VirtualBox

Ticket #21323: VBoxHardening.log

File VBoxHardening.log, 464.0 KB (added by Harvey Walker, 22 months ago)

VBox Hardening

Line 
1b88.3fc8: \SystemRoot\System32\ntdll.dll:
2b88.3fc8: CreationTime: 2022-09-15T09:57:05.594340100Z
3b88.3fc8: LastWriteTime: 2022-09-15T09:57:05.628540200Z
4b88.3fc8: ChangeTime: 2022-11-09T23:47:10.845416100Z
5b88.3fc8: FileAttributes: 0x20
6b88.3fc8: Size: 0x207df8
7b88.3fc8: NT Headers: 0xe0
8b88.3fc8: Timestamp: 0x57b668f2
9b88.3fc8: Machine: 0x8664 - amd64
10b88.3fc8: Timestamp: 0x57b668f2
11b88.3fc8: Image Version: 10.0
12b88.3fc8: SizeOfImage: 0x209000 (2134016)
13b88.3fc8: Resource Dir: 0x194000 LB 0x73528
14b88.3fc8: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
15b88.3fc8: [Raw version resource data: 0x1940f0 LB 0x380, codepage 0x0 (reserved 0x0)]
16b88.3fc8: ProductName: Microsoft® Windows® Operating System
17b88.3fc8: ProductVersion: 10.0.22000.918
18b88.3fc8: FileVersion: 10.0.22000.918 (WinBuild.160101.0800)
19b88.3fc8: FileDescription: NT Layer DLL
20b88.3fc8: \SystemRoot\System32\kernel32.dll:
21b88.3fc8: CreationTime: 2022-11-09T23:45:56.720455400Z
22b88.3fc8: LastWriteTime: 2022-11-09T23:45:56.734459100Z
23b88.3fc8: ChangeTime: 2022-11-10T13:40:54.323737900Z
24b88.3fc8: FileAttributes: 0x20
25b88.3fc8: Size: 0xc1060
26b88.3fc8: NT Headers: 0xe8
27b88.3fc8: Timestamp: 0x9416e42c
28b88.3fc8: Machine: 0x8664 - amd64
29b88.3fc8: Timestamp: 0x9416e42c
30b88.3fc8: Image Version: 10.0
31b88.3fc8: SizeOfImage: 0xbe000 (778240)
32b88.3fc8: Resource Dir: 0xbc000 LB 0x520
33b88.3fc8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
34b88.3fc8: [Raw version resource data: 0xbc0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
35b88.3fc8: ProductName: Microsoft® Windows® Operating System
36b88.3fc8: ProductVersion: 10.0.22000.1219
37b88.3fc8: FileVersion: 10.0.22000.1219 (WinBuild.160101.0800)
38b88.3fc8: FileDescription: Windows NT BASE API Client DLL
39b88.3fc8: \SystemRoot\System32\KernelBase.dll:
40b88.3fc8: CreationTime: 2022-11-09T23:46:00.173868600Z
41b88.3fc8: LastWriteTime: 2022-11-09T23:46:00.263888800Z
42b88.3fc8: ChangeTime: 2022-11-10T13:40:54.354991400Z
43b88.3fc8: FileAttributes: 0x20
44b88.3fc8: Size: 0x3822b8
45b88.3fc8: NT Headers: 0xf8
46b88.3fc8: Timestamp: 0x2a439301
47b88.3fc8: Machine: 0x8664 - amd64
48b88.3fc8: Timestamp: 0x2a439301
49b88.3fc8: Image Version: 10.0
50b88.3fc8: SizeOfImage: 0x37b000 (3649536)
51b88.3fc8: Resource Dir: 0x34b000 LB 0x548
52b88.3fc8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
53b88.3fc8: [Raw version resource data: 0x34b0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
54b88.3fc8: ProductName: Microsoft® Windows® Operating System
55b88.3fc8: ProductVersion: 10.0.22000.1165
56b88.3fc8: FileVersion: 10.0.22000.1165 (WinBuild.160101.0800)
57b88.3fc8: FileDescription: Windows NT BASE API Client DLL
58b88.3fc8: \SystemRoot\System32\apisetschema.dll:
59b88.3fc8: CreationTime: 2021-06-05T12:04:59.928787900Z
60b88.3fc8: LastWriteTime: 2021-06-05T12:04:59.928787900Z
61b88.3fc8: ChangeTime: 2022-11-09T23:47:09.633374300Z
62b88.3fc8: FileAttributes: 0x20
63b88.3fc8: Size: 0x24150
64b88.3fc8: NT Headers: 0xc8
65b88.3fc8: Timestamp: 0x68d1dbaf
66b88.3fc8: Machine: 0x8664 - amd64
67b88.3fc8: Timestamp: 0x68d1dbaf
68b88.3fc8: Image Version: 10.0
69b88.3fc8: SizeOfImage: 0x23000 (143360)
70b88.3fc8: Resource Dir: 0x22000 LB 0x408
71b88.3fc8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
72b88.3fc8: [Raw version resource data: 0x22060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
73b88.3fc8: ProductName: Microsoft® Windows® Operating System
74b88.3fc8: ProductVersion: 10.0.22000.1
75b88.3fc8: FileVersion: 10.0.22000.1 (WinBuild.160101.0800)
76b88.3fc8: FileDescription: ApiSet Schema DLL
77b88.3fc8: NtOpenDirectoryObject failed on \Driver: 0xc0000022
78b88.3fc8: supR3HardenedWinFindAdversaries: 0x4
79b88.3fc8: \SystemRoot\System32\drivers\aswMonFlt.sys:
80b88.3fc8: CreationTime: 2022-03-14T16:18:13.893635300Z
81b88.3fc8: LastWriteTime: 2022-11-01T13:01:12.555584300Z
82b88.3fc8: ChangeTime: 2022-11-01T13:01:12.555584300Z
83b88.3fc8: FileAttributes: 0x20
84b88.3fc8: Size: 0x43828
85b88.3fc8: NT Headers: 0xe0
86b88.3fc8: Timestamp: 0x634589ab
87b88.3fc8: Machine: 0x8664 - amd64
88b88.3fc8: Timestamp: 0x634589ab
89b88.3fc8: Image Version: 10.0
90b88.3fc8: SizeOfImage: 0x44000 (278528)
91b88.3fc8: Resource Dir: 0x42000 LB 0x3a0
92b88.3fc8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
93b88.3fc8: [Raw version resource data: 0x42060 LB 0x340, codepage 0x0 (reserved 0x0)]
94b88.3fc8: ProductName: Avast Antivirus
95b88.3fc8: ProductVersion: 22.10.441.0
96b88.3fc8: FileVersion: 22.10.441.0
97b88.3fc8: FileDescription: Avast File System Filter
98b88.3fc8: \SystemRoot\System32\drivers\aswRdr2.sys:
99b88.3fc8: CreationTime: 2022-03-14T16:18:13.891634800Z
100b88.3fc8: LastWriteTime: 2022-11-01T13:01:12.546789900Z
101b88.3fc8: ChangeTime: 2022-11-01T13:01:12.546789900Z
102b88.3fc8: FileAttributes: 0x20
103b88.3fc8: Size: 0x1bf20
104b88.3fc8: NT Headers: 0xe8
105b88.3fc8: Timestamp: 0x634589bb
106b88.3fc8: Machine: 0x8664 - amd64
107b88.3fc8: Timestamp: 0x634589bb
108b88.3fc8: Image Version: 10.0
109b88.3fc8: SizeOfImage: 0x1b000 (110592)
110b88.3fc8: Resource Dir: 0x19000 LB 0x388
111b88.3fc8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
112b88.3fc8: [Raw version resource data: 0x19060 LB 0x324, codepage 0x0 (reserved 0x0)]
113b88.3fc8: ProductName: Avast Antivirus
114b88.3fc8: ProductVersion: 22.10.441.0
115b88.3fc8: FileVersion: 22.10.441.0
116b88.3fc8: FileDescription: Avast Antivirus
117b88.3fc8: \SystemRoot\System32\drivers\aswRvrt.sys:
118b88.3fc8: CreationTime: 2022-03-14T16:18:13.894635600Z
119b88.3fc8: LastWriteTime: 2022-11-01T13:01:12.564474100Z
120b88.3fc8: ChangeTime: 2022-11-01T13:01:12.564474100Z
121b88.3fc8: FileAttributes: 0x20
122b88.3fc8: Size: 0x15f98
123b88.3fc8: NT Headers: 0xf0
124b88.3fc8: Timestamp: 0x634589ba
125b88.3fc8: Machine: 0x8664 - amd64
126b88.3fc8: Timestamp: 0x634589ba
127b88.3fc8: Image Version: 10.0
128b88.3fc8: SizeOfImage: 0x13000 (77824)
129b88.3fc8: Resource Dir: 0x11000 LB 0x380
130b88.3fc8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
131b88.3fc8: [Raw version resource data: 0x11060 LB 0x320, codepage 0x0 (reserved 0x0)]
132b88.3fc8: ProductName: Avast Antivirus
133b88.3fc8: ProductVersion: 22.10.441.0
134b88.3fc8: FileVersion: 22.10.441.0
135b88.3fc8: FileDescription: Avast Revert
136b88.3fc8: \SystemRoot\System32\drivers\aswSnx.sys:
137b88.3fc8: CreationTime: 2022-03-14T16:18:13.887634000Z
138b88.3fc8: LastWriteTime: 2022-11-01T13:01:10.962228800Z
139b88.3fc8: ChangeTime: 2022-11-01T13:01:10.962228800Z
140b88.3fc8: FileAttributes: 0x20
141b88.3fc8: Size: 0xd2ad8
142b88.3fc8: NT Headers: 0xf8
143b88.3fc8: Timestamp: 0x634589ce
144b88.3fc8: Machine: 0x8664 - amd64
145b88.3fc8: Timestamp: 0x634589ce
146b88.3fc8: Image Version: 10.0
147b88.3fc8: SizeOfImage: 0xce000 (843776)
148b88.3fc8: Resource Dir: 0xcb000 LB 0x388
149b88.3fc8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
150b88.3fc8: [Raw version resource data: 0xcb060 LB 0x324, codepage 0x0 (reserved 0x0)]
151b88.3fc8: ProductName: Avast Antivirus
152b88.3fc8: ProductVersion: 22.10.441.0
153b88.3fc8: FileVersion: 22.10.441.0
154b88.3fc8: FileDescription: Avast Antivirus
155b88.3fc8: \SystemRoot\System32\drivers\aswsp.sys:
156b88.3fc8: CreationTime: 2022-03-14T16:18:13.895636200Z
157b88.3fc8: LastWriteTime: 2022-11-01T13:01:12.572290600Z
158b88.3fc8: ChangeTime: 2022-11-01T13:01:12.572290600Z
159b88.3fc8: FileAttributes: 0x20
160b88.3fc8: Size: 0xa4210
161b88.3fc8: NT Headers: 0xf0
162b88.3fc8: Timestamp: 0x634589c0
163b88.3fc8: Machine: 0x8664 - amd64
164b88.3fc8: Timestamp: 0x634589c0
165b88.3fc8: Image Version: 10.0
166b88.3fc8: SizeOfImage: 0xa3000 (667648)
167b88.3fc8: Resource Dir: 0xa1000 LB 0x388
168b88.3fc8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
169b88.3fc8: [Raw version resource data: 0xa1060 LB 0x328, codepage 0x0 (reserved 0x0)]
170b88.3fc8: ProductName: Avast Antivirus
171b88.3fc8: ProductVersion: 22.10.441.0
172b88.3fc8: FileVersion: 22.10.441.0
173b88.3fc8: FileDescription: Avast Self Protection
174b88.3fc8: \SystemRoot\System32\drivers\aswStm.sys:
175b88.3fc8: CreationTime: 2022-11-01T13:01:14.321288500Z
176b88.3fc8: LastWriteTime: 2022-11-01T13:01:12.717884700Z
177b88.3fc8: ChangeTime: 2022-11-01T14:55:16.468424700Z
178b88.3fc8: FileAttributes: 0x20
179b88.3fc8: Size: 0x362f8
180b88.3fc8: NT Headers: 0xf0
181b88.3fc8: Timestamp: 0x634589cc
182b88.3fc8: Machine: 0x8664 - amd64
183b88.3fc8: Timestamp: 0x634589cc
184b88.3fc8: Image Version: 10.0
185b88.3fc8: SizeOfImage: 0x34000 (212992)
186b88.3fc8: Resource Dir: 0x32000 LB 0x390
187b88.3fc8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
188b88.3fc8: [Raw version resource data: 0x32060 LB 0x32c, codepage 0x0 (reserved 0x0)]
189b88.3fc8: ProductName: Avast Antivirus
190b88.3fc8: ProductVersion: 22.10.441.0
191b88.3fc8: FileVersion: 22.10.441.0
192b88.3fc8: FileDescription: Avast Stream Filter
193b88.3fc8: \SystemRoot\System32\drivers\aswVmm.sys:
194b88.3fc8: CreationTime: 2022-03-14T16:18:13.899636700Z
195b88.3fc8: LastWriteTime: 2022-11-01T13:01:12.958512000Z
196b88.3fc8: ChangeTime: 2022-11-01T13:01:12.958512000Z
197b88.3fc8: FileAttributes: 0x20
198b88.3fc8: Size: 0x500d8
199b88.3fc8: NT Headers: 0xf8
200b88.3fc8: Timestamp: 0x634589c5
201b88.3fc8: Machine: 0x8664 - amd64
202b88.3fc8: Timestamp: 0x634589c5
203b88.3fc8: Image Version: 10.0
204b88.3fc8: SizeOfImage: 0x4c000 (311296)
205b88.3fc8: Resource Dir: 0x4a000 LB 0x388
206b88.3fc8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
207b88.3fc8: [Raw version resource data: 0x4a060 LB 0x328, codepage 0x0 (reserved 0x0)]
208b88.3fc8: ProductName: Avast Antivirus
209b88.3fc8: ProductVersion: 22.10.441.0
210b88.3fc8: FileVersion: 22.10.441.0
211b88.3fc8: FileDescription: Avast VM Monitor
212b88.3fc8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox'
213b88.3fc8: Calling main()
214b88.3fc8: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
215b88.3fc8: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox'
216b88.3fc8: SUPR3HardenedMain: Respawn #1
217b88.3fc8: System32: \Device\HarddiskVolume8\Windows\System32
218b88.3fc8: WinSxS: \Device\HarddiskVolume8\Windows\WinSxS
219b88.3fc8: KnownDllPath: C:\Windows\System32
220b88.3fc8: supR3HardenedWinInit: Performing a limited self purification...
221b88.3fc8: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION
222b88.3fc8: *0000000000000000-000000007ffdffff 0x0001/0x0000 0x0000000
223b88.3fc8: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
224b88.3fc8: 000000007ffe1000-000000007ffe6fff 0x0001/0x0000 0x0000000
225b88.3fc8: *000000007ffe7000-000000007ffe7fff 0x0002/0x0002 0x0020000
226b88.3fc8: 000000007ffe8000-00000041f77fffff 0x0001/0x0000 0x0000000
227b88.3fc8: *00000041f7800000-00000041f7993fff 0x0000/0x0004 0x0020000
228b88.3fc8: 00000041f7994000-00000041f7996fff 0x0004/0x0004 0x0020000
229b88.3fc8: 00000041f7997000-00000041f79fffff 0x0000/0x0004 0x0020000
230b88.3fc8: *00000041f7a00000-00000041f7ab0fff 0x0000/0x0004 0x0020000
231b88.3fc8: 00000041f7ab1000-00000041f7ab3fff 0x0104/0x0004 0x0020000
232b88.3fc8: 00000041f7ab4000-00000041f7afffff 0x0004/0x0004 0x0020000
233b88.3fc8: 00000041f7b00000-000001f2ca3affff 0x0001/0x0000 0x0000000
234b88.3fc8: *000001f2ca3b0000-000001f2ca3b0fff 0x0002/0x0002 0x0040000
235b88.3fc8: 000001f2ca3b1000-000001f2ca3bffff 0x0001/0x0000 0x0000000
236b88.3fc8: *000001f2ca3c0000-000001f2ca3c0fff 0x0002/0x0002 0x0040000
237b88.3fc8: 000001f2ca3c1000-000001f2ca3cffff 0x0001/0x0000 0x0000000
238b88.3fc8: *000001f2ca3d0000-000001f2ca3eefff 0x0002/0x0002 0x0040000
239b88.3fc8: 000001f2ca3ef000-000001f2ca3effff 0x0001/0x0000 0x0000000
240b88.3fc8: *000001f2ca3f0000-000001f2ca3f0fff 0x0020/0x0020 0x0040000 !!
241b88.3fc8: 000001f2ca3f1000-000001f2ca3fffff 0x0001/0x0000 0x0000000
242b88.3fc8: *000001f2ca400000-000001f2ca403fff 0x0002/0x0002 0x0040000
243b88.3fc8: 000001f2ca404000-000001f2ca40ffff 0x0001/0x0000 0x0000000
244b88.3fc8: *000001f2ca410000-000001f2ca410fff 0x0002/0x0002 0x0040000
245b88.3fc8: 000001f2ca411000-000001f2ca41ffff 0x0001/0x0000 0x0000000
246b88.3fc8: *000001f2ca420000-000001f2ca421fff 0x0004/0x0004 0x0020000
247b88.3fc8: 000001f2ca422000-000001f2ca42ffff 0x0001/0x0000 0x0000000
248b88.3fc8: *000001f2ca430000-000001f2ca432fff 0x0002/0x0002 0x0040000
249b88.3fc8: 000001f2ca433000-000001f2ca43ffff 0x0001/0x0000 0x0000000
250b88.3fc8: *000001f2ca440000-000001f2ca441fff 0x0004/0x0004 0x0020000
251b88.3fc8: 000001f2ca442000-000001f2ca4a1fff 0x0000/0x0004 0x0020000
252b88.3fc8: 000001f2ca4a2000-000001f2ca4affff 0x0001/0x0000 0x0000000
253b88.3fc8: *000001f2ca4b0000-000001f2ca4b9fff 0x0004/0x0004 0x0020000
254b88.3fc8: 000001f2ca4ba000-000001f2ca5affff 0x0000/0x0004 0x0020000
255b88.3fc8: *000001f2ca5b0000-000001f2ca5b0fff 0x0002/0x0002 0x0040000
256b88.3fc8: 000001f2ca5b1000-000001f2ca5bffff 0x0001/0x0000 0x0000000
257b88.3fc8: *000001f2ca5c0000-000001f2ca5cffff 0x0004/0x0004 0x0040000
258b88.3fc8: *000001f2ca5d0000-000001f2ca5d2fff 0x0002/0x0002 0x0040000
259b88.3fc8: 000001f2ca5d3000-000001f2ca5dffff 0x0001/0x0000 0x0000000
260b88.3fc8: *000001f2ca5e0000-000001f2ca6adfff 0x0002/0x0002 0x0040000
261b88.3fc8: 000001f2ca6ae000-000001f2ca6affff 0x0001/0x0000 0x0000000
262b88.3fc8: *000001f2ca6b0000-000001f2ca6befff 0x0004/0x0004 0x0020000
263b88.3fc8: 000001f2ca6bf000-000001f2ca6bffff 0x0000/0x0004 0x0020000
264b88.3fc8: *000001f2ca6c0000-000001f2ca6c1fff 0x0000/0x0004 0x0020000
265b88.3fc8: 000001f2ca6c2000-000001f2ca8cbfff 0x0004/0x0004 0x0020000
266b88.3fc8: 000001f2ca8cc000-000001f2ca8ccfff 0x0000/0x0004 0x0020000
267b88.3fc8: 000001f2ca8cd000-000001f2ca8cffff 0x0001/0x0000 0x0000000
268b88.3fc8: *000001f2ca8d0000-000001f2ca8d1fff 0x0004/0x0004 0x0020000
269b88.3fc8: 000001f2ca8d2000-000001f2ca931fff 0x0000/0x0004 0x0020000
270b88.3fc8: 000001f2ca932000-000001f2ca93ffff 0x0001/0x0000 0x0000000
271b88.3fc8: *000001f2ca940000-000001f2ca96dfff 0x0004/0x0004 0x0020000
272b88.3fc8: 000001f2ca96e000-000001f2caa3ffff 0x0000/0x0004 0x0020000
273b88.3fc8: 000001f2caa40000-00007df47381ffff 0x0001/0x0000 0x0000000
274b88.3fc8: *00007df473820000-00007df473824fff 0x0002/0x0002 0x0040000
275b88.3fc8: 00007df473825000-00007df47391ffff 0x0000/0x0002 0x0040000
276b88.3fc8: *00007df473920000-00007df57393ffff 0x0000/0x0004 0x0020000
277b88.3fc8: *00007df573940000-00007df57593ffff 0x0000/0x0004 0x0020000
278b88.3fc8: 00007df575940000-00007df575940fff 0x0004/0x0004 0x0020000
279b88.3fc8: 00007df575941000-00007df57594ffff 0x0001/0x0000 0x0000000
280b88.3fc8: *00007df575950000-00007df575950fff 0x0002/0x0002 0x0040000
281b88.3fc8: 00007df575951000-00007df57595ffff 0x0001/0x0000 0x0000000
282b88.3fc8: *00007df575960000-00007df5776f1fff 0x0000/0x0001 0x0040000
283b88.3fc8: 00007df5776f2000-00007df577759fff 0x0001/0x0001 0x0040000
284b88.3fc8: 00007df57775a000-00007dfd40beefff 0x0000/0x0001 0x0040000
285b88.3fc8: 00007dfd40bef000-00007dfd40beffff 0x0002/0x0001 0x0040000
286b88.3fc8: 00007dfd40bf0000-00007ff54d9b8fff 0x0000/0x0001 0x0040000
287b88.3fc8: 00007ff54d9b9000-00007ff54d9befff 0x0002/0x0001 0x0040000
288b88.3fc8: 00007ff54d9bf000-00007ff569139fff 0x0000/0x0001 0x0040000
289b88.3fc8: 00007ff56913a000-00007ff56bf1ffff 0x0001/0x0001 0x0040000
290b88.3fc8: 00007ff56bf20000-00007ff56bf20fff 0x0002/0x0001 0x0040000
291b88.3fc8: 00007ff56bf21000-00007ff56c193fff 0x0001/0x0001 0x0040000
292b88.3fc8: 00007ff56c194000-00007ff56c194fff 0x0002/0x0001 0x0040000
293b88.3fc8: 00007ff56c195000-00007ff56ce6ffff 0x0001/0x0001 0x0040000
294b88.3fc8: 00007ff56ce70000-00007ff56ce7efff 0x0002/0x0001 0x0040000
295b88.3fc8: 00007ff56ce7f000-00007ff56cea8fff 0x0001/0x0001 0x0040000
296b88.3fc8: 00007ff56cea9000-00007ff56ceacfff 0x0002/0x0001 0x0040000
297b88.3fc8: 00007ff56cead000-00007ff56cf1cfff 0x0001/0x0001 0x0040000
298b88.3fc8: 00007ff56cf1d000-00007ff56cf25fff 0x0002/0x0001 0x0040000
299b88.3fc8: 00007ff56cf26000-00007ff57595ffff 0x0000/0x0001 0x0040000
300b88.3fc8: 00007ff575960000-00007ff60166ffff 0x0001/0x0000 0x0000000
301b88.3fc8: *00007ff601670000-00007ff601670fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
302b88.3fc8: 00007ff601671000-00007ff6016dafff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
303b88.3fc8: 00007ff6016db000-00007ff6016dbfff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
304b88.3fc8: 00007ff6016dc000-00007ff60172efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
305b88.3fc8: 00007ff60172f000-00007ff601731fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
306b88.3fc8: 00007ff601732000-00007ff601734fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
307b88.3fc8: 00007ff601735000-00007ff601737fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
308b88.3fc8: 00007ff601738000-00007ff601738fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
309b88.3fc8: 00007ff601739000-00007ff60173afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
310b88.3fc8: 00007ff60173b000-00007ff60173bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
311b88.3fc8: 00007ff60173c000-00007ff601783fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
312b88.3fc8: 00007ff601784000-00007ffd9702ffff 0x0001/0x0000 0x0000000
313b88.3fc8: *00007ffd97030000-00007ffd9703ffff 0x0020/0x0040 0x0020000 !!
