi.dll [fFlags=0x0]
21192580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
21202580.3500: supR3HardenedDllNotificationCallback: load 00007ffb0c080000 LB 0x00541000 C:\Programs\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
21212580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\Qt5WidgetsVBox.dll
21222580.3500: supR3HardenedDllNotificationCallback: load 00007ffb439c0000 LB 0x00036000 C:\Programs\Oracle\VirtualBox\Qt5SqlVBox.dll [fFlags=0x0]
21232580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (24202) on \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\Qt5SqlVBox.dll [avoiding WinVerifyTrust]
21242580.3500: supR3HardenedDllNotificationCallback: load 00007ffb338a0000 LB 0x0006a000 C:\Programs\Oracle\VirtualBox\Qt5HelpVBox.dll [fFlags=0x0]
21252580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\Qt5HelpVBox.dll
21262580.3500: supR3HardenedDllNotificationCallback: load 00007ffb57e50000 LB 0x000cd000 C:\Windows\System32\OLEAUT32.dll [fFlags=0x0]
21272580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
21282580.3500: supR3HardenedDllNotificationCallback: load 00007ffb05cb0000 LB 0x01bd2000 C:\Programs\Oracle\VirtualBox\UICommon.dll [fFlags=0x0]
21292580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\UICommon.dll
21302580.3500: supR3HardenedDllNotificationCallback: load 00007ffb29160000 LB 0x00145000 C:\Programs\Oracle\VirtualBox\VirtualBoxVM.dll [fFlags=0x0]
21312580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VirtualBoxVM.dll
21322580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
21332580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
21342580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\srvcli.dll'.
21352580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\srvcli.dll' [rescheduled]
21362580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\netutils.dll'.
21372580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\netutils.dll' [rescheduled]
21382580.3500: Detected loader lock ownership: rc=24202 '\Device\HarddiskVolume3\Programs\Oracle\VirtualBox\Qt5SqlVBox.dll'.
21392580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Programs\Oracle\VirtualBox\Qt5SqlVBox.dll' [rescheduled]
21402580.3500: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
21412580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
21422580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
21432580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
21442580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\userenv.dll'.
21452580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\userenv.dll' [rescheduled]
21462580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\version.dll'.
21472580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\version.dll' [rescheduled]
21482580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\netapi32.dll'.
21492580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\netapi32.dll' [rescheduled]
21502580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\d3d11.dll'.
21512580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\d3d11.dll' [rescheduled]
21522580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\dxgi.dll'.
21532580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\dxgi.dll' [rescheduled]
21542580.3500: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume3\Windows\System32\opengl32.dll'.
21552580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rescheduled]
21562580.3500: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume3\Windows\System32\uxtheme.dll'.
21572580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\uxtheme.dll' [rescheduled]
21582580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\dwmapi.dll'.
21592580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\dwmapi.dll' [rescheduled]
21602580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
21612580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
21622580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp140_1.dll'.
21632580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp140_1.dll' [rescheduled]
21642580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
21652580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
21662580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
21672580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
21682580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
21692580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
21702580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
21712580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
21722580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
21732580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
21742580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'win32u.dll'.
21752580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\imm32.dll)
21762580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imm32.dll
21772580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
21782580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
21792580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [redoing WinVerifyTrust]
21802580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
21812580.3500: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\win32u.dll
21822580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
21832580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
21842580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
21852580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
21862580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [redoing WinVerifyTrust]
21872580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
21882580.3500: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\win32u.dll
21892580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
21902580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
21912580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
21922580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
21932580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
21942580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
21952580.3500: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\gdi32.dll
21962580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
21972580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
21982580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
21992580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
22002580.3500: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
22012580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
22022580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
22032580.3500: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
22042580.3500: supR3HardenedDllNotificationCallback: load 00007ffb57d80000 LB 0x00030000 C:\Windows\System32\IMM32.DLL [fFlags=0x0]
22052580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
22062580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb57d80000 'C:\Windows\system32\IMM32.DLL'
22072580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
22082580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rescheduled]
22092580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
22102580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
22112580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\srvcli.dll'.
22122580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\srvcli.dll' [rescheduled]
22132580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\netutils.dll'.
22142580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\netutils.dll' [rescheduled]
22152580.3500: Detected loader lock ownership: rc=24202 '\Device\HarddiskVolume3\Programs\Oracle\VirtualBox\Qt5SqlVBox.dll'.
22162580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Programs\Oracle\VirtualBox\Qt5SqlVBox.dll' [rescheduled]
22172580.3500: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
22182580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
22192580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
22202580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
22212580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\userenv.dll'.
22222580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\userenv.dll' [rescheduled]
22232580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\version.dll'.
22242580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\version.dll' [rescheduled]
22252580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\netapi32.dll'.
22262580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\netapi32.dll' [rescheduled]
22272580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\d3d11.dll'.
22282580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\d3d11.dll' [rescheduled]
22292580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\dxgi.dll'.
22302580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\dxgi.dll' [rescheduled]
22312580.3500: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume3\Windows\System32\opengl32.dll'.
22322580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rescheduled]
22332580.3500: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume3\Windows\System32\uxtheme.dll'.
22342580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\uxtheme.dll' [rescheduled]
22352580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\dwmapi.dll'.
22362580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\dwmapi.dll' [rescheduled]
22372580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
22382580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
22392580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp140_1.dll'.
22402580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp140_1.dll' [rescheduled]
22412580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
22422580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
22432580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
22442580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
22452580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
22462580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
22472580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
22482580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
22492580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
22502580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rescheduled]
22512580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
22522580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
22532580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\srvcli.dll'.
22542580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\srvcli.dll' [rescheduled]
22552580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\netutils.dll'.
22562580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\netutils.dll' [rescheduled]
22572580.3500: Detected loader lock ownership: rc=24202 '\Device\HarddiskVolume3\Programs\Oracle\VirtualBox\Qt5SqlVBox.dll'.
22582580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Programs\Oracle\VirtualBox\Qt5SqlVBox.dll' [rescheduled]
22592580.3500: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
22602580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
22612580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
22622580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
22632580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\userenv.dll'.
22642580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\userenv.dll' [rescheduled]
22652580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\version.dll'.
22662580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\version.dll' [rescheduled]
22672580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\netapi32.dll'.
22682580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\netapi32.dll' [rescheduled]
22692580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\d3d11.dll'.
22702580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\d3d11.dll' [rescheduled]
22712580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\dxgi.dll'.
22722580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\dxgi.dll' [rescheduled]
22732580.3500: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume3\Windows\System32\opengl32.dll'.
22742580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rescheduled]
22752580.3500: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume3\Windows\System32\uxtheme.dll'.