314b88.3fc8: 00007ffd97040000-00007ffda0d1ffff 0x0001/0x0000 0x0000000
315b88.3fc8: *00007ffda0d20000-00007ffda0d20fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Avast Software\Avast\aswhook.dll
316b88.3fc8: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffda0d20000 LB 0x1000 (base 00007ffda0d20000) - 'aswhook.dll'
317b88.3fc8: 00007ffda0d21000-00007ffda0d2afff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Avast Software\Avast\aswhook.dll
318b88.3fc8: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffda0d21000 LB 0xa000 (base 00007ffda0d20000) - 'aswhook.dll'
319b88.3fc8: 00007ffda0d2b000-00007ffda0d2dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Avast Software\Avast\aswhook.dll
320b88.3fc8: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffda0d2b000 LB 0x3000 (base 00007ffda0d20000) - 'aswhook.dll'
321b88.3fc8: 00007ffda0d2e000-00007ffda0d2ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Avast Software\Avast\aswhook.dll
322b88.3fc8: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffda0d2e000 LB 0x2000 (base 00007ffda0d20000) - 'aswhook.dll'
323b88.3fc8: 00007ffda0d30000-00007ffda0d33fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Avast Software\Avast\aswhook.dll
324b88.3fc8: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffda0d30000 LB 0x4000 (base 00007ffda0d20000) - 'aswhook.dll'
325b88.3fc8: 00007ffda0d34000-00007ffda0d34fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Avast Software\Avast\aswhook.dll
326b88.3fc8: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffda0d34000 LB 0x1000 (base 00007ffda0d20000) - 'aswhook.dll'
327b88.3fc8: 00007ffda0d35000-00007ffda0d36fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Avast Software\Avast\aswhook.dll
328b88.3fc8: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffda0d35000 LB 0x2000 (base 00007ffda0d20000) - 'aswhook.dll'
329b88.3fc8: 00007ffda0d37000-00007ffdd440ffff 0x0001/0x0000 0x0000000
330b88.3fc8: *00007ffdd4410000-00007ffdd4410fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\KernelBase.dll
331b88.3fc8: 00007ffdd4411000-00007ffdd4587fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\KernelBase.dll
332b88.3fc8: 00007ffdd4588000-00007ffdd473cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\KernelBase.dll
333b88.3fc8: 00007ffdd473d000-00007ffdd4741fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\KernelBase.dll
334b88.3fc8: 00007ffdd4742000-00007ffdd478afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\KernelBase.dll
335b88.3fc8: 00007ffdd478b000-00007ffdd526ffff 0x0001/0x0000 0x0000000
336b88.3fc8: *00007ffdd5270000-00007ffdd5270fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\kernel32.dll
337b88.3fc8: 00007ffdd5271000-00007ffdd52eefff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\kernel32.dll
338b88.3fc8: 00007ffdd52ef000-00007ffdd5322fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\kernel32.dll
339b88.3fc8: 00007ffdd5323000-00007ffdd5323fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\kernel32.dll
340b88.3fc8: 00007ffdd5324000-00007ffdd5324fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\kernel32.dll
341b88.3fc8: 00007ffdd5325000-00007ffdd532dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\kernel32.dll
342b88.3fc8: 00007ffdd532e000-00007ffdd6f3ffff 0x0001/0x0000 0x0000000
343b88.3fc8: *00007ffdd6f40000-00007ffdd6f40fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll
344b88.3fc8: 00007ffdd6f41000-00007ffdd706bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll
345b88.3fc8: 00007ffdd706c000-00007ffdd70b3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll
346b88.3fc8: 00007ffdd70b4000-00007ffdd70b4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll
347b88.3fc8: 00007ffdd70b5000-00007ffdd70b6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll
348b88.3fc8: 00007ffdd70b7000-00007ffdd70bffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll
349b88.3fc8: 00007ffdd70c0000-00007ffdd7148fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll
350b88.3fc8: 00007ffdd7149000-00007ffffffeffff 0x0001/0x0000 0x0000000
351b88.3fc8: kernel32.dll: timestamp 0x9416e42c (rc=VINF_SUCCESS)
352b88.3fc8: kernelbase.dll: timestamp 0x2a439301 (rc=VINF_SUCCESS)
353b88.3fc8: VirtualBoxVM.exe: timestamp 0x6375031d (rc=VINF_SUCCESS)
354b88.3fc8: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
355b88.3fc8: '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
356b88.3fc8: VirtualBoxVM.exe: Differences in section #7 (.00cfg) between file and memory:
357b88.3fc8: 00007ff601743000 / 0x00d3000: 00 != e0
358b88.3fc8: 00007ff601743001 / 0x00d3001: 0d != 35
359b88.3fc8: 00007ff601743002 / 0x00d3002: 69 != fd
360b88.3fc8: 00007ff601743003 / 0x00d3003: 01 != d6
361b88.3fc8: 00007ff601743004 / 0x00d3004: f6 != fd
362b88.3fc8: 00007ff601743008 / 0x00d3008: 00 != e0
363b88.3fc8: 00007ff601743009 / 0x00d3009: 0d != 35
364b88.3fc8: 00007ff60174300a / 0x00d300a: 69 != fd
365b88.3fc8: 00007ff60174300b / 0x00d300b: 01 != d6
366b88.3fc8: 00007ff60174300c / 0x00d300c: f6 != fd
367b88.3fc8: 00007ff601743011 / 0x00d3011: ab != 37
368b88.3fc8: 00007ff601743012 / 0x00d3012: 6d != fd
369b88.3fc8: 00007ff601743013 / 0x00d3013: 01 != d6
370b88.3fc8: 00007ff601743014 / 0x00d3014: f6 != fd
371b88.3fc8: 00007ff601743018 / 0x00d3018: 40 != 20
372b88.3fc8: 00007ff601743019 / 0x00d3019: ab != 37
373b88.3fc8: 00007ff60174301a / 0x00d301a: 6d != fd
374b88.3fc8: 00007ff60174301b / 0x00d301b: 01 != d6
375b88.3fc8: 00007ff60174301c / 0x00d301c: f6 != fd
376b88.3fc8: 00007ff601743020 / 0x00d3020: 40 != 20
377b88.3fc8: 00007ff601743021 / 0x00d3021: ab != 37
378b88.3fc8: 00007ff601743022 / 0x00d3022: 6d != fd
379b88.3fc8: 00007ff601743023 / 0x00d3023: 01 != d6
380b88.3fc8: 00007ff601743024 / 0x00d3024: f6 != fd
381b88.3fc8: Restored 0x28 bytes of original file content at 00007ff601743000
382b88.3fc8: VirtualBoxVM.exe: Differences in section #8 (.rsrc) between file and memory:
383b88.3fc8: 00007ff6017825f4 / 0x01125f4: 00 != 50
384b88.3fc8: 00007ff6017825f5 / 0x01125f5: 00 != 41
385b88.3fc8: 00007ff6017825f6 / 0x01125f6: 00 != 44
386b88.3fc8: 00007ff6017825f7 / 0x01125f7: 00 != 44
387b88.3fc8: 00007ff6017825f8 / 0x01125f8: 00 != 49
388b88.3fc8: 00007ff6017825f9 / 0x01125f9: 00 != 4e
389b88.3fc8: 00007ff6017825fa / 0x01125fa: 00 != 47
390b88.3fc8: 00007ff6017825fb / 0x01125fb: 00 != 58
391b88.3fc8: 00007ff6017825fc / 0x01125fc: 00 != 58
392b88.3fc8: 00007ff6017825fd / 0x01125fd: 00 != 50
393b88.3fc8: 00007ff6017825fe / 0x01125fe: 00 != 41
394b88.3fc8: 00007ff6017825ff / 0x01125ff: 00 != 44
395b88.3fc8: Restored 0xa0c bytes of original file content at 00007ff6017825f4
396b88.3fc8: '\Device\HarddiskVolume8\Windows\System32\ntdll.dll' has no imports
397b88.3fc8: ntdll.dll: Differences in section #1 (.text) between file and memory:
398b88.3fc8: 00007ffdd6f76c50 / 0x0036c50: 4c != e9
399b88.3fc8: 00007ffdd6f76c51 / 0x0036c51: 89 != 83
400b88.3fc8: 00007ffdd6f76c52 / 0x0036c52: 4c != 95
401b88.3fc8: 00007ffdd6f76c53 / 0x0036c53: 24 != 0b
402b88.3fc8: 00007ffdd6f76c54 / 0x0036c54: 20 != c0
403b88.3fc8: 00007ffdd6f76c55 / 0x0036c55: 48 != cc
404b88.3fc8: 00007ffdd6f76c56 / 0x0036c56: 89 != cc
405b88.3fc8: 00007ffdd6f76c57 / 0x0036c57: 54 != cc
406b88.3fc8: 00007ffdd6f76c58 / 0x0036c58: 24 != cc
407b88.3fc8: 00007ffdd6f76c59 / 0x0036c59: 10 != cc
408b88.3fc8: Restored 0x2000 bytes of original file content at 00007ffdd6f75000
409b88.3fc8: ntdll.dll: Differences in section #1 (.text) between file and memory:
410b88.3fc8: 00007ffdd6f7adb0 / 0x003adb0: 48 != e9
411b88.3fc8: 00007ffdd6f7adb1 / 0x003adb1: 89 != 83
412b88.3fc8: 00007ffdd6f7adb2 / 0x003adb2: 5c != 54
413b88.3fc8: 00007ffdd6f7adb3 / 0x003adb3: 24 != 0b
414b88.3fc8: 00007ffdd6f7adb4 / 0x003adb4: 10 != c0
415b88.3fc8: 00007ffdd6f7adb5 / 0x003adb5: 56 != cc
416b88.3fc8: Restored 0x2000 bytes of original file content at 00007ffdd6f79000
417b88.3fc8: ntdll.dll: Differences in section #1 (.text) between file and memory:
418b88.3fc8: 00007ffdd7041aa0 / 0x0101aa0: 48 != e9
419b88.3fc8: 00007ffdd7041aa1 / 0x0101aa1: 89 != d3
420b88.3fc8: 00007ffdd7041aa2 / 0x0101aa2: 5c != e6
421b88.3fc8: 00007ffdd7041aa3 / 0x0101aa3: 24 != fe
422b88.3fc8: 00007ffdd7041aa4 / 0x0101aa4: 08 != bf
423b88.3fc8: 00007ffdd7041aa5 / 0x0101aa5: 48 != cc
424b88.3fc8: 00007ffdd7041aa6 / 0x0101aa6: 89 != cc
425b88.3fc8: 00007ffdd7041aa7 / 0x0101aa7: 74 != cc
426b88.3fc8: 00007ffdd7041aa8 / 0x0101aa8: 24 != cc
427b88.3fc8: 00007ffdd7041aa9 / 0x0101aa9: 10 != cc
428b88.3fc8: Restored 0x2000 bytes of original file content at 00007ffdd703fb0e
429b88.3fc8: ntdll.dll: Differences in section #8 (.00cfg) between file and memory:
430b88.3fc8: 00007ffdd70d3000 / 0x0193000: 60 != 20
431b88.3fc8: 00007ffdd70d3001 / 0x0193001: a5 != 37
432b88.3fc8: 00007ffdd70d3002 / 0x0193002: fe != fd
433b88.3fc8: 00007ffdd70d3008 / 0x0193008: d0 != e0
434b88.3fc8: 00007ffdd70d3009 / 0x0193009: 34 != 35
435b88.3fc8: 00007ffdd70d3010 / 0x0193010: 80 != 20
436b88.3fc8: 00007ffdd70d3011 / 0x0193011: a5 != 37
437b88.3fc8: 00007ffdd70d3012 / 0x0193012: fe != fd
438b88.3fc8: 00007ffdd70d3018 / 0x0193018: 80 != 20
439b88.3fc8: 00007ffdd70d3019 / 0x0193019: a5 != 37
440b88.3fc8: 00007ffdd70d301a / 0x019301a: fe != fd
441b88.3fc8: Restored 0x20 bytes of original file content at 00007ffdd70d3000
442b88.3fc8: kernel32.dll: Differences in section #2 (.rdata) between file and memory:
443b88.3fc8: 00007ffdd52f33c8 / 0x00833c8: 10 != e0
444b88.3fc8: 00007ffdd52f33c9 / 0x00833c9: 30 != 35
445b88.3fc8: 00007ffdd52f33ca / 0x00833ca: 29 != fd
446b88.3fc8: 00007ffdd52f33cb / 0x00833cb: d5 != d6
447b88.3fc8: 00007ffdd52f33d0 / 0x00833d0: a0 != 20
448b88.3fc8: 00007ffdd52f33d1 / 0x00833d1: 54 != 37
449b88.3fc8: 00007ffdd52f33d2 / 0x00833d2: 29 != fd
450b88.3fc8: 00007ffdd52f33d3 / 0x00833d3: d5 != d6
451b88.3fc8: 00007ffdd52f33d8 / 0x00833d8: 10 != e0
452b88.3fc8: 00007ffdd52f33d9 / 0x00833d9: 30 != 35
453b88.3fc8: 00007ffdd52f33da / 0x00833da: 29 != fd
454b88.3fc8: 00007ffdd52f33db / 0x00833db: d5 != d6
455b88.3fc8: 00007ffdd52f33e0 / 0x00833e0: c0 != 20
456b88.3fc8: 00007ffdd52f33e1 / 0x00833e1: 54 != 37
457b88.3fc8: 00007ffdd52f33e2 / 0x00833e2: 29 != fd
458b88.3fc8: 00007ffdd52f33e3 / 0x00833e3: d5 != d6
459b88.3fc8: 00007ffdd52f33e8 / 0x00833e8: c0 != 20
460b88.3fc8: 00007ffdd52f33e9 / 0x00833e9: 54 != 37
461b88.3fc8: 00007ffdd52f33ea / 0x00833ea: 29 != fd
462b88.3fc8: 00007ffdd52f33eb / 0x00833eb: d5 != d6
463b88.3fc8: Restored 0x2000 bytes of original file content at 00007ffdd52f3000
464b88.3fc8: kernelbase.dll: Differences in section #2 (.rdata) between file and memory:
465b88.3fc8: 00007ffdd4652e80 / 0x0242e80: f0 != e0
466b88.3fc8: 00007ffdd4652e81 / 0x0242e81: d0 != 35
467b88.3fc8: 00007ffdd4652e82 / 0x0242e82: 4c != fd
468b88.3fc8: 00007ffdd4652e83 / 0x0242e83: d4 != d6
469b88.3fc8: 00007ffdd4652e88 / 0x0242e88: a0 != 20
470b88.3fc8: 00007ffdd4652e89 / 0x0242e89: d4 != 37
471b88.3fc8: 00007ffdd4652e8a / 0x0242e8a: 4c != fd
472b88.3fc8: 00007ffdd4652e8b / 0x0242e8b: d4 != d6
473b88.3fc8: 00007ffdd4652e90 / 0x0242e90: f0 != e0
474b88.3fc8: 00007ffdd4652e91 / 0x0242e91: d0 != 35
475b88.3fc8: 00007ffdd4652e92 / 0x0242e92: 4c != fd
476b88.3fc8: 00007ffdd4652e93 / 0x0242e93: d4 != d6
477b88.3fc8: 00007ffdd4652e98 / 0x0242e98: c0 != 20
478b88.3fc8: 00007ffdd4652e99 / 0x0242e99: d4 != 37
479b88.3fc8: 00007ffdd4652e9a / 0x0242e9a: 4c != fd
480b88.3fc8: 00007ffdd4652e9b / 0x0242e9b: d4 != d6
481b88.3fc8: 00007ffdd4652ea0 / 0x0242ea0: c0 != 20
482b88.3fc8: 00007ffdd4652ea1 / 0x0242ea1: d4 != 37
483b88.3fc8: 00007ffdd4652ea2 / 0x0242ea2: 4c != fd
484b88.3fc8: 00007ffdd4652ea3 / 0x0242ea3: d4 != d6
485b88.3fc8: Restored 0x2000 bytes of original file content at 00007ffdd4652000
486b88.3fc8: supHardNtVpCheckHandles:
487b88.3fc8: supHardNtVpCheckHandles: Marked Mutant handle non-inheritable: 0000000000001580
488b88.3fc8: supR3HardenedWinInit: SUPHARDNTVPKIND_SELF_PURIFICATION_LIMITED -> VINF_SUCCESS, cFixes=9
489b88.3fc8: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
490b88.3fc8: '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
491b88.3fc8: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
492b88.3fc8: supR3HardNtEnableThreadCreationEx:
493b88.3fc8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffdd6fbac10 pvNtTerminateThread=00007ffdd6fe45d0
494b88.3fc8: supR3HardenedWinDoReSpawn(1): New child 3d74.10f0 [kernel32].
495b88.3fc8: supR3HardNtChildGatherData: PebBaseAddress=0000006c6b3da000 cbPeb=0x388
496b88.3fc8: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffdd6f40000 uNtDllChildAddr=00007ffdd6f40000
497b88.3fc8: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffdd6fbac10
498b88.3fc8: supR3HardenedWinSetupChildInit: Initial context:
499 rax=0000000000000000 rbx=0000000000000000 rcx=00007ff60167b7a0 rdx=0000006c6b3da000
500 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
501 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
502 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
503 rip=00007ffdd6f44830 rsp=0000006c6b15fdd8 rbp=0000000000000000 ctxflags=0010001b
504 cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
505 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
506 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
507 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
508 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
509b88.3fc8: supR3HardenedWinSetupChildInit: Start child.
510b88.3fc8: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
511b88.3fc8: supR3HardNtChildPurify: Startup delay kludge #1/0: 522 ms, 33 sleeps
512b88.3fc8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
513b88.3fc8: *0000000000000000-000000007ffdffff 0x0001/0x0000 0x0000000
514b88.3fc8: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
515b88.3fc8: 000000007ffe1000-000000007ffe6fff 0x0001/0x0000 0x0000000
516b88.3fc8: *000000007ffe7000-000000007ffe7fff 0x0002/0x0002 0x0020000
517b88.3fc8: 000000007ffe8000-0000006c6b05ffff 0x0001/0x0000 0x0000000
518b88.3fc8: *0000006c6b060000-0000006c6b15afff 0x0000/0x0004 0x0020000
519b88.3fc8: 0000006c6b15b000-0000006c6b15dfff 0x0104/0x0004 0x0020000
520b88.3fc8: 0000006c6b15e000-0000006c6b15ffff 0x0004/0x0004 0x0020000
521b88.3fc8: 0000006c6b160000-0000006c6b1fffff 0x0001/0x0000 0x0000000
522b88.3fc8: *0000006c6b200000-0000006c6b3d9fff 0x0000/0x0004 0x0020000
523b88.3fc8: 0000006c6b3da000-0000006c6b3dcfff 0x0004/0x0004 0x0020000
524b88.3fc8: 0000006c6b3dd000-0000006c6b3fffff 0x0000/0x0004 0x0020000
525b88.3fc8: 0000006c6b400000-000001dc5d2effff 0x0001/0x0000 0x0000000
526b88.3fc8: *000001dc5d2f0000-000001dc5d30ffff 0x0004/0x0004 0x0020000
527b88.3fc8: *000001dc5d310000-000001dc5d32efff 0x0002/0x0002 0x0040000
528b88.3fc8: 000001dc5d32f000-000001dc5d32ffff 0x0001/0x0000 0x0000000
529b88.3fc8: *000001dc5d330000-000001dc5d330fff 0x0020/0x0020 0x0040000 !!
530b88.3fc8: supHardNtVpScanVirtualMemory: Unmapping exec mem at 000001dc5d330000 (000001dc5d330000/000001dc5d330000 LB 0x1000)
531b88.3fc8: 000001dc5d331000-000001dc5d33ffff 0x0001/0x0000 0x0000000
532b88.3fc8: *000001dc5d340000-000001dc5d343fff 0x0002/0x0002 0x0040000
533b88.3fc8: 000001dc5d344000-000001dc5d34ffff 0x0001/0x0000 0x0000000
534b88.3fc8: *000001dc5d350000-000001dc5d350fff 0x0002/0x0002 0x0040000
535b88.3fc8: 000001dc5d351000-000001dc5d35ffff 0x0001/0x0000 0x0000000
536b88.3fc8: *000001dc5d360000-000001dc5d361fff 0x0004/0x0004 0x0020000
537b88.3fc8: 000001dc5d362000-00007df5be02ffff 0x0001/0x0000 0x0000000
538b88.3fc8: *00007df5be030000-00007df5be030fff 0x0002/0x0002 0x0040000
539b88.3fc8: 00007df5be031000-00007df5be03ffff 0x0001/0x0000 0x0000000
540b88.3fc8: *00007df5be040000-00007df5bfdd1fff 0x0000/0x0001 0x0040000
541b88.3fc8: 00007df5bfdd2000-00007df5bfe39fff 0x0001/0x0001 0x0040000
542b88.3fc8: 00007df5bfe3a000-00007dfd2f78bfff 0x0000/0x0001 0x0040000
543b88.3fc8: 00007dfd2f78c000-00007dfd2f78cfff 0x0002/0x0001 0x0040000
544b88.3fc8: 00007dfd2f78d000-00007ff596098fff 0x0000/0x0001 0x0040000
545b88.3fc8: 00007ff596099000-00007ff59609efff 0x0002/0x0001 0x0040000
546b88.3fc8: 00007ff59609f000-00007ff5b1819fff 0x0000/0x0001 0x0040000
547b88.3fc8: 00007ff5b181a000-00007ff5b55fcfff 0x0001/0x0001 0x0040000
548b88.3fc8: 00007ff5b55fd000-00007ff5b5605fff 0x0002/0x0001 0x0040000
549b88.3fc8: 00007ff5b5606000-00007ff5be03ffff 0x0000/0x0001 0x0040000
550b88.3fc8: 00007ff5be040000-00007ff60166ffff 0x0001/0x0000 0x0000000
551b88.3fc8: *00007ff601670000-00007ff601670fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
552b88.3fc8: 00007ff601671000-00007ff6016dafff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
553b88.3fc8: 00007ff6016db000-00007ff6016dbfff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
554b88.3fc8: 00007ff6016dc000-00007ff60172efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
555b88.3fc8: 00007ff60172f000-00007ff60172ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
556b88.3fc8: 00007ff601730000-00007ff601730fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
557b88.3fc8: 00007ff601731000-00007ff601735fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
558b88.3fc8: 00007ff601736000-00007ff60173bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
559b88.3fc8: 00007ff60173c000-00007ff601783fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
560b88.3fc8: 00007ff601784000-00007ffdd6f3ffff 0x0001/0x0000 0x0000000
561b88.3fc8: *00007ffdd6f40000-00007ffdd6f40fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll
562b88.3fc8: 00007ffdd6f41000-00007ffdd706bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll
563b88.3fc8: 00007ffdd706c000-00007ffdd70b3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll
564b88.3fc8: 00007ffdd70b4000-00007ffdd70bffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll
565b88.3fc8: 00007ffdd70c0000-00007ffdd70cefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll
566b88.3fc8: 00007ffdd70cf000-00007ffdd70cffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll
567b88.3fc8: 00007ffdd70d0000-00007ffdd70d2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll
568b88.3fc8: 00007ffdd70d3000-00007ffdd7148fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll
569b88.3fc8: 00007ffdd7149000-00007ffffffeffff 0x0001/0x0000 0x0000000
570b88.3fc8: VirtualBoxVM.exe: Differences in section #8 (.rsrc) between file and memory:
571b88.3fc8: 00007ff6017825f4 / 0x01125f4: 00 != 50
572b88.3fc8: 00007ff6017825f5 / 0x01125f5: 00 != 41
573b88.3fc8: 00007ff6017825f6 / 0x01125f6: 00 != 44
574b88.3fc8: 00007ff6017825f7 / 0x01125f7: 00 != 44
575b88.3fc8: 00007ff6017825f8 / 0x01125f8: 00 != 49
576b88.3fc8: 00007ff6017825f9 / 0x01125f9: 00 != 4e
577b88.3fc8: 00007ff6017825fa / 0x01125fa: 00 != 47
578b88.3fc8: 00007ff6017825fb / 0x01125fb: 00 != 58
579b88.3fc8: 00007ff6017825fc / 0x01125fc: 00 != 58
580b88.3fc8: 00007ff6017825fd / 0x01125fd: 00 != 50
581b88.3fc8: 00007ff6017825fe / 0x01125fe: 00 != 41
582b88.3fc8: 00007ff6017825ff / 0x01125ff: 00 != 44
583b88.3fc8: Restored 0xa0c bytes of original file content at 00007ff6017825f4
584b88.3fc8: supR3HardNtChildPurify: cFixes=2 g_fSupAdversaries=0x4
585b88.3fc8: supR3HardNtChildPurify: Startup delay kludge #1/1: 515 ms, 33 sleeps
586b88.3fc8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
587b88.3fc8: *0000000000000000-000000007ffdffff 0x0001/0x0000 0x0000000
588b88.3fc8: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
589b88.3fc8: 000000007ffe1000-000000007ffe6fff 0x0001/0x0000 0x0000000
590b88.3fc8: *000000007ffe7000-000000007ffe7fff 0x0002/0x0002 0x0020000
591b88.3fc8: 000000007ffe8000-0000006c6b05ffff 0x0001/0x0000 0x0000000
592b88.3fc8: *0000006c6b060000-0000006c6b15afff 0x0000/0x0004 0x0020000
593b88.3fc8: 0000006c6b15b000-0000006c6b15dfff 0x0104/0x0004 0x0020000
594b88.3fc8: 0000006c6b15e000-0000006c6b15ffff 0x0004/0x0004 0x0020000
595b88.3fc8: 0000006c6b160000-0000006c6b1fffff 0x0001/0x0000 0x0000000
596b88.3fc8: *0000006c6b200000-0000006c6b3d9fff 0x0000/0x0004 0x0020000
597b88.3fc8: 0000006c6b3da000-0000006c6b3dcfff 0x0004/0x0004 0x0020000
598b88.3fc8: 0000006c6b3dd000-0000006c6b3fffff 0x0000/0x0004 0x0020000
599b88.3fc8: 0000006c6b400000-000001dc5d2effff 0x0001/0x0000 0x0000000
600b88.3fc8: *000001dc5d2f0000-000001dc5d30ffff 0x0004/0x0004 0x0020000
601b88.3fc8: *000001dc5d310000-000001dc5d32efff 0x0002/0x0002 0x0040000
602b88.3fc8: 000001dc5d32f000-000001dc5d33ffff 0x0001/0x0000 0x0000000
603b88.3fc8: *000001dc5d340000-000001dc5d343fff 0x0002/0x0002 0x0040000
604b88.3fc8: 000001dc5d344000-000001dc5d34ffff 0x0001/0x0000 0x0000000
605b88.3fc8: *000001dc5d350000-000001dc5d350fff 0x0002/0x0002 0x0040000
606b88.3fc8: 000001dc5d351000-000001dc5d35ffff 0x0001/0x0000 0x0000000
607b88.3fc8: *000001dc5d360000-000001dc5d361fff 0x0004/0x0004 0x0020000
608b88.3fc8: 000001dc5d362000-00007df5be02ffff 0x0001/0x0000 0x0000000
609b88.3fc8: *00007df5be030000-00007df5be030fff 0x0002/0x0002 0x0040000
610b88.3fc8: 00007df5be031000-00007df5be03ffff 0x0001/0x0000 0x0000000
611b88.3fc8: *00007df5be040000-00007df5bfdd1fff 0x0000/0x0001 0x0040000
612b88.3fc8: 00007df5bfdd2000-00007df5bfe39fff 0x0001/0x0001 0x0040000
613b88.3fc8: 00007df5bfe3a000-00007dfd2f78bfff 0x0000/0x0001 0x0040000
614b88.3fc8: 00007dfd2f78c000-00007dfd2f78cfff 0x0002/0x0001 0x0040000
615b88.3fc8: 00007dfd2f78d000-00007ff596098fff 0x0000/0x0001 0x0040000
616b88.3fc8: 00007ff596099000-00007ff59609efff 0x0002/0x0001 0x0040000
617b88.3fc8: 00007ff59609f000-00007ff5b1819fff 0x0000/0x0001 0x0040000
618b88.3fc8: 00007ff5b181a000-00007ff5b55fcfff 0x0001/0x0001 0x0040000
619b88.3fc8: 00007ff5b55fd000-00007ff5b5605fff 0x0002/0x0001 0x0040000
620b88.3fc8: 00007ff5b5606000-00007ff5be03ffff 0x0000/0x0001 0x0040000
621b88.3fc8: 00007ff5be040000-00007ff60166ffff 0x0001/0x0000 0x0000000
622b88.3fc8: *00007ff601670000-00007ff601670fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
623b88.3fc8: 00007ff601671000-00007ff6016dafff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
624b88.3fc8: 00007ff6016db000-00007ff6016dbfff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
625b88.3fc8: 00007ff6016dc000-00007ff60172efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
626b88.3fc8: 00007ff60172f000-00007ff60173bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
627b88.3fc8: 00007ff60173c000-00007ff601783fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
628b88.3fc8: 00007ff601784000-00007ffdd6f3ffff 0x0001/0x0000 0x0000000
629b88.3fc8: *00007ffdd6f40000-00007ffdd6f40fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll
630b88.3fc8: 00007ffdd6f41000-00007ffdd706bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll
631b88.3fc8: 00007ffdd706c000-00007ffdd70b3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll
632b88.3fc8: 00007ffdd70b4000-00007ffdd70b7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll
633b88.3fc8: 00007ffdd70b8000-00007ffdd70bffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll
634b88.3fc8: 00007ffdd70c0000-00007ffdd70cefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll
635b88.3fc8: 00007ffdd70cf000-00007ffdd70cffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll
636b88.3fc8: 00007ffdd70d0000-00007ffdd70d2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll
637b88.3fc8: 00007ffdd70d3000-00007ffdd7148fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll
638b88.3fc8: 00007ffdd7149000-00007ffffffeffff 0x0001/0x0000 0x0000000
639b88.3fc8: supR3HardNtChildPurify: Done after 1041 ms and 2 fixes (loop #1).
6403d74.10f0: supR3HardenedVmProcessInit: uNtDllAddr=00007ffdd6f40000 g_uNtVerCombined=0xa055f000 (stack ~0000006c6b15eba0)
6413d74.10f0: ntdll.dll: timestamp 0x57b668f2 (rc=VINF_SUCCESS)
6423d74.10f0: New simple heap: #1 000001dc5d470000 LB 0x800000 (for 2134016 allocation)
643b88.3fc8: supR3HardNtEnableThreadCreationEx:
6443d74.10f0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox'
6453d74.10f0: System32: \Device\HarddiskVolume8\Windows\System32
6463d74.10f0: WinSxS: \Device\HarddiskVolume8\Windows\WinSxS
6473d74.10f0: KnownDllPath: C:\Windows\System32
6483d74.10f0: supR3HardenedVmProcessInit: Opening vboxsup stub...
6493d74.10f0: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
6503d74.10f0: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
6513d74.10f0: Registered Dll notification callback with NTDLL.
6523d74.10f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\kernel32.dll)
6533d74.10f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\kernel32.dll
6543d74.10f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
6553d74.10f0: supR3HardenedMonitor_KiUserApcDispatcher_C: pfnRoutine=000001dc5d330088 enmState=3 -> supR3HardenedWinDummyApcRoutine
6563d74.10f0: supR3HardenedWinDummyApcRoutine: pvArg1=000001dc5d330000 pvArg2=0000000000000000 pvArg3=0000000000000000
6573d74.10f0: supR3HardenedDllNotificationCallback: load 00007ffdd4410000 LB 0x0037b000 C:\Windows\System32\KERNELBASE.dll [fFlags=0x0]
6583d74.10f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\KernelBase.dll)
6593d74.10f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\KernelBase.dll
6603d74.10f0: supR3HardenedDllNotificationCallback: load 00007ffdd5270000 LB 0x000be000 C:\Windows\System32\KERNEL32.DLL [fFlags=0x0]
6613d74.10f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
6623d74.10f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd5270000 'C:\Windows\System32\KERNEL32.DLL'
6633d74.10f0: supR3HardenedDllNotificationCallback: load 00007ff601670000 LB 0x00114000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
6643d74.10f0: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
6653d74.10f0: '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
6663d74.10f0: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
6673d74.10f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
6683d74.10f0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffdd6fbac10 pvNtTerminateThread=00007ffdd6fe45d0
669b88.3fc8: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 63 ms.
6703d74.10f0: \SystemRoot\System32\ntdll.dll:
6713d74.10f0: CreationTime: 2022-09-15T09:57:05.594340100Z
6723d74.10f0: LastWriteTime: 2022-09-15T09:57:05.628540200Z
6733d74.10f0: ChangeTime: 2022-11-09T23:47:10.845416100Z
6743d74.10f0: FileAttributes: 0x20
6753d74.10f0: Size: 0x207df8
6763d74.10f0: NT Headers: 0xe0
6773d74.10f0: Timestamp: 0x57b668f2
6783d74.10f0: Machine: 0x8664 - amd64
6793d74.10f0: Timestamp: 0x57b668f2
6803d74.10f0: Image Version: 10.0
6813d74.10f0: SizeOfImage: 0x209000 (2134016)
6823d74.10f0: Resource Dir: 0x194000 LB 0x73528
6833d74.10f0: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
6843d74.10f0: [Raw version resource data: 0x1940f0 LB 0x380, codepage 0x0 (reserved 0x0)]
6853d74.10f0: ProductName: Microsoft® Windows® Operating System
6863d74.10f0: ProductVersion: 10.0.22000.918
6873d74.10f0: FileVersion: 10.0.22000.918 (WinBuild.160101.0800)
6883d74.10f0: FileDescription: NT Layer DLL
6893d74.10f0: \SystemRoot\System32\kernel32.dll:
6903d74.10f0: CreationTime: 2022-11-09T23:45:56.720455400Z
6913d74.10f0: LastWriteTime: 2022-11-09T23:45:56.734459100Z
6923d74.10f0: ChangeTime: 2022-11-10T13:40:54.323737900Z
6933d74.10f0: FileAttributes: 0x20
6943d74.10f0: Size: 0xc1060
6953d74.10f0: NT Headers: 0xe8
6963d74.10f0: Timestamp: 0x9416e42c
6973d74.10f0: Machine: 0x8664 - amd64
6983d74.10f0: Timestamp: 0x9416e42c
6993d74.10f0: Image Version: 10.0
7003d74.10f0: SizeOfImage: 0xbe000 (778240)
7013d74.10f0: Resource Dir: 0xbc000 LB 0x520
7023d74.10f0: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
7033d74.10f0: [Raw version resource data: 0xbc0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
7043d74.10f0: ProductName: Microsoft® Windows® Operating System
7053d74.10f0: ProductVersion: 10.0.22000.1219
7063d74.10f0: FileVersion: 10.0.22000.1219 (WinBuild.160101.0800)
7073d74.10f0: FileDescription: Windows NT BASE API Client DLL
7083d74.10f0: \SystemRoot\System32\KernelBase.dll:
7093d74.10f0: CreationTime: 2022-11-09T23:46:00.173868600Z
7103d74.10f0: LastWriteTime: 2022-11-09T23:46:00.263888800Z
7113d74.10f0: ChangeTime: 2022-11-10T13:40:54.354991400Z
7123d74.10f0: FileAttributes: 0x20
7133d74.10f0: Size: 0x3822b8
7143d74.10f0: NT Headers: 0xf8
7153d74.10f0: Timestamp: 0x2a439301
7163d74.10f0: Machine: 0x8664 - amd64
7173d74.10f0: Timestamp: 0x2a439301
7183d74.10f0: Image Version: 10.0
7193d74.10f0: SizeOfImage: 0x37b000 (3649536)
7203d74.10f0: Resource Dir: 0x34b000 LB 0x548
7213d74.10f0: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
7223d74.10f0: [Raw version resource data: 0x34b0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
7233d74.10f0: ProductName: Microsoft® Windows® Operating System
7243d74.10f0: ProductVersion: 10.0.22000.1165
7253d74.10f0: FileVersion: 10.0.22000.1165 (WinBuild.160101.0800)
7263d74.10f0: FileDescription: Windows NT BASE API Client DLL
7273d74.10f0: \SystemRoot\System32\apisetschema.dll:
7283d74.10f0: CreationTime: 2021-06-05T12:04:59.928787900Z
7293d74.10f0: LastWriteTime: 2021-06-05T12:04:59.928787900Z
7303d74.10f0: ChangeTime: 2022-11-09T23:47:09.633374300Z
7313d74.10f0: FileAttributes: 0x20
7323d74.10f0: Size: 0x24150
7333d74.10f0: NT Headers: 0xc8
7343d74.10f0: Timestamp: 0x68d1dbaf
7353d74.10f0: Machine: 0x8664 - amd64
7363d74.10f0: Timestamp: 0x68d1dbaf
7373d74.10f0: Image Version: 10.0
7383d74.10f0: SizeOfImage: 0x23000 (143360)
7393d74.10f0: Resource Dir: 0x22000 LB 0x408
7403d74.10f0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
7413d74.10f0: [Raw version resource data: 0x22060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
7423d74.10f0: ProductName: Microsoft® Windows® Operating System
7433d74.10f0: ProductVersion: 10.0.22000.1
7443d74.10f0: FileVersion: 10.0.22000.1 (WinBuild.160101.0800)
7453d74.10f0: FileDescription: ApiSet Schema DLL
7463d74.10f0: NtOpenDirectoryObject failed on \Driver: 0xc0000022
7473d74.10f0: supR3HardenedWinFindAdversaries: 0x4
7483d74.10f0: \SystemRoot\System32\drivers\aswMonFlt.sys:
7493d74.10f0: CreationTime: 2022-03-14T16:18:13.893635300Z
7503d74.10f0: LastWriteTime: 2022-11-01T13:01:12.555584300Z
7513d74.10f0: ChangeTime: 2022-11-01T13:01:12.555584300Z
7523d74.10f0: FileAttributes: 0x20
7533d74.10f0: Size: 0x43828
7543d74.10f0: NT Headers: 0xe0
7553d74.10f0: Timestamp: 0x634589ab
7563d74.10f0: Machine: 0x8664 - amd64
7573d74.10f0: Timestamp: 0x634589ab
7583d74.10f0: Image Version: 10.0
7593d74.10f0: SizeOfImage: 0x44000 (278528)
7603d74.10f0: Resource Dir: 0x42000 LB 0x3a0
7613d74.10f0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
7623d74.10f0: [Raw version resource data: 0x42060 LB 0x340, codepage 0x0 (reserved 0x0)]
7633d74.10f0: ProductName: Avast Antivirus
7643d74.10f0: ProductVersion: 22.10.441.0
7653d74.10f0: FileVersion: 22.10.441.0
7663d74.10f0: FileDescription: Avast File System Filter
7673d74.10f0: \SystemRoot\System32\drivers\aswRdr2.sys:
7683d74.10f0: CreationTime: 2022-03-14T16:18:13.891634800Z
7693d74.10f0: LastWriteTime: 2022-11-01T13:01:12.546789900Z
7703d74.10f0: ChangeTime: 2022-11-01T13:01:12.546789900Z
7713d74.10f0: FileAttributes: 0x20
7723d74.10f0: Size: 0x1bf20
7733d74.10f0: NT Headers: 0xe8
7743d74.10f0: Timestamp: 0x634589bb
7753d74.10f0: Machine: 0x8664 - amd64
7763d74.10f0: Timestamp: 0x634589bb
7773d74.10f0: Image Version: 10.0
7783d74.10f0: SizeOfImage: 0x1b000 (110592)
7793d74.10f0: Resource Dir: 0x19000 LB 0x388
7803d74.10f0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
7813d74.10f0: [Raw version resource data: 0x19060 LB 0x324, codepage 0x0 (reserved 0x0)]
7823d74.10f0: ProductName: Avast Antivirus
7833d74.10f0: ProductVersion: 22.10.441.0
7843d74.10f0: FileVersion: 22.10.441.0
7853d74.10f0: FileDescription: Avast Antivirus
7863d74.10f0: \SystemRoot\System32\drivers\aswRvrt.sys:
7873d74.10f0: CreationTime: 2022-03-14T16:18:13.894635600Z
7883d74.10f0: LastWriteTime: 2022-11-01T13:01:12.564474100Z
7893d74.10f0: ChangeTime: 2022-11-01T13:01:12.564474100Z
7903d74.10f0: FileAttributes: 0x20
7913d74.10f0: Size: 0x15f98
7923d74.10f0: NT Headers: 0xf0
7933d74.10f0: Timestamp: 0x634589ba
7943d74.10f0: Machine: 0x8664 - amd64
7953d74.10f0: Timestamp: 0x634589ba
7963d74.10f0: Image Version: 10.0
7973d74.10f0: SizeOfImage: 0x13000 (77824)
7983d74.10f0: Resource Dir: 0x11000 LB 0x380
7993d74.10f0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
8003d74.10f0: [Raw version resource data: 0x11060 LB 0x320, codepage 0x0 (reserved 0x0)]
8013d74.10f0: ProductName: Avast Antivirus
8023d74.10f0: ProductVersion: 22.10.441.0
8033d74.10f0: FileVersion: 22.10.441.0
8043d74.10f0: FileDescription: Avast Revert
8053d74.10f0: \SystemRoot\System32\drivers\aswSnx.sys:
8063d74.10f0: CreationTime: 2022-03-14T16:18:13.887634000Z
8073d74.10f0: LastWriteTime: 2022-11-01T13:01:10.962228800Z
8083d74.10f0: ChangeTime: 2022-11-01T13:01:10.962228800Z
8093d74.10f0: FileAttributes: 0x20
8103d74.10f0: Size: 0xd2ad8
8113d74.10f0: NT Headers: 0xf8
8123d74.10f0: Timestamp: 0x634589ce
8133d74.10f0: Machine: 0x8664 - amd64
8143d74.10f0: Timestamp: 0x634589ce
8153d74.10f0: Image Version: 10.0
8163d74.10f0: SizeOfImage: 0xce000 (843776)
8173d74.10f0: Resource Dir: 0xcb000 LB 0x388
8183d74.10f0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
8193d74.10f0: [Raw version resource data: 0xcb060 LB 0x324, codepage 0x0 (reserved 0x0)]
8203d74.10f0: ProductName: Avast Antivirus
8213d74.10f0: ProductVersion: 22.10.441.0
8223d74.10f0: FileVersion: 22.10.441.0
8233d74.10f0: FileDescription: Avast Antivirus
8243d74.10f0: \SystemRoot\System32\drivers\aswsp.sys:
8253d74.10f0: CreationTime: 2022-03-14T16:18:13.895636200Z
8263d74.10f0: LastWriteTime: 2022-11-01T13:01:12.572290600Z
8273d74.10f0: ChangeTime: 2022-11-01T13:01:12.572290600Z
8283d74.10f0: FileAttributes: 0x20
8293d74.10f0: Size: 0xa4210
8303d74.10f0: NT Headers: 0xf0
8313d74.10f0: Timestamp: 0x634589c0
8323d74.10f0: Machine: 0x8664 - amd64
8333d74.10f0: Timestamp: 0x634589c0
8343d74.10f0: Image Version: 10.0
8353d74.10f0: SizeOfImage: 0xa3000 (667648)
8363d74.10f0: Resource Dir: 0xa1000 LB 0x388
8373d74.10f0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
8383d74.10f0: [Raw version resource data: 0xa1060 LB 0x328, codepage 0x0 (reserved 0x0)]
8393d74.10f0: ProductName: Avast Antivirus
8403d74.10f0: ProductVersion: 22.10.441.0
8413d74.10f0: FileVersion: 22.10.441.0
8423d74.10f0: FileDescription: Avast Self Protection
8433d74.10f0: \SystemRoot\System32\drivers\aswStm.sys:
8443d74.10f0: CreationTime: 2022-11-01T13:01:14.321288500Z
8453d74.10f0: LastWriteTime: 2022-11-01T13:01:12.717884700Z
8463d74.10f0: ChangeTime: 2022-11-01T14:55:16.468424700Z
8473d74.10f0: FileAttributes: 0x20
8483d74.10f0: Size: 0x362f8
8493d74.10f0: NT Headers: 0xf0
8503d74.10f0: Timestamp: 0x634589cc
8513d74.10f0: Machine: 0x8664 - amd64
8523d74.10f0: Timestamp: 0x634589cc
8533d74.10f0: Image Version: 10.0
8543d74.10f0: SizeOfImage: 0x34000 (212992)
8553d74.10f0: Resource Dir: 0x32000 LB 0x390
8563d74.10f0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
8573d74.10f0: [Raw version resource data: 0x32060 LB 0x32c, codepage 0x0 (reserved 0x0)]
8583d74.10f0: ProductName: Avast Antivirus
8593d74.10f0: ProductVersion: 22.10.441.0
8603d74.10f0: FileVersion: 22.10.441.0
8613d74.10f0: FileDescription: Avast Stream Filter
8623d74.10f0: \SystemRoot\System32\drivers\aswVmm.sys:
8633d74.10f0: CreationTime: 2022-03-14T16:18:13.899636700Z
8643d74.10f0: LastWriteTime: 2022-11-01T13:01:12.958512000Z
8653d74.10f0: ChangeTime: 2022-11-01T13:01:12.958512000Z
8663d74.10f0: FileAttributes: 0x20
8673d74.10f0: Size: 0x500d8
8683d74.10f0: NT Headers: 0xf8
8693d74.10f0: Timestamp: 0x634589c5
8703d74.10f0: Machine: 0x8664 - amd64
8713d74.10f0: Timestamp: 0x634589c5
8723d74.10f0: Image Version: 10.0
8733d74.10f0: SizeOfImage: 0x4c000 (311296)
8743d74.10f0: Resource Dir: 0x4a000 LB 0x388
8753d74.10f0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
8763d74.10f0: [Raw version resource data: 0x4a060 LB 0x328, codepage 0x0 (reserved 0x0)]
8773d74.10f0: ProductName: Avast Antivirus
8783d74.10f0: ProductVersion: 22.10.441.0
8793d74.10f0: FileVersion: 22.10.441.0
8803d74.10f0: FileDescription: Avast VM Monitor
8813d74.10f0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox'
8823d74.10f0: Calling main()
8833d74.10f0: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
8843d74.10f0: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox'
8853d74.10f0: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
8863d74.10f0: '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
8873d74.10f0: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
8883d74.10f0: SUPR3HardenedMain: Respawn #2
8893d74.10f0: supR3HardNtEnableThreadCreationEx:
8903d74.10f0: supR3HardenedDllNotificationCallback: load 00007ffdd5020000 LB 0x0009e000 C:\Windows\System32\sechost.dll [fFlags=0x0]
8913d74.10f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\sechost.dll)
8923d74.10f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\sechost.dll
8933d74.10f0: '\Device\HarddiskVolume8\Windows\System32\ntdll.dll' has no imports
8943d74.10f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\ntdll.dll)
8953d74.10f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\ntdll.dll
8963d74.10f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
8973d74.10f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd6f40000 'C:\Windows\System32\ntdll.dll'
8983d74.10f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\KernelBase.dll [lacks WinVerifyTrust]
8993d74.10f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\KernelBase.dll (Input=KernelBase, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
9003d74.10f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4410000 'C:\Windows\System32\KernelBase.dll'
9013d74.10f0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffdd6fbac10 pvNtTerminateThread=00007ffdd6fe45d0
9023d74.10f0: supR3HardenedWinDoReSpawn(2): New child 56f0.5ef4 [kernel32].