22762580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\uxtheme.dll' [rescheduled]
22772580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\dwmapi.dll'.
22782580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\dwmapi.dll' [rescheduled]
22792580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
22802580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
22812580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp140_1.dll'.
22822580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp140_1.dll' [rescheduled]
22832580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
22842580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
22852580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
22862580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
22872580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
22882580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
22892580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
22902580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
22912580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
22922580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
22932580.3500: supR3HardenedScreenImage/LdrLoadDll: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\gdi32.dll
22942580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb573b0000 'C:\Windows\System32\gdi32.dll'
22952580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
22962580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rescheduled]
22972580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
22982580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
22992580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\srvcli.dll'.
23002580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\srvcli.dll' [rescheduled]
23012580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\netutils.dll'.
23022580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\netutils.dll' [rescheduled]
23032580.3500: Detected loader lock ownership: rc=24202 '\Device\HarddiskVolume3\Programs\Oracle\VirtualBox\Qt5SqlVBox.dll'.
23042580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Programs\Oracle\VirtualBox\Qt5SqlVBox.dll' [rescheduled]
23052580.3500: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
23062580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
23072580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
23082580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
23092580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\userenv.dll'.
23102580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\userenv.dll' [rescheduled]
23112580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\version.dll'.
23122580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\version.dll' [rescheduled]
23132580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\netapi32.dll'.
23142580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\netapi32.dll' [rescheduled]
23152580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\d3d11.dll'.
23162580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\d3d11.dll' [rescheduled]
23172580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\dxgi.dll'.
23182580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\dxgi.dll' [rescheduled]
23192580.3500: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume3\Windows\System32\opengl32.dll'.
23202580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rescheduled]
23212580.3500: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume3\Windows\System32\uxtheme.dll'.
23222580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\uxtheme.dll' [rescheduled]
23232580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\dwmapi.dll'.
23242580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\dwmapi.dll' [rescheduled]
23252580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
23262580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
23272580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp140_1.dll'.
23282580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp140_1.dll' [rescheduled]
23292580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
23302580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
23312580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
23322580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
23332580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
23342580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
23352580.3500: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
23362580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
23372580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb29160000 'C:\Programs\Oracle\VirtualBox\VirtualBoxVM.dll'
23382580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
23392580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
23402580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll'
23412580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
23422580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
23432580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'
23442580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
23452580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
23462580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\srvcli.dll'
23472580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
23482580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
23492580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\netutils.dll'
23502580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
23512580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
23522580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Programs\Oracle\VirtualBox\Qt5SqlVBox.dll'
23532580.3500: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004f4 pwszName=\Device\HarddiskVolume3\Windows\System32\glu32.dll
23542580.3500: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000191338a8260
23552580.3500: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000191338a8260
23562580.3500: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AB3530EF727558DA282AEF242125059D3D433DBE
23572580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
23582580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
23592580.3500: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0312~31bf3856ad364e35~amd64~~10.0.19041.2130.cat'; file='\Device\HarddiskVolume3\Windows\System32\glu32.dll'
23602580.3500: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
23612580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll'
23622580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
23632580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
23642580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll'
23652580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
23662580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
23672580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\userenv.dll'
23682580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
23692580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
23702580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\version.dll'
23712580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
23722580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
23732580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\netapi32.dll'
23742580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
23752580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
23762580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\d3d11.dll'
23772580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
23782580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
23792580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dxgi.dll'
23802580.3500: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004e0 pwszName=\Device\HarddiskVolume3\Windows\System32\opengl32.dll
23812580.3500: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000191338a8260
23822580.3500: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000191338a8260
23832580.3500: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0EBBF67ABD5D9FC6579B7E86F35AC7E39D202459
23842580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
23852580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
23862580.3500: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0312~31bf3856ad364e35~amd64~~10.0.19041.2130.cat'; file='\Device\HarddiskVolume3\Windows\System32\opengl32.dll'
23872580.3500: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
23882580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\opengl32.dll'
23892580.3500: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004d0 pwszName=\Device\HarddiskVolume3\Windows\System32\uxtheme.dll
23902580.3500: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000191338a8260
23912580.3500: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000191338a8260
23922580.3500: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7FD648B140196B1CC41E050E6806949E43C7543B
23932580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
23942580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
23952580.3500: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23962580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
23972580.3500: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2130.cat'; file='\Device\HarddiskVolume3\Windows\System32\uxtheme.dll'
23982580.3500: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
23992580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\uxtheme.dll'
24002580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
24012580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
24022580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dwmapi.dll'
24032580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
24042580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
24052580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll'
24062580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
24072580.3500: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24082580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
24092580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
24102580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcp140_1.dll'
24112580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
24122580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
24132580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll'
24142580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
24152580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
24162580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'
24172580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
24182580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
24192580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'
24202580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
24212580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
24222580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\combase.dll'
24232580.3500: SUPR3HardenedMain: Calling TrustedMain (00007ffb29161c90)...
24242580.3500: \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\platforms\qwindows.dll: Signature #1/2: info status: 24202
24252580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
24262580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
24272580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'dwmapi.dll'.
24282580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'imm32.dll'.
24292580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'.
24302580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'wtsapi32.dll'.
24312580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
24322580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
24332580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
24342580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5guivbox.dll'.
24352580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5corevbox.dll'.
24362580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shell32.dll'.
24372580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'winmm.dll'.
24382580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp140.dll'.
24392580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'vcruntime140.dll'.
24402580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'vcruntime140_1.dll'.
24412580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Programs\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
24422580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\platforms\qwindows.dll
24432580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
24442580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
24452580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
24462580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
24472580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
24482580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
24492580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
24502580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
24512580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
24522580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
24532580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
24542580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
24552580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
24562580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Programs\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
24572580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
24582580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Programs\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
24592580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\Qt5GuiVBox.dll
24602580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
24612580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
24622580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
24632580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
24642580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
24652580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
24662580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
24672580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wtsapi32.dll'...
24682580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'wtsapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\wtsapi32.dll' [rcNtRedir=0xc0150008]
24692580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
24702580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
24712580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24722580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wtsapi32.dll) WinVerifyTrust
24732580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wtsapi32.dll
24742580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
24752580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
24762580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
24772580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
24782580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
24792580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll
24802580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
24812580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
24822580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dwmapi.dll
24832580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24842580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24852580.3500: supR3HardenedMonitor_LdrLoadDll: pName=C:\Programs\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24862580.3500: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\platforms\qwindows.dll
24872580.3500: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wtsapi32.dll
24882580.3500: supR3HardenedDllNotificationCallback: load 00007ffb541b0000 LB 0x00014000 C:\Windows\SYSTEM32\WTSAPI32.dll [fFlags=0x0]
24892580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wtsapi32.dll
24902580.3500: supR3HardenedDllNotificationCallback: load 00007ffb11480000 LB 0x00161000 C:\Programs\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
24912580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\platforms\qwindows.dll
24922580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb11480000 'C:\Programs\Oracle\VirtualBox\platforms\qwindows.dll'
24932580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
24942580.3500: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
24952580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb53940000 'C:\Windows\system32\uxtheme.dll'
24962580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb58740000 'C:\Windows\system32\user32.dll'
24972580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
24982580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
24992580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25002580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'combase.dll'.