9033d74.10f0: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
9043d74.10f0: supR3HardNtChildGatherData: PebBaseAddress=0000003e2919f000 cbPeb=0x388
9053d74.10f0: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffdd6f40000 uNtDllChildAddr=00007ffdd6f40000
9063d74.10f0: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffdd6fbac10
9073d74.10f0: supR3HardenedWinSetupChildInit: Initial context:
908 rax=0000000000000000 rbx=0000000000000000 rcx=00007ff60167b7a0 rdx=0000003e2919f000
909 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
910 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
911 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
912 rip=00007ffdd6f44830 rsp=0000003e28f4fcd8 rbp=0000000000000000 ctxflags=0010001b
913 cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
914 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
915 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
916 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
917 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
9183d74.10f0: kernel32.dll: timestamp 0x9416e42c (rc=VINF_SUCCESS)
9193d74.10f0: supR3HardenedWinSetupChildInit: Start child.
9203d74.10f0: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms.
9213d74.10f0: supR3HardNtChildPurify: Startup delay kludge #1/0: 513 ms, 33 sleeps
9223d74.10f0: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
9233d74.10f0: *0000000000000000-000000007ffdffff 0x0001/0x0000 0x0000000
9243d74.10f0: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
9253d74.10f0: 000000007ffe1000-000000007ffe6fff 0x0001/0x0000 0x0000000
9263d74.10f0: *000000007ffe7000-000000007ffe7fff 0x0002/0x0002 0x0020000
9273d74.10f0: 000000007ffe8000-0000003e28e4ffff 0x0001/0x0000 0x0000000
9283d74.10f0: *0000003e28e50000-0000003e28f4afff 0x0000/0x0004 0x0020000
9293d74.10f0: 0000003e28f4b000-0000003e28f4dfff 0x0104/0x0004 0x0020000
9303d74.10f0: 0000003e28f4e000-0000003e28f4ffff 0x0004/0x0004 0x0020000
9313d74.10f0: 0000003e28f50000-0000003e28ffffff 0x0001/0x0000 0x0000000
9323d74.10f0: *0000003e29000000-0000003e2919efff 0x0000/0x0004 0x0020000
9333d74.10f0: 0000003e2919f000-0000003e291a1fff 0x0004/0x0004 0x0020000
9343d74.10f0: 0000003e291a2000-0000003e291fffff 0x0000/0x0004 0x0020000
9353d74.10f0: 0000003e29200000-000001845113ffff 0x0001/0x0000 0x0000000
9363d74.10f0: *0000018451140000-000001845115ffff 0x0004/0x0004 0x0020000
9373d74.10f0: *0000018451160000-000001845117efff 0x0002/0x0002 0x0040000
9383d74.10f0: 000001845117f000-000001845117ffff 0x0001/0x0000 0x0000000
9393d74.10f0: *0000018451180000-0000018451180fff 0x0020/0x0020 0x0040000 !!
9403d74.10f0: supHardNtVpScanVirtualMemory: Unmapping exec mem at 0000018451180000 (0000018451180000/0000018451180000 LB 0x1000)
9413d74.10f0: 0000018451181000-000001845118ffff 0x0001/0x0000 0x0000000
9423d74.10f0: *0000018451190000-0000018451193fff 0x0002/0x0002 0x0040000
9433d74.10f0: 0000018451194000-000001845119ffff 0x0001/0x0000 0x0000000
9443d74.10f0: *00000184511a0000-00000184511a0fff 0x0002/0x0002 0x0040000
9453d74.10f0: 00000184511a1000-00000184511affff 0x0001/0x0000 0x0000000
9463d74.10f0: *00000184511b0000-00000184511b1fff 0x0004/0x0004 0x0020000
9473d74.10f0: 00000184511b2000-00007df5a5d6ffff 0x0001/0x0000 0x0000000
9483d74.10f0: *00007df5a5d70000-00007df5a5d70fff 0x0002/0x0002 0x0040000
9493d74.10f0: 00007df5a5d71000-00007df5a5d7ffff 0x0001/0x0000 0x0000000
9503d74.10f0: *00007df5a5d80000-00007df5a7b11fff 0x0000/0x0001 0x0040000
9513d74.10f0: 00007df5a7b12000-00007df5a7b79fff 0x0001/0x0001 0x0040000
9523d74.10f0: 00007df5a7b7a000-00007dfbb71c5fff 0x0000/0x0001 0x0040000
9533d74.10f0: 00007dfbb71c6000-00007dfbb71c6fff 0x0002/0x0001 0x0040000
9543d74.10f0: 00007dfbb71c7000-00007ff57ddd8fff 0x0000/0x0001 0x0040000
9553d74.10f0: 00007ff57ddd9000-00007ff57dddefff 0x0002/0x0001 0x0040000
9563d74.10f0: 00007ff57dddf000-00007ff599559fff 0x0000/0x0001 0x0040000
9573d74.10f0: 00007ff59955a000-00007ff59d33cfff 0x0001/0x0001 0x0040000
9583d74.10f0: 00007ff59d33d000-00007ff59d345fff 0x0002/0x0001 0x0040000
9593d74.10f0: 00007ff59d346000-00007ff5a5d7ffff 0x0000/0x0001 0x0040000
9603d74.10f0: 00007ff5a5d80000-00007ff60166ffff 0x0001/0x0000 0x0000000
9613d74.10f0: *00007ff601670000-00007ff601670fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
9623d74.10f0: 00007ff601671000-00007ff6016dafff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
9633d74.10f0: 00007ff6016db000-00007ff6016dbfff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
9643d74.10f0: 00007ff6016dc000-00007ff60172efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
9653d74.10f0: 00007ff60172f000-00007ff60172ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
9663d74.10f0: 00007ff601730000-00007ff601730fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
9673d74.10f0: 00007ff601731000-00007ff601735fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
9683d74.10f0: 00007ff601736000-00007ff60173bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
9693d74.10f0: 00007ff60173c000-00007ff601783fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
9703d74.10f0: 00007ff601784000-00007ffdd6f3ffff 0x0001/0x0000 0x0000000
9713d74.10f0: *00007ffdd6f40000-00007ffdd6f40fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll
9723d74.10f0: 00007ffdd6f41000-00007ffdd706bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll
9733d74.10f0: 00007ffdd706c000-00007ffdd70b3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll
9743d74.10f0: 00007ffdd70b4000-00007ffdd70bffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll
9753d74.10f0: 00007ffdd70c0000-00007ffdd70cefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll
9763d74.10f0: 00007ffdd70cf000-00007ffdd70cffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll
9773d74.10f0: 00007ffdd70d0000-00007ffdd70d2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll
9783d74.10f0: 00007ffdd70d3000-00007ffdd7148fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll
9793d74.10f0: 00007ffdd7149000-00007ffffffeffff 0x0001/0x0000 0x0000000
9803d74.10f0: VirtualBoxVM.exe: timestamp 0x6375031d (rc=VINF_SUCCESS)
9813d74.10f0: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
9823d74.10f0: '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
9833d74.10f0: VirtualBoxVM.exe: Differences in section #8 (.rsrc) between file and memory:
9843d74.10f0: 00007ff6017825f4 / 0x01125f4: 00 != 50
9853d74.10f0: 00007ff6017825f5 / 0x01125f5: 00 != 41
9863d74.10f0: 00007ff6017825f6 / 0x01125f6: 00 != 44
9873d74.10f0: 00007ff6017825f7 / 0x01125f7: 00 != 44
9883d74.10f0: 00007ff6017825f8 / 0x01125f8: 00 != 49
9893d74.10f0: 00007ff6017825f9 / 0x01125f9: 00 != 4e
9903d74.10f0: 00007ff6017825fa / 0x01125fa: 00 != 47
9913d74.10f0: 00007ff6017825fb / 0x01125fb: 00 != 58
9923d74.10f0: 00007ff6017825fc / 0x01125fc: 00 != 58
9933d74.10f0: 00007ff6017825fd / 0x01125fd: 00 != 50
9943d74.10f0: 00007ff6017825fe / 0x01125fe: 00 != 41
9953d74.10f0: 00007ff6017825ff / 0x01125ff: 00 != 44
9963d74.10f0: Restored 0xa0c bytes of original file content at 00007ff6017825f4
9973d74.10f0: '\Device\HarddiskVolume8\Windows\System32\ntdll.dll' has no imports
9983d74.10f0: supR3HardNtChildPurify: cFixes=2 g_fSupAdversaries=0x4
9993d74.10f0: supR3HardNtChildPurify: Startup delay kludge #1/1: 514 ms, 33 sleeps
10003d74.10f0: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
10013d74.10f0: *0000000000000000-000000007ffdffff 0x0001/0x0000 0x0000000
10023d74.10f0: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
10033d74.10f0: 000000007ffe1000-000000007ffe6fff 0x0001/0x0000 0x0000000
10043d74.10f0: *000000007ffe7000-000000007ffe7fff 0x0002/0x0002 0x0020000
10053d74.10f0: 000000007ffe8000-0000003e28e4ffff 0x0001/0x0000 0x0000000
10063d74.10f0: *0000003e28e50000-0000003e28f4afff 0x0000/0x0004 0x0020000
10073d74.10f0: 0000003e28f4b000-0000003e28f4dfff 0x0104/0x0004 0x0020000
10083d74.10f0: 0000003e28f4e000-0000003e28f4ffff 0x0004/0x0004 0x0020000
10093d74.10f0: 0000003e28f50000-0000003e28ffffff 0x0001/0x0000 0x0000000
10103d74.10f0: *0000003e29000000-0000003e2919efff 0x0000/0x0004 0x0020000
10113d74.10f0: 0000003e2919f000-0000003e291a1fff 0x0004/0x0004 0x0020000
10123d74.10f0: 0000003e291a2000-0000003e291fffff 0x0000/0x0004 0x0020000
10133d74.10f0: 0000003e29200000-000001845113ffff 0x0001/0x0000 0x0000000
10143d74.10f0: *0000018451140000-000001845115ffff 0x0004/0x0004 0x0020000
10153d74.10f0: *0000018451160000-000001845117efff 0x0002/0x0002 0x0040000
10163d74.10f0: 000001845117f000-000001845118ffff 0x0001/0x0000 0x0000000
10173d74.10f0: *0000018451190000-0000018451193fff 0x0002/0x0002 0x0040000
10183d74.10f0: 0000018451194000-000001845119ffff 0x0001/0x0000 0x0000000
10193d74.10f0: *00000184511a0000-00000184511a0fff 0x0002/0x0002 0x0040000
10203d74.10f0: 00000184511a1000-00000184511affff 0x0001/0x0000 0x0000000
10213d74.10f0: *00000184511b0000-00000184511b1fff 0x0004/0x0004 0x0020000
10223d74.10f0: 00000184511b2000-00007df5a5d6ffff 0x0001/0x0000 0x0000000
10233d74.10f0: *00007df5a5d70000-00007df5a5d70fff 0x0002/0x0002 0x0040000
10243d74.10f0: 00007df5a5d71000-00007df5a5d7ffff 0x0001/0x0000 0x0000000
10253d74.10f0: *00007df5a5d80000-00007df5a7b11fff 0x0000/0x0001 0x0040000
10263d74.10f0: 00007df5a7b12000-00007df5a7b79fff 0x0001/0x0001 0x0040000
10273d74.10f0: 00007df5a7b7a000-00007dfbb71c5fff 0x0000/0x0001 0x0040000
10283d74.10f0: 00007dfbb71c6000-00007dfbb71c6fff 0x0002/0x0001 0x0040000
10293d74.10f0: 00007dfbb71c7000-00007ff57ddd8fff 0x0000/0x0001 0x0040000
10303d74.10f0: 00007ff57ddd9000-00007ff57dddefff 0x0002/0x0001 0x0040000
10313d74.10f0: 00007ff57dddf000-00007ff599559fff 0x0000/0x0001 0x0040000
10323d74.10f0: 00007ff59955a000-00007ff59d33cfff 0x0001/0x0001 0x0040000
10333d74.10f0: 00007ff59d33d000-00007ff59d345fff 0x0002/0x0001 0x0040000
10343d74.10f0: 00007ff59d346000-00007ff5a5d7ffff 0x0000/0x0001 0x0040000
10353d74.10f0: 00007ff5a5d80000-00007ff60166ffff 0x0001/0x0000 0x0000000
10363d74.10f0: *00007ff601670000-00007ff601670fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
10373d74.10f0: 00007ff601671000-00007ff6016dafff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
10383d74.10f0: 00007ff6016db000-00007ff6016dbfff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
10393d74.10f0: 00007ff6016dc000-00007ff60172efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
10403d74.10f0: 00007ff60172f000-00007ff60173bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
10413d74.10f0: 00007ff60173c000-00007ff601783fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
10423d74.10f0: 00007ff601784000-00007ffdd6f3ffff 0x0001/0x0000 0x0000000
10433d74.10f0: *00007ffdd6f40000-00007ffdd6f40fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll
10443d74.10f0: 00007ffdd6f41000-00007ffdd706bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll
10453d74.10f0: 00007ffdd706c000-00007ffdd70b3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll
10463d74.10f0: 00007ffdd70b4000-00007ffdd70b7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll
10473d74.10f0: 00007ffdd70b8000-00007ffdd70bffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll
10483d74.10f0: 00007ffdd70c0000-00007ffdd70cefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll
10493d74.10f0: 00007ffdd70cf000-00007ffdd70cffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll
10503d74.10f0: 00007ffdd70d0000-00007ffdd70d2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll
10513d74.10f0: 00007ffdd70d3000-00007ffdd7148fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Windows\System32\ntdll.dll
10523d74.10f0: 00007ffdd7149000-00007ffffffeffff 0x0001/0x0000 0x0000000
10533d74.10f0: supR3HardNtChildPurify: Done after 1052 ms and 2 fixes (loop #1).
105456f0.5ef4: supR3HardenedVmProcessInit: uNtDllAddr=00007ffdd6f40000 g_uNtVerCombined=0xa055f000 (stack ~0000003e28f4eaa0)
10553d74.10f0: supR3HardenedEarlyCompact: Removed heap 1 (0x0001dc5d470000 LB 0x800000)
105656f0.5ef4: ntdll.dll: timestamp 0x57b668f2 (rc=VINF_SUCCESS)
10573d74.10f0: supR3HardNtEnableThreadCreationEx:
105856f0.5ef4: New simple heap: #1 00000184512c0000 LB 0x800000 (for 2134016 allocation)
105956f0.5ef4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox'
106056f0.5ef4: System32: \Device\HarddiskVolume8\Windows\System32
106156f0.5ef4: WinSxS: \Device\HarddiskVolume8\Windows\WinSxS
106256f0.5ef4: KnownDllPath: C:\Windows\System32
106356f0.5ef4: supR3HardenedVmProcessInit: Opening vboxsup...
106456f0.5ef4: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
106556f0.5ef4: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
106656f0.5ef4: Registered Dll notification callback with NTDLL.
106756f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\kernel32.dll)
106856f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\kernel32.dll
106956f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
107056f0.5ef4: supR3HardenedMonitor_KiUserApcDispatcher_C: pfnRoutine=0000018451180088 enmState=4 -> supR3HardenedWinDummyApcRoutine
107156f0.5ef4: supR3HardenedWinDummyApcRoutine: pvArg1=0000018451180000 pvArg2=0000000000000000 pvArg3=0000000000000000
107256f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd4410000 LB 0x0037b000 C:\Windows\System32\KERNELBASE.dll [fFlags=0x0]
107356f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\KernelBase.dll)
107456f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\KernelBase.dll
107556f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd5270000 LB 0x000be000 C:\Windows\System32\KERNEL32.DLL [fFlags=0x0]
107656f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
107756f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd5270000 'C:\Windows\System32\KERNEL32.DLL'
107856f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ff601670000 LB 0x00114000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
107956f0.5ef4: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
108056f0.5ef4: '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
108156f0.5ef4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
108256f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
108356f0.5ef4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffdd6fbac10 pvNtTerminateThread=00007ffdd6fe45d0
10843d74.10f0: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 70 ms.