25012580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\SHCore.dll) WinVerifyTrust
25022580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\SHCore.dll
25032580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
25042580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
25052580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll
25062580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25072580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25082580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
25092580.3500: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25102580.3500: supR3HardenedDllNotificationCallback: load 00007ffb572f0000 LB 0x000ad000 C:\Windows\System32\SHCore.dll [fFlags=0x0]
25112580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll
25122580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb572f0000 'C:\Windows\system32\SHCore.dll'
25132580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
25142580.3500: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25152580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb57f80000 'C:\Windows\system32\shell32.dll'
25162580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'combase.dll'.
25172580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'msvcp_win.dll'.
25182580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'wldp.dll'.
25192580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\windows.storage.dll)
25202580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\windows.storage.dll
25212580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25222580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wldp.dll)
25232580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wldp.dll
25242580.3500: supR3HardenedDllNotificationCallback: load 00007ffb55e90000 LB 0x00030000 C:\Windows\SYSTEM32\Wldp.dll [fFlags=0x0]
25252580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wldp.dll [avoiding WinVerifyTrust]
25262580.3500: supR3HardenedDllNotificationCallback: load 00007ffb54540000 LB 0x00791000 C:\Windows\SYSTEM32\windows.storage.dll [fFlags=0x0]
25272580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\windows.storage.dll [avoiding WinVerifyTrust]
25282580.3500: supR3HardenedDllNotificationCallback: load 00007ffb56df0000 LB 0x00055000 C:\Windows\System32\shlwapi.dll [fFlags=0x0]
25292580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
25302580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shlwapi.dll)
25312580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
25322580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
25332580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\powrprof.dll)
25342580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\powrprof.dll
25352580.3500: supR3HardenedDllNotificationCallback: load 00007ffb56310000 LB 0x0004b000 C:\Windows\SYSTEM32\powrprof.dll [fFlags=0x0]
25362580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\powrprof.dll [avoiding WinVerifyTrust]
25372580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\umpdc.dll)
25382580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\umpdc.dll
25392580.3500: supR3HardenedDllNotificationCallback: load 00007ffb562f0000 LB 0x00012000 C:\Windows\SYSTEM32\UMPDC.dll [fFlags=0x0]
25402580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\umpdc.dll [avoiding WinVerifyTrust]
25412580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
25422580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
25432580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25442580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25452580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25462580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25472580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldp.dll'...
25482580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldp.dll' -> '\Device\HarddiskVolume3\Windows\System32\wldp.dll' [rcNtRedir=0xc0150008]
25492580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wldp.dll [lacks WinVerifyTrust]
25502580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
25512580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
25522580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
25532580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
25542580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
25552580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll
25562580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
25572580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
25582580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'
25592580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
25602580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
25612580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'
25622580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
25632580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
25642580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'
25652580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
25662580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
25672580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\wldp.dll'
25682580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
25692580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
25702580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'
25712580.3500: \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\styles\qwindowsvistastyle.dll: Signature #1/2: info status: 24202
25722580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
25732580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
25742580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
25752580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
25762580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
25772580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'uxtheme.dll'.
25782580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
25792580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
25802580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'vcruntime140.dll'.
25812580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'vcruntime140_1.dll'.
25822580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Programs\Oracle\VirtualBox\styles\qwindowsvistastyle.dll) WinVerifyTrust
25832580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\styles\qwindowsvistastyle.dll
25842580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
25852580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
25862580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
25872580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
25882580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vcruntime140.dll
25892580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
25902580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
25912580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
25922580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
25932580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
25942580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uxtheme.dll'...
25952580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'uxtheme.dll' -> '\Device\HarddiskVolume3\Windows\System32\uxtheme.dll' [rcNtRedir=0xc0150008]
25962580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
25972580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
25982580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Programs\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
25992580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
26002580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Programs\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
26012580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\Qt5GuiVBox.dll
26022580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
26032580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Programs\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
26042580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\Qt5WidgetsVBox.dll
26052580.3500: supR3HardenedMonitor_LdrLoadDll: pName=C:\Programs\Oracle\VirtualBox\styles\qwindowsvistastyle.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26062580.3500: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\styles\qwindowsvistastyle.dll
26072580.3500: supR3HardenedDllNotificationCallback: load 00007ffb43250000 LB 0x00026000 C:\Programs\Oracle\VirtualBox\styles\qwindowsvistastyle.dll [fFlags=0x0]
26082580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\styles\qwindowsvistastyle.dll
26092580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb43250000 'C:\Programs\Oracle\VirtualBox\styles\qwindowsvistastyle.dll'
26102580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
26112580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
26122580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26132580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'gdi32.dll'.
26142580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'user32.dll'.
26152580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_60b5254171f9507e\comctl32.dll) WinVerifyTrust
26162580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_60b5254171f9507e\comctl32.dll
26172580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
26182580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
26192580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
26202580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
26212580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26222580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26232580.3500: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_60b5254171f9507e\comctl32.dll (Input=comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000004001:<flags> [calling]
26242580.3500: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_60b5254171f9507e\comctl32.dll
26252580.3500: supR3HardenedDllNotificationCallback: load 00007ffb43640000 LB 0x0029a000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_60b5254171f9507e\comctl32.dll [fFlags=0x0]
26262580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_60b5254171f9507e\comctl32.dll
26272580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb43640000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_60b5254171f9507e\comctl32.dll'
26282580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_60b5254171f9507e\comctl32.dll
26292580.3500: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_60b5254171f9507e\comctl32.dll (Input=comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000004001:<flags> [calling]
26302580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb43640000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_60b5254171f9507e\comctl32.dll'
26312580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26322580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'oleaut32.dll'.
26332580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
26342580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'bcrypt.dll'.
26352580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\WindowsCodecs.dll)
26362580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\WindowsCodecs.dll
26372580.3500: supR3HardenedDllNotificationCallback: load 00007ffb4e670000 LB 0x001b4000 C:\Windows\SYSTEM32\WindowsCodecs.dll [fFlags=0x0]
26382580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\WindowsCodecs.dll [avoiding WinVerifyTrust]
26392580.3500: supR3HardenedDllNotificationCallback: load 00007ffb57bd0000 LB 0x000af000 C:\Windows\System32\clbcatq.dll [fFlags=0x0]
26402580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26412580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'rpcrt4.dll'.
26422580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\clbcatq.dll)
26432580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\clbcatq.dll
26442580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
26452580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
26462580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
26472580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26482580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26492580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
26502580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
26512580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
26522580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
26532580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
26542580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
26552580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
26562580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
26572580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26582580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26592580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
26602580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
26612580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\clbcatq.dll'
26622580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
26632580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
26642580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\WindowsCodecs.dll'
26652580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
26662580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
26672580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'shcore.dll'.
26682580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
26692580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\thumbcache.dll) WinVerifyTrust
26702580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\thumbcache.dll
26712580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
26722580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
26732580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
26742580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume3\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
26752580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll
26762580.3500: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\thumbcache.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
26772580.3500: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\thumbcache.dll
26782580.3500: supR3HardenedDllNotificationCallback: load 00007ffb36fc0000 LB 0x00066000 C:\Windows\System32\thumbcache.dll [fFlags=0x0]
26792580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\thumbcache.dll
26802580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb36fc0000 'C:\Windows\System32\thumbcache.dll'
26812580.d44: \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VBoxC.dll: Signature #1/2: info status: 24202
26822580.d44: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
26832580.d44: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
26842580.d44: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.
26852580.d44: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140_1.dll'.
26862580.d44: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp140.dll'.
26872580.d44: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
26882580.d44: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'advapi32.dll'.
26892580.d44: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'ole32.dll'.
26902580.d44: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'oleaut32.dll'.
26912580.d44: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
26922580.d44: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VBoxC.dll
26932580.d44: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
26942580.d44: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
26952580.d44: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
26962580.d44: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
26972580.d44: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
26982580.d44: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
26992580.d44: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
27002580.d44: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
27012580.d44: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
27022580.d44: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
27032580.d44: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Programs\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
27042580.d44: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
27052580.d44: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
27062580.d44: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
27072580.d44: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
27082580.d44: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
27092580.d44: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
27102580.d44: supR3HardenedMonitor_LdrLoadDll: pName=C:\Programs\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
27112580.d44: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VBoxC.dll
27122580.d44: supR3HardenedDllNotificationCallback: load 00007ffb0bca0000 LB 0x003d6000 C:\Programs\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
27132580.d44: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VBoxC.dll
27142580.d44: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0bca0000 'C:\Programs\Oracle\VirtualBox\VBoxC.dll'
27152580.d44: \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VBoxProxyStub.dll: Signature #1/2: info status: 24202
27162580.d44: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
27172580.d44: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
27182580.d44: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.
27192580.d44: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
27202580.d44: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
27212580.d44: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'shlwapi.dll'.
27222580.d44: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'.
27232580.d44: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
27242580.d44: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
27252580.d44: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
27262580.d44: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VBoxProxyStub.dll
27272580.d44: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
27282580.d44: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
27292580.d44: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
27302580.d44: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
27312580.d44: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
27322580.d44: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
27332580.d44: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
27342580.d44: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
27352580.d44: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
27362580.d44: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
27372580.d44: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
27382580.d44: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
27392580.d44: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
27402580.d44: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
27412580.d44: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Programs\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
27422580.d44: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
27432580.d44: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
27442580.d44: supR3HardenedMonitor_LdrLoadDll: pName=C:\Programs\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
27452580.d44: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VBoxProxyStub.dll
27462580.d44: supR3HardenedDllNotificationCallback: load 00007ffb13be0000 LB 0x000db000 C:\Programs\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
27472580.d44: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VBoxProxyStub.dll
27482580.d44: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb13be0000 'C:\Programs\Oracle\VirtualBox\VBoxProxyStub.dll'
27492580.d44: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
27502580.d44: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
27512580.d44: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb57e50000 'C:\Windows\System32\oleaut32.dll'
27522580.1e1c: \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VBoxVMM.dll: Signature #1/2: info status: 24202
27532580.1e1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
27542580.1e1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
27552580.1e1c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.
27562580.1e1c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140_1.dll'.
27572580.1e1c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
27582580.1e1c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
27592580.1e1c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VBoxVMM.dll
27602580.1e1c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
27612580.1e1c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Programs\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
27622580.1e1c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
27632580.1e1c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
27642580.1e1c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
27652580.1e1c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
27662580.1e1c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Programs\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27672580.1e1c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VBoxVMM.dll
27682580.1e1c: supR3HardenedDllNotificationCallback: load 00007ffb08360000 LB 0x004c9000 C:\Programs\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
27692580.1e1c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Programs\Oracle\VirtualBox\VBoxVMM.dll
27702580.1e1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb08360000 'C:\Programs\Oracle\VirtualBox\VBoxVMM.DLL'
27712580.1e1c: supR3HardenedDllNotificationCallback: Unload 00007ffb08360000 LB 0x004c9000 C:\Programs\Oracle\VirtualBox\VBoxVMM.DLL [flags=0x0]
27722580.3500: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000008f4 pwszName=\Device\HarddiskVolume3\Windows\System32\DWrite.dll
27732580.3500: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000191338a8260
27742580.3500: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000191338a8260
27752580.3500: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A10E0341ADA9C3420A6CD5F7734D3FB9D9A1935C
27762580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
27772580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
27782580.3500: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0516~31bf3856ad364e35~amd64~~10.0.19041.2130.cat'; file='\Device\HarddiskVolume3\Windows\System32\DWrite.dll'
27792580.3500: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
27802580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27812580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
27822580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\DWrite.dll) WinVerifyTrust
27832580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\DWrite.dll
27842580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
27852580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
27862580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27872580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27882580.3500: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dwrite.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27892580.3500: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DWrite.dll
27902580.3500: supR3HardenedDllNotificationCallback: load 00007ffb44290000 LB 0x0027f000 C:\Windows\system32\dwrite.dll [fFlags=0x0]
27912580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DWrite.dll
27922580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb44290000 'C:\Windows\system32\dwrite.dll'
27932580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll
27942580.3500: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\gdi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27952580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb573b0000 'C:\Windows\system32\gdi32.dll'
27962580.3500: '\Device\HarddiskVolume3\Windows\System32\tzres.dll' has no imports
27972580.3500: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\tzres.dll)
27982580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\tzres.dll
27992580.3500: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000000a04 (hFile=00000000000008f8) with 0xc0000022 -> STATUS_TRUST_FAILURE
28002580.3500: supR3HardenedScreenImage/NtCreateSection: cache hit (22900) on \Device\HarddiskVolume3\Windows\System32\tzres.dll [avoiding WinVerifyTrust]
28012580.3500: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 00000000000008f8 (hFile=0000000000000a04) with 0xc0000022 -> STATUS_TRUST_FAILURE
28022580.3500: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000008fc pwszName=\Device\HarddiskVolume3\Windows\System32\tzres.dll
28032580.3500: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000191338a8260
28042580.3500: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000191338a8260
28052580.3500: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=17753BFC79FE50EFAE9F2D2BA1FEDAA97A1CE9CE
28062580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
28072580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
28082580.3500: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0516~31bf3856ad364e35~amd64~~10.0.19041.2130.cat'; file='\Device\HarddiskVolume3\Windows\System32\tzres.dll'
28092580.3500: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
28102580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\tzres.dll'
28112580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
28122580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
28132580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28142580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
28152580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'win32u.dll'.