108556f0.5ef4: \SystemRoot\System32\ntdll.dll:
108656f0.5ef4: CreationTime: 2022-09-15T09:57:05.594340100Z
108756f0.5ef4: LastWriteTime: 2022-09-15T09:57:05.628540200Z
108856f0.5ef4: ChangeTime: 2022-11-09T23:47:10.845416100Z
108956f0.5ef4: FileAttributes: 0x20
109056f0.5ef4: Size: 0x207df8
109156f0.5ef4: NT Headers: 0xe0
109256f0.5ef4: Timestamp: 0x57b668f2
109356f0.5ef4: Machine: 0x8664 - amd64
109456f0.5ef4: Timestamp: 0x57b668f2
109556f0.5ef4: Image Version: 10.0
109656f0.5ef4: SizeOfImage: 0x209000 (2134016)
109756f0.5ef4: Resource Dir: 0x194000 LB 0x73528
109856f0.5ef4: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
109956f0.5ef4: [Raw version resource data: 0x1940f0 LB 0x380, codepage 0x0 (reserved 0x0)]
110056f0.5ef4: ProductName: Microsoft® Windows® Operating System
110156f0.5ef4: ProductVersion: 10.0.22000.918
110256f0.5ef4: FileVersion: 10.0.22000.918 (WinBuild.160101.0800)
110356f0.5ef4: FileDescription: NT Layer DLL
110456f0.5ef4: \SystemRoot\System32\kernel32.dll:
110556f0.5ef4: CreationTime: 2022-11-09T23:45:56.720455400Z
110656f0.5ef4: LastWriteTime: 2022-11-09T23:45:56.734459100Z
110756f0.5ef4: ChangeTime: 2022-11-10T13:40:54.323737900Z
110856f0.5ef4: FileAttributes: 0x20
110956f0.5ef4: Size: 0xc1060
111056f0.5ef4: NT Headers: 0xe8
111156f0.5ef4: Timestamp: 0x9416e42c
111256f0.5ef4: Machine: 0x8664 - amd64
111356f0.5ef4: Timestamp: 0x9416e42c
111456f0.5ef4: Image Version: 10.0
111556f0.5ef4: SizeOfImage: 0xbe000 (778240)
111656f0.5ef4: Resource Dir: 0xbc000 LB 0x520
111756f0.5ef4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
111856f0.5ef4: [Raw version resource data: 0xbc0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
111956f0.5ef4: ProductName: Microsoft® Windows® Operating System
112056f0.5ef4: ProductVersion: 10.0.22000.1219
112156f0.5ef4: FileVersion: 10.0.22000.1219 (WinBuild.160101.0800)
112256f0.5ef4: FileDescription: Windows NT BASE API Client DLL
112356f0.5ef4: \SystemRoot\System32\KernelBase.dll:
112456f0.5ef4: CreationTime: 2022-11-09T23:46:00.173868600Z
112556f0.5ef4: LastWriteTime: 2022-11-09T23:46:00.263888800Z
112656f0.5ef4: ChangeTime: 2022-11-10T13:40:54.354991400Z
112756f0.5ef4: FileAttributes: 0x20
112856f0.5ef4: Size: 0x3822b8
112956f0.5ef4: NT Headers: 0xf8
113056f0.5ef4: Timestamp: 0x2a439301
113156f0.5ef4: Machine: 0x8664 - amd64
113256f0.5ef4: Timestamp: 0x2a439301
113356f0.5ef4: Image Version: 10.0
113456f0.5ef4: SizeOfImage: 0x37b000 (3649536)
113556f0.5ef4: Resource Dir: 0x34b000 LB 0x548
113656f0.5ef4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
113756f0.5ef4: [Raw version resource data: 0x34b0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
113856f0.5ef4: ProductName: Microsoft® Windows® Operating System
113956f0.5ef4: ProductVersion: 10.0.22000.1165
114056f0.5ef4: FileVersion: 10.0.22000.1165 (WinBuild.160101.0800)
114156f0.5ef4: FileDescription: Windows NT BASE API Client DLL
114256f0.5ef4: \SystemRoot\System32\apisetschema.dll:
114356f0.5ef4: CreationTime: 2021-06-05T12:04:59.928787900Z
114456f0.5ef4: LastWriteTime: 2021-06-05T12:04:59.928787900Z
114556f0.5ef4: ChangeTime: 2022-11-09T23:47:09.633374300Z
114656f0.5ef4: FileAttributes: 0x20
114756f0.5ef4: Size: 0x24150
114856f0.5ef4: NT Headers: 0xc8
114956f0.5ef4: Timestamp: 0x68d1dbaf
115056f0.5ef4: Machine: 0x8664 - amd64
115156f0.5ef4: Timestamp: 0x68d1dbaf
115256f0.5ef4: Image Version: 10.0
115356f0.5ef4: SizeOfImage: 0x23000 (143360)
115456f0.5ef4: Resource Dir: 0x22000 LB 0x408
115556f0.5ef4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
115656f0.5ef4: [Raw version resource data: 0x22060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
115756f0.5ef4: ProductName: Microsoft® Windows® Operating System
115856f0.5ef4: ProductVersion: 10.0.22000.1
115956f0.5ef4: FileVersion: 10.0.22000.1 (WinBuild.160101.0800)
116056f0.5ef4: FileDescription: ApiSet Schema DLL
116156f0.5ef4: NtOpenDirectoryObject failed on \Driver: 0xc0000022
116256f0.5ef4: supR3HardenedWinFindAdversaries: 0x4
116356f0.5ef4: \SystemRoot\System32\drivers\aswMonFlt.sys:
116456f0.5ef4: CreationTime: 2022-03-14T16:18:13.893635300Z
116556f0.5ef4: LastWriteTime: 2022-11-01T13:01:12.555584300Z
116656f0.5ef4: ChangeTime: 2022-11-01T13:01:12.555584300Z
116756f0.5ef4: FileAttributes: 0x20
116856f0.5ef4: Size: 0x43828
116956f0.5ef4: NT Headers: 0xe0
117056f0.5ef4: Timestamp: 0x634589ab
117156f0.5ef4: Machine: 0x8664 - amd64
117256f0.5ef4: Timestamp: 0x634589ab
117356f0.5ef4: Image Version: 10.0
117456f0.5ef4: SizeOfImage: 0x44000 (278528)
117556f0.5ef4: Resource Dir: 0x42000 LB 0x3a0
117656f0.5ef4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
117756f0.5ef4: [Raw version resource data: 0x42060 LB 0x340, codepage 0x0 (reserved 0x0)]
117856f0.5ef4: ProductName: Avast Antivirus
117956f0.5ef4: ProductVersion: 22.10.441.0
118056f0.5ef4: FileVersion: 22.10.441.0
118156f0.5ef4: FileDescription: Avast File System Filter
118256f0.5ef4: \SystemRoot\System32\drivers\aswRdr2.sys:
118356f0.5ef4: CreationTime: 2022-03-14T16:18:13.891634800Z
118456f0.5ef4: LastWriteTime: 2022-11-01T13:01:12.546789900Z
118556f0.5ef4: ChangeTime: 2022-11-01T13:01:12.546789900Z
118656f0.5ef4: FileAttributes: 0x20
118756f0.5ef4: Size: 0x1bf20
118856f0.5ef4: NT Headers: 0xe8
118956f0.5ef4: Timestamp: 0x634589bb
119056f0.5ef4: Machine: 0x8664 - amd64
119156f0.5ef4: Timestamp: 0x634589bb
119256f0.5ef4: Image Version: 10.0
119356f0.5ef4: SizeOfImage: 0x1b000 (110592)
119456f0.5ef4: Resource Dir: 0x19000 LB 0x388
119556f0.5ef4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
119656f0.5ef4: [Raw version resource data: 0x19060 LB 0x324, codepage 0x0 (reserved 0x0)]
119756f0.5ef4: ProductName: Avast Antivirus
119856f0.5ef4: ProductVersion: 22.10.441.0
119956f0.5ef4: FileVersion: 22.10.441.0
120056f0.5ef4: FileDescription: Avast Antivirus
120156f0.5ef4: \SystemRoot\System32\drivers\aswRvrt.sys:
120256f0.5ef4: CreationTime: 2022-03-14T16:18:13.894635600Z
120356f0.5ef4: LastWriteTime: 2022-11-01T13:01:12.564474100Z
120456f0.5ef4: ChangeTime: 2022-11-01T13:01:12.564474100Z
120556f0.5ef4: FileAttributes: 0x20
120656f0.5ef4: Size: 0x15f98
120756f0.5ef4: NT Headers: 0xf0
120856f0.5ef4: Timestamp: 0x634589ba
120956f0.5ef4: Machine: 0x8664 - amd64
121056f0.5ef4: Timestamp: 0x634589ba
121156f0.5ef4: Image Version: 10.0
121256f0.5ef4: SizeOfImage: 0x13000 (77824)
121356f0.5ef4: Resource Dir: 0x11000 LB 0x380
121456f0.5ef4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
121556f0.5ef4: [Raw version resource data: 0x11060 LB 0x320, codepage 0x0 (reserved 0x0)]
121656f0.5ef4: ProductName: Avast Antivirus
121756f0.5ef4: ProductVersion: 22.10.441.0
121856f0.5ef4: FileVersion: 22.10.441.0
121956f0.5ef4: FileDescription: Avast Revert
122056f0.5ef4: \SystemRoot\System32\drivers\aswSnx.sys:
122156f0.5ef4: CreationTime: 2022-03-14T16:18:13.887634000Z
122256f0.5ef4: LastWriteTime: 2022-11-01T13:01:10.962228800Z
122356f0.5ef4: ChangeTime: 2022-11-01T13:01:10.962228800Z
122456f0.5ef4: FileAttributes: 0x20
122556f0.5ef4: Size: 0xd2ad8
122656f0.5ef4: NT Headers: 0xf8
122756f0.5ef4: Timestamp: 0x634589ce
122856f0.5ef4: Machine: 0x8664 - amd64
122956f0.5ef4: Timestamp: 0x634589ce
123056f0.5ef4: Image Version: 10.0
123156f0.5ef4: SizeOfImage: 0xce000 (843776)
123256f0.5ef4: Resource Dir: 0xcb000 LB 0x388
123356f0.5ef4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
123456f0.5ef4: [Raw version resource data: 0xcb060 LB 0x324, codepage 0x0 (reserved 0x0)]
123556f0.5ef4: ProductName: Avast Antivirus
123656f0.5ef4: ProductVersion: 22.10.441.0
123756f0.5ef4: FileVersion: 22.10.441.0
123856f0.5ef4: FileDescription: Avast Antivirus
123956f0.5ef4: \SystemRoot\System32\drivers\aswsp.sys:
124056f0.5ef4: CreationTime: 2022-03-14T16:18:13.895636200Z
124156f0.5ef4: LastWriteTime: 2022-11-01T13:01:12.572290600Z
124256f0.5ef4: ChangeTime: 2022-11-01T13:01:12.572290600Z
124356f0.5ef4: FileAttributes: 0x20
124456f0.5ef4: Size: 0xa4210
124556f0.5ef4: NT Headers: 0xf0
124656f0.5ef4: Timestamp: 0x634589c0
124756f0.5ef4: Machine: 0x8664 - amd64
124856f0.5ef4: Timestamp: 0x634589c0
124956f0.5ef4: Image Version: 10.0
125056f0.5ef4: SizeOfImage: 0xa3000 (667648)
125156f0.5ef4: Resource Dir: 0xa1000 LB 0x388
125256f0.5ef4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
125356f0.5ef4: [Raw version resource data: 0xa1060 LB 0x328, codepage 0x0 (reserved 0x0)]
125456f0.5ef4: ProductName: Avast Antivirus
125556f0.5ef4: ProductVersion: 22.10.441.0
125656f0.5ef4: FileVersion: 22.10.441.0
125756f0.5ef4: FileDescription: Avast Self Protection
125856f0.5ef4: \SystemRoot\System32\drivers\aswStm.sys:
125956f0.5ef4: CreationTime: 2022-11-01T13:01:14.321288500Z
126056f0.5ef4: LastWriteTime: 2022-11-01T13:01:12.717884700Z
126156f0.5ef4: ChangeTime: 2022-11-01T14:55:16.468424700Z
126256f0.5ef4: FileAttributes: 0x20
126356f0.5ef4: Size: 0x362f8
126456f0.5ef4: NT Headers: 0xf0
126556f0.5ef4: Timestamp: 0x634589cc
126656f0.5ef4: Machine: 0x8664 - amd64
126756f0.5ef4: Timestamp: 0x634589cc
126856f0.5ef4: Image Version: 10.0
126956f0.5ef4: SizeOfImage: 0x34000 (212992)
127056f0.5ef4: Resource Dir: 0x32000 LB 0x390
127156f0.5ef4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
127256f0.5ef4: [Raw version resource data: 0x32060 LB 0x32c, codepage 0x0 (reserved 0x0)]
127356f0.5ef4: ProductName: Avast Antivirus
127456f0.5ef4: ProductVersion: 22.10.441.0
127556f0.5ef4: FileVersion: 22.10.441.0
127656f0.5ef4: FileDescription: Avast Stream Filter
127756f0.5ef4: \SystemRoot\System32\drivers\aswVmm.sys:
127856f0.5ef4: CreationTime: 2022-03-14T16:18:13.899636700Z
127956f0.5ef4: LastWriteTime: 2022-11-01T13:01:12.958512000Z
128056f0.5ef4: ChangeTime: 2022-11-01T13:01:12.958512000Z
128156f0.5ef4: FileAttributes: 0x20
128256f0.5ef4: Size: 0x500d8
128356f0.5ef4: NT Headers: 0xf8
128456f0.5ef4: Timestamp: 0x634589c5
128556f0.5ef4: Machine: 0x8664 - amd64
128656f0.5ef4: Timestamp: 0x634589c5
128756f0.5ef4: Image Version: 10.0
128856f0.5ef4: SizeOfImage: 0x4c000 (311296)
128956f0.5ef4: Resource Dir: 0x4a000 LB 0x388
129056f0.5ef4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
129156f0.5ef4: [Raw version resource data: 0x4a060 LB 0x328, codepage 0x0 (reserved 0x0)]
129256f0.5ef4: ProductName: Avast Antivirus
129356f0.5ef4: ProductVersion: 22.10.441.0
129456f0.5ef4: FileVersion: 22.10.441.0
129556f0.5ef4: FileDescription: Avast VM Monitor
129656f0.5ef4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox'
129756f0.5ef4: Calling main()
129856f0.5ef4: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
129956f0.5ef4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox'
130056f0.5ef4: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
130156f0.5ef4: '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
130256f0.5ef4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
130356f0.5ef4: SUPR3HardenedMain: Final process, opening VBoxDrv...
130456f0.5ef4: supR3HardenedEarlyCompact: Removed heap 1 (0x000184512c0000 LB 0x800000)
130556f0.5ef4: supR3HardNtEnableThreadCreationEx:
130656f0.5ef4: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxSupLib.dll: Signature #1/2: info status: 24202
130756f0.5ef4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
130856f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
130956f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
131056f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (24202) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
131156f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd0930000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
131256f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (24202) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
131356f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (24202) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
131456f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
131556f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd0930000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
131656f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (24202) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
131756f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
131856f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd0930000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
131956f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd0930000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
132056f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
132156f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'rpcrt4.dll'.
132256f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\wintrust.dll)
132356f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\wintrust.dll
132456f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
132556f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume8\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
132656f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\rpcrt4.dll)
132756f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\rpcrt4.dll
132856f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
132956f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
133056f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\msvcrt.dll)
133156f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\msvcrt.dll
133256f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
133356f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd4dd0000 LB 0x000a3000 C:\Windows\System32\msvcrt.dll [fFlags=0x0]
133456f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
133556f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd57d0000 LB 0x00120000 C:\Windows\System32\RPCRT4.dll [fFlags=0x0]
133656f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
133756f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd4790000 LB 0x00068000 C:\Windows\System32\Wintrust.dll [fFlags=0x0]
133856f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
133956f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd49d0000 LB 0x00111000 C:\Windows\System32\ucrtbase.dll [fFlags=0x0]
134056f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\ucrtbase.dll)
134156f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\ucrtbase.dll
134256f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd4af0000 LB 0x00162000 C:\Windows\System32\CRYPT32.dll [fFlags=0x0]
134356f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\crypt32.dll)
134456f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\crypt32.dll
134556f0.5ef4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
134656f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
134756f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4410000 'api-ms-win-core-synch-l1-2-0'
134856f0.5ef4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
134956f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
135056f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4410000 'api-ms-win-core-fibers-l1-1-1'
135156f0.5ef4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
135256f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
135356f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4410000 'api-ms-win-core-synch-l1-2-0'
135456f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\msasn1.dll)
135556f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\msasn1.dll
135656f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd3cc0000 LB 0x00012000 C:\Windows\SYSTEM32\MSASN1.dll [fFlags=0x0]
135756f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
135856f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4790000 'C:\Windows\system32\Wintrust.dll'
135956f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\bcrypt.dll)
136056f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\bcrypt.dll
136156f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
136256f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
136356f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd3df0000 LB 0x00027000 C:\Windows\system32\bcrypt.dll [fFlags=0x0]
136456f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
136556f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd3df0000 'C:\Windows\system32\bcrypt.dll'
136656f0.5ef4: bcrypt.dll loaded at 00007ffdd3df0000, BCryptOpenAlgorithmProvider at 00007ffdd3df5a30, preloading providers:
136756f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\bcryptprimitives.dll)
136856f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\bcryptprimitives.dll
136956f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
137056f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd4950000 LB 0x0007f000 C:\Windows\System32\bcryptprimitives.dll [fFlags=0x0]
137156f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
137256f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4950000 'C:\Windows\system32\bcryptprimitives.dll'
137356f0.5ef4: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=0000018451c70d40)
137456f0.5ef4: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=0000018451c738e0)
137556f0.5ef4: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=0000018451c73c30)
137656f0.5ef4: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000018451c73f80)
137756f0.5ef4: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000018451c742d0)
137856f0.5ef4: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000018451c74620)
137956f0.5ef4: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000018451c74970)
138056f0.5ef4: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000018451c74cc0)
138156f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\cryptsp.dll)
138256f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\cryptsp.dll
138356f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd3c60000 LB 0x00018000 C:\Windows\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
138456f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
138556f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\rsaenh.dll)
138656f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\rsaenh.dll
138756f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
138856f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
138956f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd34e0000 LB 0x00035000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
139056f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
139156f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
139256f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\cryptbase.dll)
139356f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\cryptbase.dll
139456f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd3c80000 LB 0x0000c000 C:\Windows\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
139556f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
139656f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
139756f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
139856f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd5270000 'C:\Windows\System32\kernel32.dll'
139956f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
140056f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
140156f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4790000 'C:\Windows\System32\WINTRUST.DLL'
140256f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
140356f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
140456f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\CRYPT32.dll'
140556f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd5430000 LB 0x0001f000 C:\Windows\System32\imagehlp.dll [fFlags=0x0]
140656f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\imagehlp.dll)
140756f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\imagehlp.dll
140856f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
140956f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
141056f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
141156f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd5020000 LB 0x0009e000 C:\Windows\System32\sechost.dll [fFlags=0x0]
141256f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\sechost.dll)
141356f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\sechost.dll
141456f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
141556f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
141656f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\gpapi.dll)
141756f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\gpapi.dll
141856f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd3ab0000 LB 0x00024000 C:\Windows\SYSTEM32\gpapi.dll [fFlags=0x0]
141956f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
142056f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\profapi.dll)
142156f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\profapi.dll
142256f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd4340000 LB 0x00021000 C:\Windows\SYSTEM32\profapi.dll [fFlags=0x0]
142356f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\profapi.dll [lacks WinVerifyTrust]
142456f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
142556f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
142656f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\cryptnet.dll)
142756f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\cryptnet.dll
142856f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
142956f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume8\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
143056f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
143156f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
143256f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
143356f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
143456f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
143556f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume8\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
143656f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
143756f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
143856f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
143956f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
144056f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
144156f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
144256f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdcc180000 LB 0x00031000 C:\Windows\System32\cryptnet.dll [fFlags=0x0]
144356f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
144456f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
144556f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
144656f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdcc180000 'C:\Windows\System32\cryptnet.dll'
144756f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
144856f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
144956f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdcc180000 'C:\Windows\System32\cryptnet.dll'
145056f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
145156f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
145256f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdcc180000 'C:\Windows\System32\cryptnet.dll'
145356f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
145456f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
145556f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdcc180000 'C:\Windows\System32\cryptnet.dll'
145656f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
145756f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
145856f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdcc180000 'C:\Windows\System32\cryptnet.dll'
145956f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
146056f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
146156f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdcc180000 'C:\Windows\System32\cryptnet.dll'
146256f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
146356f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdcc180000 'C:\Windows\System32\cryptnet.dll'
146456f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
146556f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdcc180000 'C:\Windows\System32\cryptnet.dll'
146656f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
146756f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdcc180000 'C:\Windows\System32\cryptnet.dll'
146856f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
146956f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdcc180000 'C:\Windows\System32\cryptnet.dll'
147056f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
147156f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdcc180000 'C:\Windows\System32\cryptnet.dll'
147256f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdcc180000 'C:\Windows\System32\cryptnet.dll'
147356f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
147456f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdcc180000 'C:\Windows\System32\cryptnet.dll'
147556f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
147656f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
147756f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
147856f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd4e80000 LB 0x000ae000 C:\Windows\System32\advapi32.dll [fFlags=0x0]
147956f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
148056f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.
148156f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
148256f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\advapi32.dll)
148356f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\advapi32.dll
148456f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
148556f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
148656f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume8\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
148756f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
148856f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
148956f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume8\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
149056f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\sechost.dll [lacks WinVerifyTrust]
149156f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
149256f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
149356f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
149456f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
149556f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
149656f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
149756f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
149856f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
149956f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
150056f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000018451cfa530
150156f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000018451cfa530
150256f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DA3EE57CCA65BA0083DDAF4B9E4A6F94689A5B2F
150356f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
150456f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
150556f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd57d0000 'C:\Windows\System32\rpcrt4.dll'
150656f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
150756f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
150856f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
150956f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
151056f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
151156f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
151256f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0415~31bf3856ad364e35~amd64~~10.0.22000.1098.cat'; file='\SystemRoot\System32\ntdll.dll'
151356f0.5ef4: g_pfnWinVerifyTrust=00007ffdd47a04d0
151456f0.5ef4: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
151556f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
151656f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
151756f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
151856f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
151956f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
152056f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
152156f0.5ef4: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\crypt32.dll'
152256f0.5ef4: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
152356f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
152456f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
152556f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
152656f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\crypt32.dll
152756f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
152856f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
152956f0.5ef4: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\wintrust.dll'
153056f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
153156f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
153256f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
153356f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
153456f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\advapi32.dll'
153556f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
153656f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
153756f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
153856f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\cryptnet.dll'
153956f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
154056f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
154156f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
154256f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\profapi.dll'
154356f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
154456f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
154556f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
154656f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\gpapi.dll'
154756f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
154856f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
154956f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
155056f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\sechost.dll'
155156f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
155256f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
155356f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
155456f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\imagehlp.dll'
155556f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
155656f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
155756f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
155856f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\cryptbase.dll'
155956f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
156056f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
156156f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\crypt32.dll
156256f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
156356f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
156456f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\rsaenh.dll'
156556f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\rsaenh.dll
156656f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
156756f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
156856f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
156956f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\cryptsp.dll'
157056f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
157156f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
157256f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\bcryptprimitives.dll'
157356f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
157456f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
157556f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\bcrypt.dll'
157656f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
157756f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
157856f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\msasn1.dll'
157956f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
158056f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
158156f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\ucrtbase.dll'
158256f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
158356f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
158456f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\msvcrt.dll'
158556f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
158656f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
158756f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\rpcrt4.dll'
158856f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
158956f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
159056f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
159156f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
159256f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
159356f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe'
159456f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
159556f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
159656f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\KernelBase.dll'
159756f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
159856f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
159956f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\kernel32.dll'
160056f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\system32\crypt32.dll'
160156f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
160256f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
160356f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0x519cd9e7ee94e200 OU=generated by Avast Antivirus for SSL/TLS scanning, O=Avast Web/Mail Shield, CN=Avast Web/Mail Shield Root
160456f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
160556f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
160656f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
160756f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0x5d583f333e42c000 CN=Harveys_PC
160856f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
160956f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
161056f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0xf3bb4d7e894b420 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC TS Root Certificate Authority 2018
161156f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
161256f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
161356f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018
161456f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0xca58a05dd401ae00 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Time Stamp Root Certificate Authority 2014
161556f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0x2ca429a5c4c6a700 C=IT, L=Milan, O=Actalis S.p.A./03358520967, CN=Actalis Authentication Root CA
161656f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
161756f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0x3d993fde1950a700 C=US, O=IdenTrust, CN=IdenTrust Commercial Root CA 1
161856f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
161956f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0xbbde687390e6bf00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Trusted Root G4
162056f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
162156f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
162256f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
162356f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0xeae16ef49d40be00 C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
162456f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0x3714f47324e8ad00 C=US, O=Internet Security Research Group, CN=ISRG Root X1
162556f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
162656f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
162756f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
162856f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0xb3d6d6c9f168c800 C=FR, O=Dhimyotis, CN=Certigna
162956f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
163056f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
163156f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
163256f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0x4ef92ac43a0cd500 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Services Root Certificate Authority - G2
163356f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
163456f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
163556f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
163656f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0xf966ca73e8079500 OU=GlobalSign Root CA - R6, O=GlobalSign, CN=GlobalSign
163756f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0xbebef0d2217f0bfb C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G3
163856f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
163956f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
164056f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
164156f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
164256f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0xe87add30c52db600 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Code Signing Root R45
164356f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
164456f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
164556f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0xb16dd37ffeb3b300 C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1
164656f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
164756f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
164856f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0x7b3081c535b843ae C=US, O=Google Trust Services LLC, CN=GTS Root R4
164956f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
165056f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0xb9ff821d139e9bf OU=GlobalSign ECC Root CA - R5, O=GlobalSign, CN=GlobalSign
165156f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0xdc1801b225aea100 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 G3
165256f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
165356f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
165456f0.5ef4: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
165556f0.5ef4: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=54
165656f0.5ef4: SUPR3HardenedMain: Load Runtime...
165756f0.5ef4: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxRT.dll: Signature #1/2: info status: 24202
165856f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
165956f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
166056f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.
166156f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140_1.dll'.
166256f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp140.dll'.
166356f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
166456f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'ws2_32.dll'.
166556f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
166656f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxRT.dll
166756f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
166856f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume8\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
166956f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
167056f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
167156f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
167256f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\ws2_32.dll) WinVerifyTrust
167356f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\ws2_32.dll
167456f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
167556f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume8\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
167656f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\rpcrt4.dll
167756f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
167856f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
167956f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
168056f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume8\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
168156f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\rpcrt4.dll
168256f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
168356f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
168456f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.
168556f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140_1.dll'.
168656f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\msvcp140.dll) WinVerifyTrust
168756f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\msvcp140.dll
168856f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
168956f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
169056f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
169156f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
169256f0.5ef4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
169356f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vcruntime140.dll'.
169456f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll)
169556f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll
169656f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
169756f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
169856f0.5ef4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140.dll'.
169956f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\vcruntime140.dll)
170056f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\vcruntime140.dll
170156f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
170256f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
170356f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\vcruntime140.dll [lacks WinVerifyTrust]
170456f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
170556f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\crypt32.dll
170656f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
170756f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
170856f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vcruntime140.dll'.
170956f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll) WinVerifyTrust
171056f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
171156f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
171256f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\vcruntime140.dll [redoing WinVerifyTrust]
171356f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
171456f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
171556f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\vcruntime140.dll [lacks WinVerifyTrust]
171656f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
171756f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
171856f0.5ef4: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140.dll'
171956f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
172056f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxRT.dll
172156f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\vcruntime140.dll
172256f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll [avoiding WinVerifyTrust]
172356f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\msvcp140.dll
172456f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdb28b0000 LB 0x0001b000 C:\Windows\SYSTEM32\VCRUNTIME140.dll [fFlags=0x0]
172556f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\vcruntime140.dll
172656f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdb28a0000 LB 0x0000c000 C:\Windows\SYSTEM32\VCRUNTIME140_1.dll [fFlags=0x0]
172756f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll [avoiding WinVerifyTrust]
172856f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdb28d0000 LB 0x0008e000 C:\Windows\SYSTEM32\MSVCP140.dll [fFlags=0x0]
172956f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\msvcp140.dll
173056f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd58f0000 LB 0x0006f000 C:\Windows\System32\WS2_32.dll [fFlags=0x0]
173156f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\ws2_32.dll
173256f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffcf4db0000 LB 0x006c6000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
173356f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxRT.dll
173456f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
173556f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
173656f0.5ef4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
173756f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
173856f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4410000 'api-ms-win-core-synch-l1-2-0'
173956f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
174056f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
174156f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
174256f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
174356f0.5ef4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
174456f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
174556f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4410000 'api-ms-win-core-fibers-l1-1-1'
174656f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
174756f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
174856f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
174956f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
175056f0.5ef4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
175156f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
175256f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4410000 'api-ms-win-core-synch-l1-2-0'
175356f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
175456f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
175556f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
175656f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
175756f0.5ef4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
175856f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
175956f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4410000 'api-ms-win-core-fibers-l1-1-1'
176056f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
176156f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
176256f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
176356f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
176456f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\kernel32.dll
176556f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
176656f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd5270000 'C:\Windows\System32\kernel32.dll'
176756f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
176856f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
176956f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
177056f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
177156f0.5ef4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
177256f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
177356f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4410000 'api-ms-win-core-string-l1-1-0'
177456f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
177556f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
177656f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
177756f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
177856f0.5ef4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
177956f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
178056f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4410000 'api-ms-win-core-localization-l1-2-1'
178156f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
178256f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
178356f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
178456f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
178556f0.5ef4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
178656f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
178756f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4410000 'api-ms-win-core-datetime-l1-1-1'
178856f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
178956f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
179056f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
179156f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
179256f0.5ef4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
179356f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
179456f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4410000 'api-ms-win-core-localization-obsolete-l1-2-0'
179556f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
179656f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
179756f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
179856f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
179956f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxRT.dll
180056f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
180156f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf4db0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
180256f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
180356f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
180456f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
180556f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
180656f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxRT.dll
180756f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
180856f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf4db0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
180956f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
181056f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
181156f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
181256f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
181356f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxRT.dll
181456f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
181556f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf4db0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
181656f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
181756f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
181856f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
181956f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
182056f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxRT.dll
182156f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
182256f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf4db0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
182356f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
182456f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
182556f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
182656f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
182756f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxRT.dll
182856f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
182956f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf4db0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
183056f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
183156f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
183256f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
183356f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
183456f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxRT.dll
183556f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
183656f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf4db0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
183756f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
183856f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
183956f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
184056f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
184156f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf4db0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
184256f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
184356f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
184456f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
184556f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
184656f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf4db0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
184756f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
184856f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
184956f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
185056f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
185156f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf4db0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
185256f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
185356f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
185456f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
185556f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
185656f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf4db0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
185756f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
185856f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
185956f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
186056f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
186156f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf4db0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
186256f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
186356f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
186456f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
186556f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
186656f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf4db0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
186756f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
186856f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
186956f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
187056f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
187156f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf4db0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
187256f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
187356f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
187456f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
187556f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
187656f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxRT.dll
187756f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
187856f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf4db0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
187956f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
188056f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
188156f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
188256f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
188356f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf4db0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
188456f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
188556f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
188656f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
188756f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
188856f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf4db0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
188956f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
189056f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
189156f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
189256f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
189356f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf4db0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
189456f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
189556f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
189656f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
189756f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
189856f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf4db0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
189956f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
190056f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
190156f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
190256f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
190356f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf4db0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
190456f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
190556f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
190656f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
190756f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
190856f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf4db0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
190956f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
191056f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
191156f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
191256f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
191356f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf4db0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
191456f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
191556f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
191656f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
191756f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
191856f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf4db0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
191956f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
192056f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
192156f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
192256f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
192356f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf4db0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
192456f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
192556f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
192656f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
192756f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
192856f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf4db0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
192956f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
193056f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
193156f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
193256f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
193356f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf4db0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
193456f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
193556f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
193656f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
193756f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
193856f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf4db0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
193956f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
194056f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
194156f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
194256f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
194356f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf4db0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
194456f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
194556f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
194656f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
194756f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
194856f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf4db0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
194956f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
195056f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
195156f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
195256f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
195356f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf4db0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
195456f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
195556f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
195656f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
195756f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
195856f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxRT.dll
195956f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
196056f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf4db0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
196156f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
196256f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
196356f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
196456f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
196556f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf4db0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
196656f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
196756f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
196856f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
196956f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
197056f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf4db0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
197156f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'.
197256f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rescheduled]
197356f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf4db0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
197456f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\rsaenh.dll
197556f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
197656f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
197756f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
197856f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll'
197956f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\wintrust.dll
198056f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
198156f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4790000 'C:\Windows\system32\Wintrust.dll'
198256f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
198356f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
198456f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
198556f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
198656f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\system32\crypt32.dll'
198756f0.5ef4: SUPR3HardenedMain: Load TrustedMain...
198856f0.648: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-appmodel-runtime-l1-1-2) -> 0x0, fPresent=1
198956f0.648: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-appmodel-runtime-l1-1-2 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
199056f0.648: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcrt.dll'.
199156f0.648: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\kernel.appcore.dll)
199256f0.648: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\kernel.appcore.dll
199356f0.648: supR3HardenedDllNotificationCallback: load 00007ffdd3580000 LB 0x00018000 C:\Windows\SYSTEM32\kernel.appcore.dll [fFlags=0x0]
199456f0.648: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\kernel.appcore.dll [avoiding WinVerifyTrust]
199556f0.648: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd3580000 'api-ms-win-appmodel-runtime-l1-1-2'
199656f0.648: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
199756f0.648: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
199856f0.648: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\msvcrt.dll
199956f0.648: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
200056f0.648: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
200156f0.648: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\kernel.appcore.dll'
200256f0.5ef4: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll: Signature #1/2: info status: 24202
200356f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
200456f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
200556f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'uicommon.dll'.
200656f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
200756f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vcruntime140.dll'.
200856f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vcruntime140_1.dll'.
200956f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcp140.dll'.
201056f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5corevbox.dll'.
201156f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5guivbox.dll'.
201256f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5widgetsvbox.dll'.
201356f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'user32.dll'.
201456f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'ole32.dll'.
201556f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'oleaut32.dll'.
201656f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'winmm.dll'.
201756f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll) WinVerifyTrust
201856f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
201956f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
202056f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume8\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
202156f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
202256f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
202356f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
202456f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\winmm.dll) WinVerifyTrust
202556f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\winmm.dll
202656f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
202756f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume8\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
202856f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
202956f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
203056f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\msvcrt.dll
203156f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
203256f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
203356f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
203456f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
203556f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
203656f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\oleaut32.dll) WinVerifyTrust
203756f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\oleaut32.dll
203856f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
203956f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume8\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
204056f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
204156f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume8\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
204256f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\rpcrt4.dll
204356f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
204456f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume8\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
204556f0.5ef4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\combase.dll'.
204656f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
204756f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\combase.dll)
204856f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\combase.dll
204956f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
205056f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
205156f0.5ef4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\msvcp_win.dll'.
205256f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\msvcp_win.dll)
205356f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\msvcp_win.dll
205456f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
205556f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume8\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
205656f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\rpcrt4.dll
205756f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
205856f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
205956f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
206056f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'gdi32.dll'.
206156f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #46 'user32.dll'.
206256f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #47 'combase.dll'.
206356f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\ole32.dll) WinVerifyTrust
206456f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\ole32.dll
206556f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
206656f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume8\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
206756f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
206856f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume8\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
206956f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\combase.dll [lacks WinVerifyTrust]
207056f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
207156f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume8\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
207256f0.5ef4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\user32.dll'.
207356f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
207456f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'gdi32.dll'.
207556f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\user32.dll)
207656f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\user32.dll
207756f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
207856f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume8\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
207956f0.5ef4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\gdi32.dll'.
208056f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'win32u.dll'.
208156f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\gdi32.dll)
208256f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\gdi32.dll
208356f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
208456f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
208556f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust]
208656f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
208756f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume8\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
208856f0.5ef4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\win32u.dll'.
208956f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\win32u.dll)
209056f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\win32u.dll
209156f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
209256f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume8\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
209356f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
209456f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
209556f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume8\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
209656f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\win32u.dll [lacks WinVerifyTrust]
209756f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
209856f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
209956f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
210056f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'gdi32.dll'.
210156f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\user32.dll) WinVerifyTrust
210256f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
210356f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
210456f0.5ef4: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll: Signature #1/2: info status: 24202
210556f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
210656f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume8\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
210756f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
210856f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
210956f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume8\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
211056f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\win32u.dll [lacks WinVerifyTrust]
211156f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
211256f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
211356f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5guivbox.dll'.
211456f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5corevbox.dll'.
211556f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'uxtheme.dll'.
211656f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'dwmapi.dll'.
211756f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
211856f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
211956f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
212056f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
212156f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcp140.dll'.
212256f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'msvcp140_1.dll'.
212356f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'vcruntime140.dll'.
212456f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'vcruntime140_1.dll'.
212556f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust
212656f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
212756f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
212856f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
212956f0.5ef4: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll: Signature #1/2: info status: 24202
213056f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
213156f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
213256f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll
213356f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
213456f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
213556f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\vcruntime140.dll
213656f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140_1.dll'...
213756f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140_1.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcp140_1.dll' [rcNtRedir=0xc0150008]
213856f0.5ef4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\msvcp140_1.dll'.
213956f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp140.dll'.
214056f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140.dll'.
214156f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\msvcp140_1.dll)
214256f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\msvcp140_1.dll
214356f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
214456f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
214556f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\msvcp140.dll
214656f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
214756f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume8\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
214856f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\user32.dll [lacks WinVerifyTrust]
214956f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
215056f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume8\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
215156f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
215256f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
215356f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume8\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
215456f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\ole32.dll
215556f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
215656f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume8\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
215756f0.5ef4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\shell32.dll'.
215856f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
215956f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #71 'user32.dll'.
216056f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #73 'gdi32.dll'.
216156f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\shell32.dll)
216256f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\shell32.dll
216356f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
216456f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume8\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
216556f0.5ef4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\dwmapi.dll'.
216656f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'win32u.dll'.
216756f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
216856f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'gdi32.dll'.
216956f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\dwmapi.dll)
217056f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\dwmapi.dll
217156f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uxtheme.dll'...
217256f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'uxtheme.dll' -> '\Device\HarddiskVolume8\Windows\System32\uxtheme.dll' [rcNtRedir=0xc0150008]
217356f0.5ef4: Detected WinVerifyTrust recursion: rc=22900 '\Device\HarddiskVolume8\Windows\System32\uxtheme.dll'.
217456f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'gdi32.dll'.
217556f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #41 'user32.dll'.
217656f0.5ef4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume8\Windows\System32\uxtheme.dll)
217756f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\uxtheme.dll
217856f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
217956f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
218056f0.5ef4: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll: Signature #1/2: info status: 24202
218156f0.5ef4: Detected WinVerifyTrust recursion: rc=24202 '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'.
218256f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'mpr.dll'.
218356f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'userenv.dll'.
218456f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'version.dll'.
218556f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'netapi32.dll'.
218656f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
218756f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
218856f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ole32.dll'.
218956f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'shell32.dll'.
219056f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'user32.dll'.
219156f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'winmm.dll'.
219256f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp140.dll'.
219356f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcp140_1.dll'.
219456f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'vcruntime140.dll'.
219556f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'vcruntime140_1.dll'.
219656f0.5ef4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll)
219756f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
219856f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
219956f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
220056f0.5ef4: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll: Signature #1/2: info status: 24202
220156f0.5ef4: Detected WinVerifyTrust recursion: rc=24202 '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'.
220256f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'd3d11.dll'.
220356f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'dxgi.dll'.
220456f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
220556f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
220656f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'opengl32.dll'.
220756f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
220856f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
220956f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp140.dll'.
221056f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'vcruntime140.dll'.
221156f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'vcruntime140_1.dll'.
221256f0.5ef4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll)
221356f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
221456f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
221556f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
221656f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll
221756f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
221856f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
221956f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\vcruntime140.dll
222056f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
222156f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
222256f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\msvcp140.dll
222356f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
222456f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume8\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
222556f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\user32.dll [lacks WinVerifyTrust]
222656f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
222756f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume8\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
222856f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
222956f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
223056f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume8\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
223156f0.5ef4: Detected WinVerifyTrust recursion: rc=22900 '\Device\HarddiskVolume8\Windows\System32\opengl32.dll'.
223256f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
223356f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
223456f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
223556f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
223656f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'glu32.dll'.
223756f0.5ef4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume8\Windows\System32\opengl32.dll)
223856f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\opengl32.dll
223956f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
224056f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume8\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
224156f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\ole32.dll
224256f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
224356f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
224456f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (24202) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
224556f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
224656f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume8\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
224756f0.5ef4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\dxgi.dll'.
224856f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
224956f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'win32u.dll'.
225056f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\dxgi.dll)
225156f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\dxgi.dll
225256f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
225356f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume8\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
225456f0.5ef4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\d3d11.dll'.
225556f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
225656f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'dxgi.dll'.
225756f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'win32u.dll'.
225856f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\d3d11.dll)
225956f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\d3d11.dll
226056f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
226156f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
226256f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll
226356f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
226456f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
226556f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\vcruntime140.dll
226656f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140_1.dll'...
226756f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140_1.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcp140_1.dll' [rcNtRedir=0xc0150008]
226856f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\msvcp140_1.dll [lacks WinVerifyTrust]
226956f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
227056f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
227156f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\msvcp140.dll
227256f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
227356f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume8\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
227456f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\winmm.dll
227556f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
227656f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume8\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
227756f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\user32.dll [lacks WinVerifyTrust]
227856f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
227956f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume8\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
228056f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\shell32.dll [lacks WinVerifyTrust]
228156f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
228256f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume8\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
228356f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\ole32.dll
228456f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
228556f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume8\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
228656f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\advapi32.dll
228756f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
228856f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume8\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
228956f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\ws2_32.dll
229056f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netapi32.dll'...
229156f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'netapi32.dll' -> '\Device\HarddiskVolume8\Windows\System32\netapi32.dll' [rcNtRedir=0xc0150008]
229256f0.5ef4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\netapi32.dll'.
229356f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
229456f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\netapi32.dll)
229556f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\netapi32.dll
229656f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
229756f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume8\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
229856f0.5ef4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\version.dll'.
229956f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
230056f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\version.dll)
230156f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\version.dll
230256f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'...
230356f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume8\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008]
230456f0.5ef4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\userenv.dll'.
230556f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'rpcrt4.dll'.
230656f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\userenv.dll)
230756f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\userenv.dll
230856f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
230956f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume8\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
231056f0.5ef4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\mpr.dll'.
231156f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\mpr.dll)
231256f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\mpr.dll
231356f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
231456f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume8\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
231556f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\user32.dll [lacks WinVerifyTrust]
231656f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
231756f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume8\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
231856f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
231956f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
232056f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume8\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
232156f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
232256f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
232356f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume8\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
232456f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\user32.dll [lacks WinVerifyTrust]
232556f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
232656f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume8\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
232756f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\win32u.dll [lacks WinVerifyTrust]
232856f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
232956f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume8\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
233056f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
233156f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
233256f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume8\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
233356f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\user32.dll [lacks WinVerifyTrust]
233456f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
233556f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
233656f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust]
233756f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
233856f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
233956f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
234056f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
234156f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\msvcp140.dll
234256f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
234356f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume8\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
234456f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
234556f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
234656f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\msvcrt.dll
234756f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
234856f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
234956f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\msvcrt.dll
235056f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
235156f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume8\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
235256f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\win32u.dll [lacks WinVerifyTrust]
235356f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
235456f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume8\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
235556f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\dxgi.dll [lacks WinVerifyTrust]
235656f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
235756f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
235856f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
235956f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume8\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
236056f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\win32u.dll [lacks WinVerifyTrust]
236156f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
236256f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
236356f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
236456f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume8\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
236556f0.5ef4: Detected WinVerifyTrust recursion: rc=22900 '\Device\HarddiskVolume8\Windows\System32\glu32.dll'.
236656f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
236756f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
236856f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'opengl32.dll'.
236956f0.5ef4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume8\Windows\System32\glu32.dll)
237056f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\glu32.dll
237156f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
237256f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume8\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
237356f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
237456f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
237556f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume8\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
237656f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\user32.dll [lacks WinVerifyTrust]
237756f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
237856f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume8\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
237956f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\advapi32.dll
238056f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
238156f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
238256f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
238356f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume8\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
238456f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (22900) on \Device\HarddiskVolume8\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
238556f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
238656f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume8\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
238756f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\user32.dll [lacks WinVerifyTrust]
238856f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
238956f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
239056f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
239156f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
239256f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'd3d11.dll'.
239356f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'dxgi.dll'.
239456f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
239556f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
239656f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'opengl32.dll'.
239756f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
239856f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
239956f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp140.dll'.
240056f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'vcruntime140.dll'.
240156f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'vcruntime140_1.dll'.
240256f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll) WinVerifyTrust
240356f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
240456f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
240556f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (24202) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust]
240656f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
240756f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
240856f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll
240956f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
241056f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
241156f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
241256f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
241356f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\msvcp140.dll
241456f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
241556f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume8\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
241656f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\user32.dll [lacks WinVerifyTrust]
241756f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
241856f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume8\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
241956f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
242056f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
242156f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume8\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
242256f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (22900) on \Device\HarddiskVolume8\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
242356f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
242456f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume8\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
242556f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\ole32.dll
242656f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
242756f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
242856f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (24202) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
242956f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
243056f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume8\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
243156f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\dxgi.dll [lacks WinVerifyTrust]
243256f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
243356f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume8\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
243456f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\d3d11.dll [lacks WinVerifyTrust]
243556f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
243656f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
243756f0.5ef4: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'
243856f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
243956f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
244056f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\msvcp140.dll
244156f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
244256f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
244356f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll
244456f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
244556f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
244656f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
244756f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
244856f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uicommon.dll'...
244956f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'uicommon.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\uicommon.dll' [rcNtRedir=0xc0150008]
245056f0.5ef4: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\UICommon.dll: Signature #1/2: info status: 24202
245156f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
245256f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
245356f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
245456f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140.dll'.
245556f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vcruntime140_1.dll'.
245656f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
245756f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5guivbox.dll'.
245856f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5widgetsvbox.dll'.
245956f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5helpvbox.dll'.
246056f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'user32.dll'.
246156f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'advapi32.dll'.
246256f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'ole32.dll'.
246356f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'oleaut32.dll'.
246456f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
246556f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\UICommon.dll) WinVerifyTrust
246656f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\UICommon.dll
246756f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
246856f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume8\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
246956f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
247056f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume8\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
247156f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\oleaut32.dll
247256f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
247356f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume8\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
247456f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\ole32.dll
247556f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
247656f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume8\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
247756f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\advapi32.dll
247856f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
247956f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume8\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
248056f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\user32.dll [redoing WinVerifyTrust]
248156f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
248256f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
248356f0.5ef4: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\user32.dll'
248456f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5helpvbox.dll'...
248556f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5helpvbox.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\qt5helpvbox.dll' [rcNtRedir=0xc0150008]
248656f0.5ef4: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5HelpVBox.dll: Signature #1/2: info status: 24202
248756f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
248856f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
248956f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
249056f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
249156f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5sqlvbox.dll'.
249256f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
249356f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'vcruntime140.dll'.
249456f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5HelpVBox.dll) WinVerifyTrust
249556f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5HelpVBox.dll
249656f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
249756f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
249856f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
249956f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
250056f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
250156f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (24202) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust]
250256f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
250356f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
250456f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
250556f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
250656f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
250756f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5sqlvbox.dll'...
250856f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5sqlvbox.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\qt5sqlvbox.dll' [rcNtRedir=0xc0150008]
250956f0.5ef4: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll: Signature #1/2: info status: 24202
251056f0.5ef4: Detected WinVerifyTrust recursion: rc=24202 '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll'.
251156f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5corevbox.dll'.
251256f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vcruntime140.dll'.
251356f0.5ef4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll)
251456f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll
251556f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
251656f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
251756f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (24202) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
251856f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
251956f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
252056f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
252156f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
252256f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
252356f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
252456f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
252556f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
252656f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
252756f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
252856f0.5ef4: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'
252956f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
253056f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
253156f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
253256f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
253356f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
253456f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll
253556f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
253656f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
253756f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
253856f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
253956f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
254056f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
254156f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\UICommon.dll
254256f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
254356f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
254456f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
254556f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\winmm.dll
254656f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5HelpVBox.dll
254756f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
254856f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\userenv.dll [avoiding WinVerifyTrust]
254956f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\version.dll [avoiding WinVerifyTrust]
255056f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\netapi32.dll [avoiding WinVerifyTrust]
255156f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\msvcp140_1.dll [avoiding WinVerifyTrust]
255256f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\d3d11.dll [avoiding WinVerifyTrust]
255356f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
255456f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (22900) on \Device\HarddiskVolume8\Windows\System32\opengl32.dll [avoiding WinVerifyTrust]
255556f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (22900) on \Device\HarddiskVolume8\Windows\System32\uxtheme.dll [avoiding WinVerifyTrust]
255656f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
255756f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (24202) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll [avoiding WinVerifyTrust]
255856f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (22900) on \Device\HarddiskVolume8\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
255956f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\netutils.dll)
256056f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\netutils.dll
256156f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
256256f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'win32u.dll'.
256356f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\DXCore.dll)
256456f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\DXCore.dll
256556f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
256656f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\srvcli.dll)
256756f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\srvcli.dll
256856f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdc2dd0000 LB 0x0001d000 C:\Windows\SYSTEM32\MPR.dll [fFlags=0x0]
256956f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
257056f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd3b10000 LB 0x00029000 C:\Windows\SYSTEM32\USERENV.dll [fFlags=0x0]
257156f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\userenv.dll [avoiding WinVerifyTrust]
257256f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdcc980000 LB 0x0000a000 C:\Windows\SYSTEM32\VERSION.dll [fFlags=0x0]
257356f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\version.dll [avoiding WinVerifyTrust]
257456f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdb8b50000 LB 0x00019000 C:\Windows\SYSTEM32\NETAPI32.dll [fFlags=0x0]
257556f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\netapi32.dll [avoiding WinVerifyTrust]
257656f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd4d20000 LB 0x0009d000 C:\Windows\System32\msvcp_win.dll [fFlags=0x0]
257756f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\msvcp_win.dll [avoiding WinVerifyTrust]
257856f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd4920000 LB 0x00026000 C:\Windows\System32\win32u.dll [fFlags=0x0]
257956f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\win32u.dll [avoiding WinVerifyTrust]
258056f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd5620000 LB 0x001ad000 C:\Windows\System32\USER32.dll [fFlags=0x0]
258156f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd4800000 LB 0x00118000 C:\Windows\System32\gdi32full.dll [fFlags=0x0]
258256f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
258356f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'gdi32.dll'.
258456f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'user32.dll'.
258556f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'win32u.dll'.