28162580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'gdi32.dll'.
28172580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'dwmapi.dll'.
28182580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\d3d9.dll) WinVerifyTrust
28192580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\d3d9.dll
28202580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
28212580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
28222580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dwmapi.dll
28232580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
28242580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
28252580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
28262580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
28272580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
28282580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
28292580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28302580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28312580.3500: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\d3d9.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28322580.3500: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d9.dll
28332580.3500: supR3HardenedDllNotificationCallback: load 00007ffb296d0000 LB 0x001cf000 C:\Windows\system32\d3d9.dll [fFlags=0x0]
28342580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d9.dll
28352580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb296d0000 'C:\Windows\system32\d3d9.dll'
28362580.3500: \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\u0381405.inf_amd64_79bff985a80501a4\B381180\aticfx64.dll: Signature #1/4: info status: 24202
28372580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
28382580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
28392580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
28402580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
28412580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
28422580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'version.dll'.
28432580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
28442580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\u0381405.inf_amd64_79bff985a80501a4\B381180\aticfx64.dll) WinVerifyTrust
28452580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\u0381405.inf_amd64_79bff985a80501a4\B381180\aticfx64.dll
28462580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
28472580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
28482580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
28492580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
28502580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume3\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
28512580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\version.dll
28522580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
28532580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
28542580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
28552580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
28562580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
28572580.3500: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\DriverStore\FileRepository\u0381405.inf_amd64_79bff985a80501a4\B381180\aticfx64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28582580.3500: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\u0381405.inf_amd64_79bff985a80501a4\B381180\aticfx64.dll
28592580.3500: supR3HardenedDllNotificationCallback: load 00007ffb4aa40000 LB 0x001ba000 C:\Windows\System32\DriverStore\FileRepository\u0381405.inf_amd64_79bff985a80501a4\B381180\aticfx64.dll [fFlags=0x0]
28602580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\u0381405.inf_amd64_79bff985a80501a4\B381180\aticfx64.dll
28612580.3500: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
28622580.3500: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
28632580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56820000 'api-ms-win-core-synch-l1-2-0'
28642580.3500: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
28652580.3500: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
28662580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56820000 'api-ms-win-core-fibers-l1-1-1'
28672580.3500: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
28682580.3500: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
28692580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56820000 'api-ms-win-core-synch-l1-2-0'
28702580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
28712580.3500: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
28722580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb57450000 'C:\Windows\System32\kernel32.dll'
28732580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4aa40000 'C:\Windows\System32\DriverStore\FileRepository\u0381405.inf_amd64_79bff985a80501a4\B381180\aticfx64.dll'
28742580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dwmapi.dll
28752580.3500: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
28762580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb53a80000 'C:\Windows\System32\dwmapi.dll'
28772580.3500: \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\u0381405.inf_amd64_79bff985a80501a4\B381180\atiu9p64.dll: Signature #1/4: info status: 24202
28782580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
28792580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
28802580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
28812580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'version.dll'.
28822580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
28832580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\u0381405.inf_amd64_79bff985a80501a4\B381180\atiu9p64.dll) WinVerifyTrust
28842580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\u0381405.inf_amd64_79bff985a80501a4\B381180\atiu9p64.dll
28852580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
28862580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
28872580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
28882580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
28892580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume3\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
28902580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\version.dll
28912580.3500: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\DriverStore\FileRepository\u0381405.inf_amd64_79bff985a80501a4\B381180\atiu9p64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28922580.3500: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\u0381405.inf_amd64_79bff985a80501a4\B381180\atiu9p64.dll
28932580.3500: supR3HardenedDllNotificationCallback: load 00007ffb32a40000 LB 0x00034000 C:\Windows\System32\DriverStore\FileRepository\u0381405.inf_amd64_79bff985a80501a4\B381180\atiu9p64.dll [fFlags=0x0]
28942580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\u0381405.inf_amd64_79bff985a80501a4\B381180\atiu9p64.dll
28952580.3500: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
28962580.3500: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
28972580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56820000 'api-ms-win-core-synch-l1-2-0'
28982580.3500: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
28992580.3500: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
29002580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56820000 'api-ms-win-core-fibers-l1-1-1'
29012580.3500: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
29022580.3500: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
29032580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56820000 'api-ms-win-core-synch-l1-2-0'
29042580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
29052580.3500: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
29062580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb57450000 'C:\Windows\System32\kernel32.dll'
29072580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32a40000 'C:\Windows\System32\DriverStore\FileRepository\u0381405.inf_amd64_79bff985a80501a4\B381180\atiu9p64.dll'
29082580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
29092580.3500: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\Kernel32.dll (Input=Kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29102580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb57450000 'C:\Windows\System32\Kernel32.dll'
29112580.3500: \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\u0381405.inf_amd64_79bff985a80501a4\B381180\atiumd64.dll: Signature #1/4: info status: 24202
29122580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
29132580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
29142580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
29152580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'winmm.dll'.
29162580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
29172580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'shell32.dll'.
29182580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
29192580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'dbghelp.dll'.
29202580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
29212580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\u0381405.inf_amd64_79bff985a80501a4\B381180\atiumd64.dll) WinVerifyTrust
29222580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\u0381405.inf_amd64_79bff985a80501a4\B381180\atiumd64.dll
29232580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
29242580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
29252580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dbghelp.dll'...