258656f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\gdi32full.dll)
258756f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\gdi32full.dll
258856f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd6e70000 LB 0x00029000 C:\Windows\System32\GDI32.dll [fFlags=0x0]
258956f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\gdi32.dll [avoiding WinVerifyTrust]
259056f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd5c20000 LB 0x00378000 C:\Windows\System32\combase.dll [fFlags=0x0]
259156f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\combase.dll [avoiding WinVerifyTrust]
259256f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd6be0000 LB 0x0019a000 C:\Windows\System32\ole32.dll [fFlags=0x0]
259356f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\ole32.dll
259456f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd6420000 LB 0x007b8000 C:\Windows\System32\SHELL32.dll [fFlags=0x0]
259556f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\shell32.dll [avoiding WinVerifyTrust]
259656f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdc77b0000 LB 0x00033000 C:\Windows\SYSTEM32\WINMM.dll [fFlags=0x0]
259756f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\winmm.dll
259856f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffd5d410000 LB 0x00009000 C:\Windows\SYSTEM32\MSVCP140_1.dll [fFlags=0x0]
259956f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\msvcp140_1.dll [avoiding WinVerifyTrust]
260056f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd31c0000 LB 0x0000c000 C:\Windows\SYSTEM32\NETUTILS.DLL [fFlags=0x0]
260156f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\netutils.dll [avoiding WinVerifyTrust]
260256f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdce990000 LB 0x00028000 C:\Windows\SYSTEM32\SRVCLI.DLL [fFlags=0x0]
260356f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\srvcli.dll [avoiding WinVerifyTrust]
260456f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffcf4160000 LB 0x005c6000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
260556f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
260656f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd1720000 LB 0x000f3000 C:\Windows\SYSTEM32\dxgi.dll [fFlags=0x0]
260756f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
260856f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdcd760000 LB 0x00280000 C:\Windows\SYSTEM32\d3d11.dll [fFlags=0x0]
260956f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\d3d11.dll [avoiding WinVerifyTrust]
261056f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd1860000 LB 0x00038000 C:\Windows\SYSTEM32\dxcore.dll [fFlags=0x0]
261156f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\DXCore.dll [avoiding WinVerifyTrust]
261256f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdc1260000 LB 0x0002d000 C:\Windows\SYSTEM32\GLU32.dll [fFlags=0x0]
261356f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (22900) on \Device\HarddiskVolume8\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
261456f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdbea10000 LB 0x00101000 C:\Windows\SYSTEM32\OPENGL32.dll [fFlags=0x0]
261556f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (22900) on \Device\HarddiskVolume8\Windows\System32\opengl32.dll [avoiding WinVerifyTrust]
261656f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffcf4730000 LB 0x0067c000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
261756f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
261856f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd15f0000 LB 0x000ac000 C:\Windows\SYSTEM32\UxTheme.dll [fFlags=0x0]
261956f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (22900) on \Device\HarddiskVolume8\Windows\System32\uxtheme.dll [avoiding WinVerifyTrust]
262056f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd18e0000 LB 0x0002f000 C:\Windows\SYSTEM32\dwmapi.dll [fFlags=0x0]
262156f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
262256f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffcf1790000 LB 0x00541000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
262356f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
262456f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdaf670000 LB 0x00036000 C:\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll [fFlags=0x0]
262556f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (24202) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll [avoiding WinVerifyTrust]
262656f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdc11f0000 LB 0x0006a000 C:\Program Files\Oracle\VirtualBox\Qt5HelpVBox.dll [fFlags=0x0]
262756f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5HelpVBox.dll
262856f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd5540000 LB 0x000d6000 C:\Windows\System32\OLEAUT32.dll [fFlags=0x0]
262956f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\oleaut32.dll
263056f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffcf1ce0000 LB 0x01bd6000 C:\Program Files\Oracle\VirtualBox\UICommon.dll [fFlags=0x0]
263156f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\UICommon.dll
263256f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffd92c20000 LB 0x00146000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll [fFlags=0x0]
263356f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
263456f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'win32u.dll'.
263556f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\imm32.dll)
263656f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\imm32.dll
263756f0.5ef4: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 000000000000050c (hFile=0000000000000534) with 0xc0000022 -> STATUS_TRUST_FAILURE
263856f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\imm32.dll'.
263956f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\imm32.dll' [rescheduled]
264056f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\gdi32full.dll'.
264156f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\gdi32full.dll' [rescheduled]
264256f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\srvcli.dll'.
264356f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\srvcli.dll' [rescheduled]
264456f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\DXCore.dll'.
264556f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\DXCore.dll' [rescheduled]
264656f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\netutils.dll'.
264756f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\netutils.dll' [rescheduled]
264856f0.5ef4: Detected loader lock ownership: rc=24202 '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll'.
264956f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll' [rescheduled]
265056f0.5ef4: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume8\Windows\System32\glu32.dll'.
265156f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\glu32.dll' [rescheduled]
265256f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\mpr.dll'.
265356f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\mpr.dll' [rescheduled]
265456f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\userenv.dll'.
265556f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\userenv.dll' [rescheduled]
265656f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\version.dll'.
265756f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\version.dll' [rescheduled]
265856f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\netapi32.dll'.
265956f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\netapi32.dll' [rescheduled]
266056f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\d3d11.dll'.
266156f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\d3d11.dll' [rescheduled]
266256f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\dxgi.dll'.
266356f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\dxgi.dll' [rescheduled]
266456f0.5ef4: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume8\Windows\System32\opengl32.dll'.
266556f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\opengl32.dll' [rescheduled]
266656f0.5ef4: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume8\Windows\System32\uxtheme.dll'.
266756f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\uxtheme.dll' [rescheduled]
266856f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\dwmapi.dll'.
266956f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\dwmapi.dll' [rescheduled]
267056f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\shell32.dll'.
267156f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\shell32.dll' [rescheduled]
267256f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\msvcp140_1.dll'.
267356f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\msvcp140_1.dll' [rescheduled]
267456f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\win32u.dll'.
267556f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\win32u.dll' [rescheduled]
267656f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\gdi32.dll'.
267756f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\gdi32.dll' [rescheduled]
267856f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\msvcp_win.dll'.
267956f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\msvcp_win.dll' [rescheduled]
268056f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\combase.dll'.
268156f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\combase.dll' [rescheduled]
268256f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\imm32.dll [redoing WinVerifyTrust]
268356f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\imm32.dll'.
268456f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume8\Windows\System32\imm32.dll
268556f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
268656f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume8\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
268756f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\win32u.dll [redoing WinVerifyTrust]
268856f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\win32u.dll'.
268956f0.5ef4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume8\Windows\System32\win32u.dll
269056f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
269156f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume8\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
269256f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\win32u.dll [redoing WinVerifyTrust]
269356f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\win32u.dll'.
269456f0.5ef4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume8\Windows\System32\win32u.dll
269556f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
269656f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume8\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
269756f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
269856f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume8\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
269956f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
270056f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\gdi32.dll'.
270156f0.5ef4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume8\Windows\System32\gdi32.dll
270256f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
270356f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
270456f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
270556f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\msvcp_win.dll'.
270656f0.5ef4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume8\Windows\System32\msvcp_win.dll
270756f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
270856f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume8\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
270956f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
271056f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume8\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
271156f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\win32u.dll [redoing WinVerifyTrust]
271256f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\win32u.dll'.
271356f0.5ef4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume8\Windows\System32\win32u.dll
271456f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
271556f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
271656f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
271756f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\msvcp_win.dll'.
271856f0.5ef4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume8\Windows\System32\msvcp_win.dll
271956f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
272056f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd53f0000 LB 0x00032000 C:\Windows\System32\IMM32.DLL [fFlags=0x0]
272156f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
272256f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd53f0000 'C:\Windows\system32\IMM32.DLL'
272356f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\imm32.dll'.
272456f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\imm32.dll' [rescheduled]
272556f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\gdi32full.dll'.
272656f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\gdi32full.dll' [rescheduled]
272756f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\srvcli.dll'.
272856f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\srvcli.dll' [rescheduled]
272956f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\DXCore.dll'.
273056f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\DXCore.dll' [rescheduled]
273156f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\netutils.dll'.
273256f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\netutils.dll' [rescheduled]
273356f0.5ef4: Detected loader lock ownership: rc=24202 '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll'.
273456f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll' [rescheduled]
273556f0.5ef4: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume8\Windows\System32\glu32.dll'.
273656f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\glu32.dll' [rescheduled]
273756f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\mpr.dll'.
273856f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\mpr.dll' [rescheduled]
273956f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\userenv.dll'.
274056f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\userenv.dll' [rescheduled]
274156f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\version.dll'.
274256f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\version.dll' [rescheduled]
274356f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\netapi32.dll'.
274456f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\netapi32.dll' [rescheduled]
274556f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\d3d11.dll'.
274656f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\d3d11.dll' [rescheduled]
274756f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\dxgi.dll'.
274856f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\dxgi.dll' [rescheduled]
274956f0.5ef4: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume8\Windows\System32\opengl32.dll'.
275056f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\opengl32.dll' [rescheduled]
275156f0.5ef4: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume8\Windows\System32\uxtheme.dll'.
275256f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\uxtheme.dll' [rescheduled]
275356f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\dwmapi.dll'.
275456f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\dwmapi.dll' [rescheduled]
275556f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\shell32.dll'.
275656f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\shell32.dll' [rescheduled]
275756f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\msvcp140_1.dll'.
275856f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\msvcp140_1.dll' [rescheduled]
275956f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\win32u.dll'.
276056f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\win32u.dll' [rescheduled]
276156f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\gdi32.dll'.
276256f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\gdi32.dll' [rescheduled]
276356f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\msvcp_win.dll'.
276456f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\msvcp_win.dll' [rescheduled]
276556f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\combase.dll'.
276656f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\combase.dll' [rescheduled]
276756f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\imm32.dll'.
276856f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\imm32.dll' [rescheduled]
276956f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\gdi32full.dll'.
277056f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\gdi32full.dll' [rescheduled]
277156f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\srvcli.dll'.
277256f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\srvcli.dll' [rescheduled]
277356f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\DXCore.dll'.
277456f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\DXCore.dll' [rescheduled]
277556f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\netutils.dll'.
277656f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\netutils.dll' [rescheduled]
277756f0.5ef4: Detected loader lock ownership: rc=24202 '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll'.
277856f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll' [rescheduled]
277956f0.5ef4: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume8\Windows\System32\glu32.dll'.
278056f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\glu32.dll' [rescheduled]
278156f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\mpr.dll'.
278256f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\mpr.dll' [rescheduled]
278356f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\userenv.dll'.
278456f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\userenv.dll' [rescheduled]
278556f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\version.dll'.
278656f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\version.dll' [rescheduled]
278756f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\netapi32.dll'.
278856f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\netapi32.dll' [rescheduled]
278956f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\d3d11.dll'.
279056f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\d3d11.dll' [rescheduled]
279156f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\dxgi.dll'.
279256f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\dxgi.dll' [rescheduled]
279356f0.5ef4: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume8\Windows\System32\opengl32.dll'.
279456f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\opengl32.dll' [rescheduled]
279556f0.5ef4: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume8\Windows\System32\uxtheme.dll'.
279656f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\uxtheme.dll' [rescheduled]
279756f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\dwmapi.dll'.
279856f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\dwmapi.dll' [rescheduled]
279956f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\shell32.dll'.
280056f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\shell32.dll' [rescheduled]
280156f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\msvcp140_1.dll'.
280256f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\msvcp140_1.dll' [rescheduled]
280356f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\win32u.dll'.
280456f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\win32u.dll' [rescheduled]
280556f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\gdi32.dll'.
280656f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\gdi32.dll' [rescheduled]
280756f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\msvcp_win.dll'.
280856f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\msvcp_win.dll' [rescheduled]
280956f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\combase.dll'.
281056f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\combase.dll' [rescheduled]
281156f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
281256f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\gdi32.dll'.
281356f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume8\Windows\System32\gdi32.dll
281456f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd6e70000 'C:\Windows\System32\gdi32.dll'
281556f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\imm32.dll'.
281656f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\imm32.dll' [rescheduled]
281756f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\gdi32full.dll'.
281856f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\gdi32full.dll' [rescheduled]
281956f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\srvcli.dll'.
282056f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\srvcli.dll' [rescheduled]
282156f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\DXCore.dll'.
282256f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\DXCore.dll' [rescheduled]
282356f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\netutils.dll'.
282456f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\netutils.dll' [rescheduled]
282556f0.5ef4: Detected loader lock ownership: rc=24202 '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll'.
282656f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll' [rescheduled]
282756f0.5ef4: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume8\Windows\System32\glu32.dll'.
282856f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\glu32.dll' [rescheduled]
282956f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\mpr.dll'.
283056f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\mpr.dll' [rescheduled]
283156f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\userenv.dll'.
283256f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\userenv.dll' [rescheduled]
283356f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\version.dll'.
283456f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\version.dll' [rescheduled]
283556f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\netapi32.dll'.
283656f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\netapi32.dll' [rescheduled]
283756f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\d3d11.dll'.
283856f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\d3d11.dll' [rescheduled]
283956f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\dxgi.dll'.
284056f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\dxgi.dll' [rescheduled]
284156f0.5ef4: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume8\Windows\System32\opengl32.dll'.
284256f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\opengl32.dll' [rescheduled]
284356f0.5ef4: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume8\Windows\System32\uxtheme.dll'.
284456f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\uxtheme.dll' [rescheduled]
284556f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\dwmapi.dll'.
284656f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\dwmapi.dll' [rescheduled]
284756f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\shell32.dll'.
284856f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\shell32.dll' [rescheduled]
284956f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\msvcp140_1.dll'.
285056f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\msvcp140_1.dll' [rescheduled]
285156f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\win32u.dll'.
285256f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\win32u.dll' [rescheduled]
285356f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\gdi32.dll'.
285456f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\gdi32.dll' [rescheduled]
285556f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\msvcp_win.dll'.
285656f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\msvcp_win.dll' [rescheduled]
285756f0.5ef4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume8\Windows\System32\combase.dll'.
285856f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume8\Windows\System32\combase.dll' [rescheduled]
285956f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd92c20000 'C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll'
286056f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
286156f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
286256f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\imm32.dll'
286356f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
286456f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
286556f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\gdi32full.dll'
286656f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
286756f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
286856f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\srvcli.dll'
286956f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
287056f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
287156f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\DXCore.dll'
287256f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
287356f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
287456f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\netutils.dll'
287556f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
287656f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
287756f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll'
287856f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004a8 pwszName=\Device\HarddiskVolume8\Windows\System32\glu32.dll
287956f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000018451cfa530
288056f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000018451cfa530
288156f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=35CCC7F41EDAC7A4EA200430FA0A6A9ED3C49FF0
288256f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
288356f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
288456f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-OpenGL-Package~31bf3856ad364e35~amd64~~10.0.22000.1042.cat'; file='\Device\HarddiskVolume8\Windows\System32\glu32.dll'
288556f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
288656f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\glu32.dll'
288756f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
288856f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
288956f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\mpr.dll'
289056f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
289156f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
289256f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\userenv.dll'
289356f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
289456f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
289556f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\version.dll'
289656f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
289756f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
289856f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\netapi32.dll'
289956f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
290056f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
290156f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\d3d11.dll'
290256f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
290356f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
290456f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\dxgi.dll'
290556f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003c8 pwszName=\Device\HarddiskVolume8\Windows\System32\opengl32.dll
290656f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000018451cfa530
290756f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000018451cfa530
290856f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=92B86B56C90F901769146039B93EE834B7D43EE0
290956f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
291056f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\crypt32.dll
291156f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
291256f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
291356f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-OpenGL-Package~31bf3856ad364e35~amd64~~10.0.22000.1042.cat'; file='\Device\HarddiskVolume8\Windows\System32\opengl32.dll'
291456f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
291556f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\opengl32.dll'
291656f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000474 pwszName=\Device\HarddiskVolume8\Windows\System32\uxtheme.dll
291756f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000018451cfa530
291856f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000018451cfa530
291956f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F0956825C524685A46260DF18D53678E8A3E6BF3
292056f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
292156f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
292256f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0410~31bf3856ad364e35~amd64~~10.0.22000.1098.cat'; file='\Device\HarddiskVolume8\Windows\System32\uxtheme.dll'
292356f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
292456f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\uxtheme.dll'
292556f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
292656f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
292756f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\dwmapi.dll'
292856f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\rsaenh.dll
292956f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
293056f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
293156f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
293256f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\shell32.dll'
293356f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
293456f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
293556f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\msvcp140_1.dll'
293656f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
293756f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
293856f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\win32u.dll'
293956f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
294056f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
294156f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\gdi32.dll'
294256f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
294356f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
294456f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\msvcp_win.dll'
294556f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
294656f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
294756f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\combase.dll'
294856f0.5ef4: SUPR3HardenedMain: Calling TrustedMain (00007ffd92c21c90)...
294956f0.5ef4: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\platforms\qwindows.dll: Signature #1/2: info status: 24202
295056f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
295156f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
295256f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'dwmapi.dll'.
295356f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'imm32.dll'.
295456f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'.
295556f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'wtsapi32.dll'.
295656f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
295756f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
295856f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
295956f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5guivbox.dll'.
296056f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5corevbox.dll'.
296156f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shell32.dll'.
296256f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'winmm.dll'.
296356f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp140.dll'.
296456f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'vcruntime140.dll'.
296556f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'vcruntime140_1.dll'.
296656f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
296756f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
296856f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
296956f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
297056f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
297156f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
297256f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
297356f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
297456f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
297556f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume8\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
297656f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\winmm.dll
297756f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
297856f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume8\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
297956f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\shell32.dll
298056f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
298156f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
298256f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
298356f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
298456f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
298556f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
298656f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume8\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
298756f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
298856f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume8\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
298956f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
299056f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume8\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
299156f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\ole32.dll
299256f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wtsapi32.dll'...
299356f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'wtsapi32.dll' -> '\Device\HarddiskVolume8\Windows\System32\wtsapi32.dll' [rcNtRedir=0xc0150008]
299456f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
299556f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
299656f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
299756f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\wtsapi32.dll) WinVerifyTrust
299856f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\wtsapi32.dll
299956f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
300056f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume8\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
300156f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\oleaut32.dll
300256f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
300356f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume8\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
300456f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\imm32.dll
300556f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
300656f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume8\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
300756f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\dwmapi.dll
300856f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
300956f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
301056f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
301156f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
301256f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\wtsapi32.dll
301356f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdcef90000 LB 0x00014000 C:\Windows\SYSTEM32\WTSAPI32.dll [fFlags=0x0]
301456f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\wtsapi32.dll
301556f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffda5c60000 LB 0x00161000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
301656f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
301756f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffda5c60000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
301856f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
301956f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'bcryptprimitives.dll'.
302056f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #51 'combase.dll'.
302156f0.5ef4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume8\Windows\System32\rpcss.dll)
302256f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\rpcss.dll
302356f0.5ef4: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000000680 (hFile=0000000000000660) with 0xc0000022 -> STATUS_TRUST_FAILURE
302456f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000688 pwszName=\Device\HarddiskVolume8\Windows\System32\rpcss.dll
302556f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000018451cfa530
302656f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000018451cfa530
302756f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=350C1E935AC1646AF9FF53AA05008D148C2318BB
302856f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
302956f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume8\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
303056f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\combase.dll
303156f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
303256f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume8\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
303356f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\bcryptprimitives.dll
303456f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
303556f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume8\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
303656f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
303756f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
303856f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0415~31bf3856ad364e35~amd64~~10.0.22000.1219.cat'; file='\Device\HarddiskVolume8\Windows\System32\rpcss.dll'
303956f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
304056f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\rpcss.dll'
304156f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\uxtheme.dll
304256f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
304356f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd15f0000 'C:\Windows\system32\uxtheme.dll'
304456f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd5620000 'C:\Windows\system32\user32.dll'
304556f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
304656f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
304756f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
304856f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\SHCore.dll) WinVerifyTrust
304956f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\SHCore.dll
305056f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
305156f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
305256f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\msvcp_win.dll
305356f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
305456f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd5450000 LB 0x000ea000 C:\Windows\System32\SHCore.dll [fFlags=0x0]
305556f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\SHCore.dll
305656f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd5450000 'C:\Windows\system32\SHCore.dll'
305756f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\shell32.dll
305856f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
305956f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd6420000 'C:\Windows\system32\shell32.dll'
306056f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'combase.dll'.
306156f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'msvcp_win.dll'.
306256f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\windows.storage.dll)
306356f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\windows.storage.dll
306456f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'combase.dll'.
306556f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\WinTypes.dll)
306656f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\WinTypes.dll
306756f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd23a0000 LB 0x00166000 C:\Windows\SYSTEM32\wintypes.dll [fFlags=0x0]
306856f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust]
306956f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd2510000 LB 0x00865000 C:\Windows\SYSTEM32\windows.storage.dll [fFlags=0x0]
307056f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\windows.storage.dll [avoiding WinVerifyTrust]
307156f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd5330000 LB 0x0005d000 C:\Windows\System32\shlwapi.dll [fFlags=0x0]
307256f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
307356f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\shlwapi.dll)
307456f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\shlwapi.dll
307556f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
307656f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\powrprof.dll)
307756f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\powrprof.dll
307856f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd2d90000 LB 0x0004d000 C:\Windows\SYSTEM32\powrprof.dll [fFlags=0x0]
307956f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\powrprof.dll [avoiding WinVerifyTrust]
308056f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\umpdc.dll)
308156f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\umpdc.dll
308256f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd2e80000 LB 0x00013000 C:\Windows\SYSTEM32\UMPDC.dll [fFlags=0x0]
308356f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\umpdc.dll [avoiding WinVerifyTrust]
308456f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
308556f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume8\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
308656f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
308756f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
308856f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
308956f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume8\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
309056f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\combase.dll
309156f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
309256f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
309356f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\msvcp_win.dll
309456f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
309556f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume8\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
309656f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\combase.dll
309756f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
309856f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
309956f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\umpdc.dll'
310056f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
310156f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
310256f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\powrprof.dll'
310356f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
310456f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
310556f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\shlwapi.dll'
310656f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
310756f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
310856f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\WinTypes.dll'
310956f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
311056f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
311156f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\windows.storage.dll'
311256f0.5ef4: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\styles\qwindowsvistastyle.dll: Signature #1/2: info status: 24202
311356f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
311456f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
311556f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
311656f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
311756f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
311856f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'uxtheme.dll'.
311956f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
312056f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
312156f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'vcruntime140.dll'.
312256f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'vcruntime140_1.dll'.
312356f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\styles\qwindowsvistastyle.dll) WinVerifyTrust
312456f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\styles\qwindowsvistastyle.dll
312556f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
312656f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
312756f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
312856f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
312956f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\vcruntime140.dll
313056f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
313156f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume8\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
313256f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
313356f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume8\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
313456f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uxtheme.dll'...
313556f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'uxtheme.dll' -> '\Device\HarddiskVolume8\Windows\System32\uxtheme.dll' [rcNtRedir=0xc0150008]
313656f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\uxtheme.dll
313756f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
313856f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
313956f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
314056f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
314156f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
314256f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
314356f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
314456f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
314556f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\styles\qwindowsvistastyle.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
314656f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\styles\qwindowsvistastyle.dll
314756f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdbdfa0000 LB 0x00026000 C:\Program Files\Oracle\VirtualBox\styles\qwindowsvistastyle.dll [fFlags=0x0]
314856f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\styles\qwindowsvistastyle.dll
314956f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdbdfa0000 'C:\Program Files\Oracle\VirtualBox\styles\qwindowsvistastyle.dll'
315056f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
315156f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
315256f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
315356f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'gdi32.dll'.
315456f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'user32.dll'.