29262580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'dbghelp.dll' -> '\Device\HarddiskVolume3\Windows\System32\dbghelp.dll' [rcNtRedir=0xc0150008]
29272580.3500: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000924 pwszName=\Device\HarddiskVolume3\Windows\System32\dbghelp.dll
29282580.3500: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000191338a8260
29292580.3500: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000191338a8260
29302580.3500: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B3E466D2B66E587D1C355CFFEE4DB01A606D8658
29312580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
29322580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
29332580.3500: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0516~31bf3856ad364e35~amd64~~10.0.19041.2130.cat'; file='\Device\HarddiskVolume3\Windows\System32\dbghelp.dll'
29342580.3500: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
29352580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dbghelp.dll) WinVerifyTrust
29362580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dbghelp.dll
29372580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
29382580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
29392580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
29402580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
29412580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
29422580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
29432580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
29442580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
29452580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
29462580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
29472580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
29482580.3500: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\DriverStore\FileRepository\u0381405.inf_amd64_79bff985a80501a4\B381180\atiumd64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29492580.3500: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\u0381405.inf_amd64_79bff985a80501a4\B381180\atiumd64.dll
29502580.3500: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dbghelp.dll
29512580.3500: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\dbgcore.dll)
29522580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dbgcore.dll
29532580.3500: supR3HardenedDllNotificationCallback: load 00007ffb53fa0000 LB 0x001e4000 C:\Windows\SYSTEM32\dbghelp.dll [fFlags=0x0]
29542580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dbghelp.dll
29552580.3500: supR3HardenedDllNotificationCallback: load 00007ffb41180000 LB 0x0002c000 C:\Windows\SYSTEM32\dbgcore.DLL [fFlags=0x0]
29562580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (22900) on \Device\HarddiskVolume3\Windows\System32\dbgcore.dll [avoiding WinVerifyTrust]
29572580.3500: supR3HardenedDllNotificationCallback: load 00007ffb03dd0000 LB 0x00d56000 C:\Windows\System32\DriverStore\FileRepository\u0381405.inf_amd64_79bff985a80501a4\B381180\atiumd64.dll [fFlags=0x0]
29582580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\u0381405.inf_amd64_79bff985a80501a4\B381180\atiumd64.dll
29592580.3500: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume3\Windows\System32\dbgcore.dll'.
29602580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\dbgcore.dll' [rescheduled]
29612580.3500: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-file-l1-2-1.dll) -> 0x0, fPresent=1
29622580.3500: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-file-l1-2-1.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29632580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56820000 'api-ms-win-core-file-l1-2-1.dll'
29642580.3500: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume3\Windows\System32\dbgcore.dll'.
29652580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\dbgcore.dll' [rescheduled]
29662580.3500: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume3\Windows\System32\dbgcore.dll'.
29672580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\dbgcore.dll' [rescheduled]
29682580.3500: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
29692580.3500: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
29702580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56820000 'api-ms-win-core-synch-l1-2-0'
29712580.3500: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume3\Windows\System32\dbgcore.dll'.
29722580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\dbgcore.dll' [rescheduled]
29732580.3500: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume3\Windows\System32\dbgcore.dll'.
29742580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\dbgcore.dll' [rescheduled]
29752580.3500: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
29762580.3500: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
29772580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56820000 'api-ms-win-core-fibers-l1-1-1'
29782580.3500: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume3\Windows\System32\dbgcore.dll'.
29792580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\dbgcore.dll' [rescheduled]
29802580.3500: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume3\Windows\System32\dbgcore.dll'.
29812580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\dbgcore.dll' [rescheduled]
29822580.3500: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
29832580.3500: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
29842580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56820000 'api-ms-win-core-synch-l1-2-0'
29852580.3500: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume3\Windows\System32\dbgcore.dll'.
29862580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\dbgcore.dll' [rescheduled]
29872580.3500: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume3\Windows\System32\dbgcore.dll'.
29882580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\dbgcore.dll' [rescheduled]
29892580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
29902580.3500: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
29912580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb57450000 'C:\Windows\System32\kernel32.dll'
29922580.3500: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume3\Windows\System32\dbgcore.dll'.
29932580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\dbgcore.dll' [rescheduled]
29942580.3500: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume3\Windows\System32\dbgcore.dll'.
29952580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\dbgcore.dll' [rescheduled]
29962580.3500: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
29972580.3500: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
29982580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56820000 'api-ms-win-core-string-l1-1-0'
29992580.3500: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume3\Windows\System32\dbgcore.dll'.
30002580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\dbgcore.dll' [rescheduled]
30012580.3500: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume3\Windows\System32\dbgcore.dll'.
30022580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\dbgcore.dll' [rescheduled]
30032580.3500: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
30042580.3500: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
30052580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56820000 'api-ms-win-core-localization-l1-2-1'
30062580.3500: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume3\Windows\System32\dbgcore.dll'.
30072580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\dbgcore.dll' [rescheduled]
30082580.3500: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume3\Windows\System32\dbgcore.dll'.
30092580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\dbgcore.dll' [rescheduled]
30102580.3500: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
30112580.3500: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
30122580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56820000 'api-ms-win-core-datetime-l1-1-1'
30132580.3500: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume3\Windows\System32\dbgcore.dll'.
30142580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\dbgcore.dll' [rescheduled]
30152580.3500: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume3\Windows\System32\dbgcore.dll'.
30162580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\dbgcore.dll' [rescheduled]
30172580.3500: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
30182580.3500: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
30192580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56820000 'api-ms-win-core-localization-obsolete-l1-2-0'
30202580.3500: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume3\Windows\System32\dbgcore.dll'.
30212580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\dbgcore.dll' [rescheduled]
30222580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb03dd0000 'C:\Windows\System32\DriverStore\FileRepository\u0381405.inf_amd64_79bff985a80501a4\B381180\atiumd64.dll'
30232580.3500: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000008f0 pwszName=\Device\HarddiskVolume3\Windows\System32\dbgcore.dll
30242580.3500: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000191338a8260
30252580.3500: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000191338a8260
30262580.3500: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=753AAB53D79679CE9468889CCBA896B750F86280
30272580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
30282580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
30292580.3500: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0516~31bf3856ad364e35~amd64~~10.0.19041.2130.cat'; file='\Device\HarddiskVolume3\Windows\System32\dbgcore.dll'
30302580.3500: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
30312580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dbgcore.dll'
30322580.3500: \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\u0381405.inf_amd64_79bff985a80501a4\B381180\atiumd6a.dll: Signature #1/4: info status: 24202
30332580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
30342580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
30352580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
30362580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'powrprof.dll'.
30372580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'setupapi.dll'.
30382580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
30392580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
30402580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\u0381405.inf_amd64_79bff985a80501a4\B381180\atiumd6a.dll) WinVerifyTrust
30412580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\u0381405.inf_amd64_79bff985a80501a4\B381180\atiumd6a.dll
30422580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
30432580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
30442580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
30452580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
30462580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
30472580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
30482580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
30492580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
30502580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
30512580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'rpcrt4.dll'.