315556f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_9d947278b86cc467\comctl32.dll) WinVerifyTrust
315656f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_9d947278b86cc467\comctl32.dll
315756f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
315856f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume8\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
315956f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\user32.dll
316056f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
316156f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume8\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
316256f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
316356f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
316456f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_9d947278b86cc467\comctl32.dll (Input=comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000004001:<flags> [calling]
316556f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_9d947278b86cc467\comctl32.dll
316656f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdc1990000 LB 0x002a5000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_9d947278b86cc467\comctl32.dll [fFlags=0x0]
316756f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_9d947278b86cc467\comctl32.dll
316856f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdc1990000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_9d947278b86cc467\comctl32.dll'
316956f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_9d947278b86cc467\comctl32.dll
317056f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_9d947278b86cc467\comctl32.dll (Input=comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000004001:<flags> [calling]
317156f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdc1990000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_9d947278b86cc467\comctl32.dll'
317256f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\WindowsCodecs.dll)
317356f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\WindowsCodecs.dll
317456f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdcca90000 LB 0x001ae000 C:\Windows\SYSTEM32\WindowsCodecs.dll [fFlags=0x0]
317556f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\WindowsCodecs.dll [avoiding WinVerifyTrust]
317656f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd5b30000 LB 0x000b5000 C:\Windows\System32\clbcatq.dll [fFlags=0x0]
317756f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
317856f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'rpcrt4.dll'.
317956f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\clbcatq.dll)
318056f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\clbcatq.dll
318156f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
318256f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume8\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
318356f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
318456f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
318556f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\msvcrt.dll
318656f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
318756f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
318856f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\clbcatq.dll'
318956f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
319056f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
319156f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\WindowsCodecs.dll'
319256f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
319356f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
319456f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\thumbcache.dll) WinVerifyTrust
319556f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\thumbcache.dll
319656f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\thumbcache.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
319756f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\thumbcache.dll
319856f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffd9a830000 LB 0x00066000 C:\Windows\System32\thumbcache.dll [fFlags=0x0]
319956f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\thumbcache.dll
320056f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd9a830000 'C:\Windows\System32\thumbcache.dll'
320156f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\rpcss.dll
320256f0.5ef4: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 00000000000007f8 (hFile=00000000000007fc) with 0xc0000022 -> STATUS_TRUST_FAILURE
320356f0.5844: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxC.dll: Signature #1/2: info status: 24202
320456f0.5844: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
320556f0.5844: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
320656f0.5844: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.
320756f0.5844: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140_1.dll'.
320856f0.5844: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp140.dll'.
320956f0.5844: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
321056f0.5844: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'advapi32.dll'.
321156f0.5844: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'ole32.dll'.
321256f0.5844: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'oleaut32.dll'.
321356f0.5844: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
321456f0.5844: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxC.dll
321556f0.5844: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
321656f0.5844: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume8\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
321756f0.5844: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\oleaut32.dll
321856f0.5844: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
321956f0.5844: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume8\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
322056f0.5844: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\ole32.dll
322156f0.5844: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
322256f0.5844: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume8\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
322356f0.5844: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\advapi32.dll
322456f0.5844: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
322556f0.5844: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
322656f0.5844: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
322756f0.5844: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
322856f0.5844: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
322956f0.5844: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
323056f0.5844: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
323156f0.5844: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
323256f0.5844: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
323356f0.5844: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxC.dll
323456f0.5844: supR3HardenedDllNotificationCallback: load 00007ffcf3d80000 LB 0x003d8000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
323556f0.5844: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxC.dll
323656f0.5844: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf3d80000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
323756f0.5844: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll: Signature #1/2: info status: 24202
323856f0.5844: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
323956f0.5844: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
324056f0.5844: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.
324156f0.5844: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
324256f0.5844: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
324356f0.5844: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'shlwapi.dll'.
324456f0.5844: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'.
324556f0.5844: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
324656f0.5844: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
324756f0.5844: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
324856f0.5844: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
324956f0.5844: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
325056f0.5844: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume8\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
325156f0.5844: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
325256f0.5844: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume8\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
325356f0.5844: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\oleaut32.dll
325456f0.5844: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
325556f0.5844: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume8\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
325656f0.5844: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
325756f0.5844: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume8\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
325856f0.5844: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\shlwapi.dll
325956f0.5844: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
326056f0.5844: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume8\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
326156f0.5844: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\advapi32.dll
326256f0.5844: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
326356f0.5844: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
326456f0.5844: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
326556f0.5844: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
326656f0.5844: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
326756f0.5844: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
326856f0.5844: supR3HardenedDllNotificationCallback: load 00007ffdaf590000 LB 0x000db000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
326956f0.5844: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
327056f0.5844: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdaf590000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
327156f0.5844: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\oleaut32.dll
327256f0.5844: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
327356f0.5844: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd5540000 'C:\Windows\system32\oleaut32.dll'
327456f0.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
327556f0.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
327656f0.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
327756f0.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
327856f0.bc0: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll: Signature #1/2: info status: 24202
327956f0.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
328056f0.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
328156f0.bc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
328256f0.bc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vcruntime140.dll'.
328356f0.bc0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll) WinVerifyTrust
328456f0.bc0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
328556f0.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
328656f0.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
328756f0.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
328856f0.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
328956f0.bc0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
329056f0.bc0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
329156f0.bc0: supR3HardenedDllNotificationCallback: load 00007ffdcca70000 LB 0x00009000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL [fFlags=0x0]
329256f0.bc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
329356f0.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdcca70000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL'
329456f0.bc0: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxVMM.dll: Signature #1/2: info status: 24202
329556f0.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
329656f0.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
329756f0.bc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.
329856f0.bc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140_1.dll'.
329956f0.bc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
330056f0.bc0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
330156f0.bc0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxVMM.dll
330256f0.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
330356f0.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
330456f0.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
330556f0.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
330656f0.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
330756f0.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
330856f0.bc0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
330956f0.bc0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxVMM.dll
331056f0.bc0: supR3HardenedDllNotificationCallback: load 00007ffce37b0000 LB 0x004d1000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
331156f0.bc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxVMM.dll
331256f0.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce37b0000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
331356f0.5ef4: '\Device\HarddiskVolume8\Windows\System32\tzres.dll' has no imports
331456f0.5ef4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume8\Windows\System32\tzres.dll)
331556f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\tzres.dll
331656f0.5ef4: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000000cc0 (hFile=0000000000000c88) with 0xc0000022 -> STATUS_TRUST_FAILURE
331756f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (22900) on \Device\HarddiskVolume8\Windows\System32\tzres.dll [avoiding WinVerifyTrust]
331856f0.5ef4: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000000c88 (hFile=0000000000000cc0) with 0xc0000022 -> STATUS_TRUST_FAILURE
331956f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bdc pwszName=\Device\HarddiskVolume8\Windows\System32\tzres.dll
332056f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000018451cfa530
332156f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000018451cfa530
332256f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A6D22862B025BB118DBBCFB82E5931E1B3439650
332356f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
332456f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
332556f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0415~31bf3856ad364e35~amd64~~10.0.22000.1219.cat'; file='\Device\HarddiskVolume8\Windows\System32\tzres.dll'
332656f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
332756f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\tzres.dll'
332856f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\oleaut32.dll
332956f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
333056f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd5540000 'C:\Windows\System32\oleaut32.dll'
333156f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000cb4 pwszName=\Device\HarddiskVolume8\Windows\System32\DWrite.dll
333256f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000018451cfa530
333356f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000018451cfa530
333456f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8AE5D5BE47C4C094784D740DD813A46A9A210B4C
333556f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
333656f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
333756f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-Graphics-DirectX-Package~31bf3856ad364e35~amd64~~10.0.22000.1165.cat'; file='\Device\HarddiskVolume8\Windows\System32\DWrite.dll'
333856f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
333956f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
334056f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
334156f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\DWrite.dll) WinVerifyTrust
334256f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\DWrite.dll
334356f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
334456f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume8\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
334556f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\rpcrt4.dll
334656f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
334756f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
334856f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dwrite.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
334956f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\DWrite.dll
335056f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdb68d0000 LB 0x0025f000 C:\Windows\system32\dwrite.dll [fFlags=0x0]
335156f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\DWrite.dll
335256f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdb68d0000 'C:\Windows\system32\dwrite.dll'
335356f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\gdi32.dll
335456f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\gdi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
335556f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd6e70000 'C:\Windows\system32\gdi32.dll'
335656f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
335756f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
335856f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
335956f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
336056f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'win32u.dll'.
336156f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'gdi32.dll'.
336256f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'dwmapi.dll'.
336356f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\d3d9.dll) WinVerifyTrust
336456f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\d3d9.dll
336556f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
336656f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume8\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
336756f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\dwmapi.dll
336856f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
336956f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume8\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
337056f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
337156f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume8\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
337256f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
337356f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume8\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
337456f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
337556f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
337656f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\d3d9.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
337756f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\d3d9.dll
337856f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdc59d0000 LB 0x001a6000 C:\Windows\system32\d3d9.dll [fFlags=0x0]
337956f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\d3d9.dll
338056f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdc59d0000 'C:\Windows\system32\d3d9.dll'
338156f0.5ef4: \Device\HarddiskVolume8\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_70cfb45e19c20af4\nvldumdx.dll: Owner is administrators group.
338256f0.5ef4: \Device\HarddiskVolume8\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_70cfb45e19c20af4\nvldumdx.dll: Signature #1/2: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0x632b4213; retrying against current time: 0x638808ff.
338356f0.5ef4: \Device\HarddiskVolume8\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_70cfb45e19c20af4\nvldumdx.dll: Signature #1/2: VERR_CR_X509_CPV_NOT_VALID_AT_TIME (-23033) w/ timestamp=0x638808ff/now.
338456f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
338556f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
338656f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'version.dll'.
338756f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'user32.dll'.
338856f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_70cfb45e19c20af4\nvldumdx.dll) WinVerifyTrust
338956f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_70cfb45e19c20af4\nvldumdx.dll
339056f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
339156f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume8\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
339256f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
339356f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume8\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
339456f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\version.dll
339556f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_70cfb45e19c20af4\nvldumdx.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
339656f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_70cfb45e19c20af4\nvldumdx.dll
339756f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdcbb00000 LB 0x00117000 C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_70cfb45e19c20af4\nvldumdx.dll [fFlags=0x0]
339856f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_70cfb45e19c20af4\nvldumdx.dll
339956f0.5ef4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
340056f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
340156f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4410000 'api-ms-win-core-synch-l1-2-0'
340256f0.5ef4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
340356f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
340456f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4410000 'api-ms-win-core-fibers-l1-1-1'
340556f0.5ef4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
340656f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
340756f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4410000 'api-ms-win-core-synch-l1-2-0'
340856f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\kernel32.dll
340956f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
341056f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd5270000 'C:\Windows\System32\kernel32.dll'
341156f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdcbb00000 'C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_70cfb45e19c20af4\nvldumdx.dll'
341256f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\msasn1.dll
341356f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\msasn1.dll (Input=msasn1.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
341456f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd3cc0000 'C:\Windows\System32\msasn1.dll'
341556f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdcc180000 'C:\Windows\System32\cryptnet.dll'
341656f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
341756f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
341856f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
341956f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\drvstore.dll) WinVerifyTrust
342056f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\drvstore.dll
342156f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
342256f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
342356f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\drvstore.dll (Input=drvstore.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
342456f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\drvstore.dll
342556f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdcbfc0000 LB 0x00149000 C:\Windows\System32\drvstore.dll [fFlags=0x0]
342656f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\drvstore.dll
342756f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdcbfc0000 'C:\Windows\System32\drvstore.dll'
342856f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
342956f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
343056f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'cfgmgr32.dll'.
343156f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\devobj.dll) WinVerifyTrust
343256f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\devobj.dll
343356f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
343456f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume8\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
343556f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
343656f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
343756f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\cfgmgr32.dll) WinVerifyTrust
343856f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\cfgmgr32.dll
343956f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\devobj.dll (Input=devobj.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
344056f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\devobj.dll
344156f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\cfgmgr32.dll
344256f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd4110000 LB 0x0004c000 C:\Windows\SYSTEM32\cfgmgr32.dll [fFlags=0x0]
344356f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\cfgmgr32.dll
344456f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd40e0000 LB 0x0002c000 C:\Windows\System32\devobj.dll [fFlags=0x0]
344556f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\devobj.dll
344656f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd40e0000 'C:\Windows\System32\devobj.dll'
344756f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
344856f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
344956f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
345056f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\wldp.dll) WinVerifyTrust
345156f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\wldp.dll
345256f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
345356f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
345456f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\wldp.dll (Input=wldp.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
345556f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\wldp.dll
345656f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd3d30000 LB 0x00041000 C:\Windows\System32\wldp.dll [fFlags=0x0]
345756f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\wldp.dll
345856f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd3d30000 'C:\Windows\System32\wldp.dll'
345956f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\cryptbase.dll
346056f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptbase.dll (Input=cryptbase.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
346156f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd3c80000 'C:\Windows\System32\cryptbase.dll'
346256f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
346356f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\wintrust.dll
346456f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\wintrust.dll (Input=wintrust.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
346556f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4790000 'C:\Windows\System32\wintrust.dll'
346656f0.5ef4: \Device\HarddiskVolume8\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_70cfb45e19c20af4\nvd3dumx_cfg.dll: Owner is administrators group.
346756f0.5ef4: \Device\HarddiskVolume8\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_70cfb45e19c20af4\nvd3dumx_cfg.dll: Signature #1/2: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0x632b40f0; retrying against current time: 0x63880900.
346856f0.5ef4: \Device\HarddiskVolume8\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_70cfb45e19c20af4\nvd3dumx_cfg.dll: Signature #1/2: VERR_CR_X509_CPV_NOT_VALID_AT_TIME (-23033) w/ timestamp=0x63880900/now.
346956f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
347056f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
347156f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'version.dll'.
347256f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
347356f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
347456f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
347556f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winmm.dll'.
347656f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_70cfb45e19c20af4\nvd3dumx_cfg.dll) WinVerifyTrust
347756f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_70cfb45e19c20af4\nvd3dumx_cfg.dll
347856f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
347956f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume8\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
348056f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\winmm.dll
348156f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
348256f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume8\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
348356f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
348456f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume8\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
348556f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\advapi32.dll
348656f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
348756f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume8\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
348856f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
348956f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume8\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
349056f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\version.dll
349156f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_70cfb45e19c20af4\nvd3dumx_cfg.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
349256f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_70cfb45e19c20af4\nvd3dumx_cfg.dll
349356f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffd03c00000 LB 0x01843000 C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_70cfb45e19c20af4\nvd3dumx_cfg.dll [fFlags=0x0]
349456f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_70cfb45e19c20af4\nvd3dumx_cfg.dll
349556f0.5ef4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
349656f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
349756f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4410000 'api-ms-win-core-synch-l1-2-0'
349856f0.5ef4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
349956f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
350056f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4410000 'api-ms-win-core-fibers-l1-1-1'
350156f0.5ef4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
350256f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
350356f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4410000 'api-ms-win-core-synch-l1-2-0'
350456f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\kernel32.dll
350556f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
350656f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd5270000 'C:\Windows\System32\kernel32.dll'
350756f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd03c00000 'C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_70cfb45e19c20af4\nvd3dumx_cfg.dll'
350856f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
350956f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\D3D12.dll)
351056f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\D3D12.dll
351156f0.5ef4: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000000c98 (hFile=0000000000000d70) with 0xc0000022 -> STATUS_TRUST_FAILURE
351256f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\D3D12.dll [avoiding WinVerifyTrust]
351356f0.5ef4: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000000d70 (hFile=0000000000000c98) with 0xc0000022 -> STATUS_TRUST_FAILURE
351456f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcp_win.dll'.
351556f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\directxdatabasehelper.dll)
351656f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\directxdatabasehelper.dll
351756f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\ntmarta.dll)
351856f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\ntmarta.dll
351956f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd35a0000 LB 0x00034000 C:\Windows\SYSTEM32\ntmarta.dll [fFlags=0x0]
352056f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\ntmarta.dll [avoiding WinVerifyTrust]
352156f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdced10000 LB 0x00044000 C:\Windows\SYSTEM32\directxdatabasehelper.dll [fFlags=0x0]
352256f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\directxdatabasehelper.dll [avoiding WinVerifyTrust]
352356f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
352456f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
352556f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\msvcp_win.dll
352656f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
352756f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
352856f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
352956f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
353056f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\ntmarta.dll'
353156f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
353256f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
353356f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\directxdatabasehelper.dll'
353456f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
353556f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
353656f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\D3D12.dll'
353756f0.5ef4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-core-resourcepolicy-l1-1-0.dll) -> 0x0, fPresent=1
353856f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-core-resourcepolicy-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
353956f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
354056f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
354156f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\ResourcePolicyClient.dll)
354256f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\ResourcePolicyClient.dll
354356f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd1910000 LB 0x00015000 C:\Windows\SYSTEM32\resourcepolicyclient.dll [fFlags=0x0]
354456f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\ResourcePolicyClient.dll [avoiding WinVerifyTrust]
354556f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd1910000 'ext-ms-win-core-resourcepolicy-l1-1-0.dll'
354656f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
354756f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume8\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
354856f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
354956f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
355056f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
355156f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
355256f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\ResourcePolicyClient.dll'
355356f0.5ef4: supR3HardenedDllNotificationCallback: Unload 00007ffdd1910000 LB 0x00015000 C:\Windows\SYSTEM32\resourcepolicyclient.dll [flags=0x0]
355456f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd6e70000 'C:\Windows\System32\gdi32.dll'
355556f0.5ef4: supR3HardenedDllNotificationCallback: Unload 00007ffd03c00000 LB 0x01843000 C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_70cfb45e19c20af4\nvd3dumx_cfg.dll [flags=0x0]
355656f0.5ef4: supR3HardenedDllNotificationCallback: Unload 00007ffdcbfc0000 LB 0x00149000 C:\Windows\System32\drvstore.dll [flags=0x0]
355756f0.5ef4: supR3HardenedDllNotificationCallback: Unload 00007ffdd40e0000 LB 0x0002c000 C:\Windows\System32\devobj.dll [flags=0x0]
355856f0.5ef4: supR3HardenedDllNotificationCallback: Unload 00007ffdd4110000 LB 0x0004c000 C:\Windows\SYSTEM32\cfgmgr32.dll [flags=0x0]
355956f0.5ef4: supR3HardenedDllNotificationCallback: Unload 00007ffdd3d30000 LB 0x00041000 C:\Windows\System32\wldp.dll [flags=0x0]
356056f0.5ef4: supR3HardenedDllNotificationCallback: Unload 00007ffdcbb00000 LB 0x00117000 C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_70cfb45e19c20af4\nvldumdx.dll [flags=0x0]
356156f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd5150000 LB 0x0011d000 C:\Windows\System32\MSCTF.dll [fFlags=0x0]
356256f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
356356f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\msctf.dll)
356456f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\msctf.dll
356556f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
356656f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
356756f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
356856f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
356956f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\msctf.dll'
357056f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d60 pwszName=\Device\HarddiskVolume8\Windows\System32\DataExchange.dll
357156f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000018451cfa530
357256f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000018451cfa530
357356f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=101A03863CE4DE896B456ABD0FCE21AF048BCA12
357456f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
357556f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
357656f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-AppRuntime-merged-Package~31bf3856ad364e35~amd64~~10.0.22000.1219.cat'; file='\Device\HarddiskVolume8\Windows\System32\DataExchange.dll'
357756f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
357856f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'msvcp_win.dll'.
357956f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\DataExchange.dll) WinVerifyTrust
358056f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\DataExchange.dll
358156f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
358256f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
358356f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
358456f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\DataExchange.dll
358556f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffd9b2e0000 LB 0x0005d000 C:\Windows\system32\dataexchange.dll [fFlags=0x0]
358656f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\DataExchange.dll
358756f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd9b2e0000 'C:\Windows\system32\dataexchange.dll'
358856f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'combase.dll'.
358956f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'msvcp_win.dll'.
359056f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\twinapi.appcore.dll)
359156f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\twinapi.appcore.dll
359256f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdcbc20000 LB 0x00266000 C:\Windows\system32\twinapi.appcore.dll [fFlags=0x0]
359356f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust]
359456f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
359556f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
359656f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
359756f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume8\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
359856f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\combase.dll
359956f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
360056f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
360156f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\twinapi.appcore.dll'
360256f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\SHCore.dll
360356f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Shcore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
360456f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd5450000 'C:\Windows\system32\Shcore.dll'
360556f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
360656f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
360756f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
360856f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\TextInputFramework.dll)
360956f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\TextInputFramework.dll
361056f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdc1440000 LB 0x0012d000 C:\Windows\SYSTEM32\textinputframework.dll [fFlags=0x0]
361156f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\TextInputFramework.dll [avoiding WinVerifyTrust]
361256f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'msvcp_win.dll'.
361356f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\CoreMessaging.dll)
361456f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\CoreMessaging.dll
361556f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdd11c0000 LB 0x00131000 C:\Windows\SYSTEM32\CoreMessaging.dll [fFlags=0x0]
361656f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\CoreMessaging.dll [avoiding WinVerifyTrust]
361756f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
361856f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
361956f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
362056f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume8\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
362156f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
362256f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume8\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
362356f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\oleaut32.dll
362456f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
362556f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
362656f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
362756f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
362856f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\CoreMessaging.dll'
362956f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
363056f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
363156f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\TextInputFramework.dll'
363256f0.5ef4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-security-sddl-l1-1-0.dll) -> 0x0, fPresent=1
363356f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-security-sddl-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
363456f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd5020000 'api-ms-win-security-sddl-l1-1-0.dll'
363556f0.5ef4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll) -> 0x0, fPresent=1
363656f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
363756f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd5620000 'ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll'
363856f0.5ef4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll) -> 0x0, fPresent=1
363956f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
364056f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd5620000 'ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll'
364156f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
364256f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'coremessaging.dll'.
364356f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\CoreUIComponents.dll)
364456f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\CoreUIComponents.dll
364556f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdcded0000 LB 0x0036d000 C:\Windows\SYSTEM32\CoreUIComponents.dll [fFlags=0x0]
364656f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\CoreUIComponents.dll [avoiding WinVerifyTrust]
364756f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
364856f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume8\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
364956f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\CoreMessaging.dll
365056f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
365156f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
365256f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
365356f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
365456f0.5ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\CoreUIComponents.dll'
365556f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd57d0000 'C:\Windows\System32\RPCRT4.dll'
365656f0.5ef4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-security-systemfunctions-l1-1-0) -> 0x0, fPresent=1
365756f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-security-systemfunctions-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
365856f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4e80000 'api-ms-win-security-systemfunctions-l1-1-0'
365956f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\msctf.dll
366056f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
366156f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd5150000 'C:\Windows\System32\MSCTF.dll'
366256f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd6be0000 'C:\Windows\System32\ole32.dll'
366356f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd5540000 'C:\Windows\System32\OLEAUT32.dll'
366456f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e64 pwszName=\Device\HarddiskVolume8\Windows\System32\wbem\wbemprox.dll
366556f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000018451cfa530
366656f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000018451cfa530
366756f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=72A7777E2E42F8ED9F54E831EF23DA9E1E18ED1C
366856f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
366956f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
367056f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0410~31bf3856ad364e35~amd64~~10.0.22000.1098.cat'; file='\Device\HarddiskVolume8\Windows\System32\wbem\wbemprox.dll'
367156f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
367256f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
367356f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'wbemcomn.dll'.
367456f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
367556f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\wbem\wbemprox.dll
367656f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
367756f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume8\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
367856f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e68 pwszName=\Device\HarddiskVolume8\Windows\System32\wbemcomn