30522580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'cfgmgr32.dll'.
30532580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #41 'bcrypt.dll'.
30542580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\setupapi.dll) WinVerifyTrust
30552580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\setupapi.dll
30562580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'powrprof.dll'...
30572580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'powrprof.dll' -> '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rcNtRedir=0xc0150008]
30582580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\powrprof.dll
30592580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
30602580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
30612580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
30622580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
30632580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
30642580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
30652580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
30662580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll) WinVerifyTrust
30672580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
30682580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
30692580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
30702580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
30712580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
30722580.3500: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\DriverStore\FileRepository\u0381405.inf_amd64_79bff985a80501a4\B381180\atiumd6a.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30732580.3500: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\u0381405.inf_amd64_79bff985a80501a4\B381180\atiumd6a.dll
30742580.3500: supR3HardenedDllNotificationCallback: load 00007ffb564d0000 LB 0x0004e000 C:\Windows\System32\cfgmgr32.dll [fFlags=0x0]
30752580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
30762580.3500: supR3HardenedDllNotificationCallback: load 00007ffb588e0000 LB 0x0046f000 C:\Windows\System32\SETUPAPI.dll [fFlags=0x0]
30772580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
30782580.3500: supR3HardenedDllNotificationCallback: load 00000000642a0000 LB 0x00ebf000 C:\Windows\System32\DriverStore\FileRepository\u0381405.inf_amd64_79bff985a80501a4\B381180\atiumd6a.dll [fFlags=0x0]
30792580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\u0381405.inf_amd64_79bff985a80501a4\B381180\atiumd6a.dll
30802580.3500: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
30812580.3500: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
30822580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56820000 'api-ms-win-core-synch-l1-2-0'
30832580.3500: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
30842580.3500: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
30852580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56820000 'api-ms-win-core-fibers-l1-1-1'
30862580.3500: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
30872580.3500: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
30882580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56820000 'api-ms-win-core-synch-l1-2-0'
30892580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
30902580.3500: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
30912580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb57450000 'C:\Windows\System32\kernel32.dll'
30922580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000642a0000 'C:\Windows\System32\DriverStore\FileRepository\u0381405.inf_amd64_79bff985a80501a4\B381180\atiumd6a.dll'
30932580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dwmapi.dll
30942580.3500: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
30952580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb53a80000 'C:\Windows\System32\dwmapi.dll'
30962580.3500: \Device\HarddiskVolume3\Windows\System32\amdihk64.dll: Owner is administrators group.
30972580.3500: \Device\HarddiskVolume3\Windows\System32\amdihk64.dll: Signature #1/4: info status: 24202
30982580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
30992580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
31002580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
31012580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'shlwapi.dll'.
31022580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
31032580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
31042580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\amdihk64.dll) WinVerifyTrust
31052580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\amdihk64.dll
31062580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
31072580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
31082580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
31092580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
31102580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
31112580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
31122580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
31132580.3500: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\amdihk64.dll (Input=amdihk64.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
31142580.3500: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\amdihk64.dll
31152580.3500: supR3HardenedDllNotificationCallback: load 00007ffb47990000 LB 0x00030000 C:\Windows\System32\amdihk64.dll [fFlags=0x0]
31162580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\amdihk64.dll
31172580.3500: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
31182580.3500: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
31192580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56820000 'api-ms-win-core-synch-l1-2-0'
31202580.3500: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
31212580.3500: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
31222580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56820000 'api-ms-win-core-fibers-l1-1-1'
31232580.3500: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
31242580.3500: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
31252580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56820000 'api-ms-win-core-synch-l1-2-0'
31262580.3500: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
31272580.3500: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
31282580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56820000 'api-ms-win-core-fibers-l1-1-1'
31292580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb47990000 'C:\Windows\System32\amdihk64.dll'
31302580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb573b0000 'C:\Windows\System32\gdi32.dll'
31312580.3500: supR3HardenedDllNotificationCallback: Unload 00007ffb47990000 LB 0x00030000 C:\Windows\System32\amdihk64.dll [flags=0x0]
31322580.3500: supR3HardenedDllNotificationCallback: Unload 00000000642a0000 LB 0x00ebf000 C:\Windows\System32\DriverStore\FileRepository\u0381405.inf_amd64_79bff985a80501a4\B381180\atiumd6a.dll [flags=0x0]
31332580.3500: supR3HardenedDllNotificationCallback: Unload 00007ffb588e0000 LB 0x0046f000 C:\Windows\System32\SETUPAPI.dll [flags=0x0]
31342580.3500: supR3HardenedDllNotificationCallback: Unload 00007ffb564d0000 LB 0x0004e000 C:\Windows\System32\cfgmgr32.dll [flags=0x0]
31352580.3500: supR3HardenedDllNotificationCallback: Unload 00007ffb03dd0000 LB 0x00d56000 C:\Windows\System32\DriverStore\FileRepository\u0381405.inf_amd64_79bff985a80501a4\B381180\atiumd64.dll [flags=0x0]
31362580.3500: supR3HardenedDllNotificationCallback: Unload 00007ffb53fa0000 LB 0x001e4000 C:\Windows\SYSTEM32\dbghelp.dll [flags=0x0]
31372580.3500: supR3HardenedDllNotificationCallback: Unload 00007ffb41180000 LB 0x0002c000 C:\Windows\SYSTEM32\dbgcore.DLL [flags=0x0]
31382580.3500: supR3HardenedDllNotificationCallback: Unload 00007ffb32a40000 LB 0x00034000 C:\Windows\System32\DriverStore\FileRepository\u0381405.inf_amd64_79bff985a80501a4\B381180\atiu9p64.dll [flags=0x0]
31392580.3500: supR3HardenedDllNotificationCallback: Unload 00007ffb4aa40000 LB 0x001ba000 C:\Windows\System32\DriverStore\FileRepository\u0381405.inf_amd64_79bff985a80501a4\B381180\aticfx64.dll [flags=0x0]
31402580.3500: supR3HardenedDllNotificationCallback: load 00007ffb56e50000 LB 0x00115000 C:\Windows\System32\MSCTF.dll [fFlags=0x0]
31412580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
31422580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'oleaut32.dll'.
31432580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'user32.dll'.
31442580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'gdi32.dll'.
31452580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'imm32.dll'.
31462580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msctf.dll)
31472580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msctf.dll
31482580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
31492580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
31502580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll
31512580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
31522580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
31532580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
31542580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
31552580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
31562580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
31572580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
31582580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
31592580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
31602580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
31612580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
31622580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msctf.dll'
31632580.3500: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009e8 pwszName=\Device\HarddiskVolume3\Windows\System32\DataExchange.dll
31642580.3500: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000191338a8260
31652580.3500: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000191338a8260
31662580.3500: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F602E8855BCD942955FA9DBB13C4E4D44C41A311
31672580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
31682580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
31692580.3500: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0510~31bf3856ad364e35~amd64~~10.0.19041.2130.cat'; file='\Device\HarddiskVolume3\Windows\System32\DataExchange.dll'
31702580.3500: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
31712580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
31722580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'd3d11.dll'.
31732580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'dcomp.dll'.
31742580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\DataExchange.dll) WinVerifyTrust
31752580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\DataExchange.dll
31762580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'...
31772580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume3\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008]
31782580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
31792580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
31802580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
31812580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp_win.dll'.
31822580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dcomp.dll) WinVerifyTrust
31832580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dcomp.dll
31842580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
31852580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume3\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
31862580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d11.dll
31872580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
31882580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
31892580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
31902580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
31912580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
31922580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
31932580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
31942580.3500: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
31952580.3500: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DataExchange.dll
31962580.3500: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dcomp.dll
31972580.3500: supR3HardenedDllNotificationCallback: load 00007ffb51a70000 LB 0x001e3000 C:\Windows\system32\dcomp.dll [fFlags=0x0]
31982580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dcomp.dll
31992580.3500: supR3HardenedDllNotificationCallback: load 00007ffb37090000 LB 0x0003e000 C:\Windows\system32\dataexchange.dll [fFlags=0x0]
32002580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DataExchange.dll
32012580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb37090000 'C:\Windows\system32\dataexchange.dll'
32022580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
32032580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'combase.dll'.
32042580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'msvcp_win.dll'.
32052580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll)
32062580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll
32072580.3500: supR3HardenedDllNotificationCallback: load 00007ffb4e260000 LB 0x00200000 C:\Windows\system32\twinapi.appcore.dll [fFlags=0x0]
32082580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust]
32092580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
32102580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'oleaut32.dll'.
32112580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
32122580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'coreuicomponents.dll'.
32132580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'coremessaging.dll'.
32142580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll)
32152580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll
32162580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
32172580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'coremessaging.dll'.
32182580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'rpcrt4.dll'.
32192580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #48 'shcore.dll'.
32202580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll)
32212580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll
32222580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
32232580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'ws2_32.dll'.
32242580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll)
32252580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll
32262580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntmarta.dll)
32272580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntmarta.dll
32282580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'combase.dll'.
32292580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'.
32302580.3500: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'bcryptprimitives.dll'.
32312580.3500: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\WinTypes.dll)
32322580.3500: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\WinTypes.dll
32332580.3500: supR3HardenedDllNotificationCallback: load 00007ffb555c0000 LB 0x00033000 C:\Windows\SYSTEM32\ntmarta.dll [fFlags=0x0]
32342580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntmarta.dll [avoiding WinVerifyTrust]
32352580.3500: supR3HardenedDllNotificationCallback: load 00007ffb524f0000 LB 0x000f2000 C:\Windows\System32\CoreMessaging.dll [fFlags=0x0]
32362580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [avoiding WinVerifyTrust]
32372580.3500: supR3HardenedDllNotificationCallback: load 00007ffb52810000 LB 0x00154000 C:\Windows\SYSTEM32\wintypes.dll [fFlags=0x0]
32382580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust]
32392580.3500: supR3HardenedDllNotificationCallback: load 00007ffb51c60000 LB 0x0035e000 C:\Windows\System32\CoreUIComponents.dll [fFlags=0x0]
32402580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll [avoiding WinVerifyTrust]
32412580.3500: supR3HardenedDllNotificationCallback: load 00007ffb47ec0000 LB 0x000f9000 C:\Windows\SYSTEM32\textinputframework.dll [fFlags=0x0]
32422580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll [avoiding WinVerifyTrust]
32432580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
32442580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
32452580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
32462580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
32472580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
32482580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
32492580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
32502580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll
32512580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
32522580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
32532580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
32542580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
32552580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
32562580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
32572580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume3\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
32582580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll
32592580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
32602580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
32612580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
32622580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume3\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
32632580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
32642580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
32652580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
32662580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
32672580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume3\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
32682580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
32692580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coreuicomponents.dll'...
32702580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'coreuicomponents.dll' -> '\Device\HarddiskVolume3\Windows\System32\coreuicomponents.dll' [rcNtRedir=0xc0150008]
32712580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll [lacks WinVerifyTrust]
32722580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
32732580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
32742580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
32752580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
32762580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
32772580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
32782580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
32792580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
32802580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
32812580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
32822580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
32832580.3500: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll
32842580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
32852580.3500: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
32862580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
32872580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
32882580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\WinTypes.dll'
32892580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
32902580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
32912580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ntmarta.dll'
32922580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
32932580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
32942580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll'
32952580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
32962580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
32972580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll'
32982580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
32992580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
33002580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll'
33012580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb554a0000 'C:\Windows\system32\rsaenh.dll'
33022580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56520000 'C:\Windows\System32\crypt32.dll'
33032580.3500: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll'
33042580.3500: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msctf.dll
33052580.3500: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
33062580.3500: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb56e50000 'C:\Windows\System32\MSCTF.dll'
33072580.3500: supR3HardenedDllNotificationCallback: Unload 00007ffb0bca0000 LB 0x003d6000 C:\Programs\Oracle\VirtualBox\VBoxC.dll [flags=0x0]
33082580.3500: supR3HardenedDllNotificationCallback: Unload 00007ffb36fc0000 LB 0x00066000 C:\Windows\System32\thumbcache.dll [flags=0x0]
33092580.3500: supR3HardenedDllNotificationCallback: Unload 00007ffb13be0000 LB 0x000db000 C:\Programs\Oracle\VirtualBox\VBoxProxyStub.dll [flags=0x0]
33102580.3500: supR3HardenedDllNotificationCallback: Unload 00007ffb37090000 LB 0x0003e000 C:\Windows\system32\dataexchange.dll [flags=0x0]
33112580.3500: supR3HardenedDllNotificationCallback: Unload 00007ffb51a70000 LB 0x001e3000 C:\Windows\system32\dcomp.dll [flags=0x0]
33122580.3500: supR3HardenedDllNotificationCallback: Unload 00007ffb4e260000 LB 0x00200000 C:\Windows\system32\twinapi.appcore.dll [flags=0x0]
33132580.3500: Terminating the normal way: rcExit=0
33144434.2c74: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 18744 ms, the end);
33152cf4.4310: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 19661 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy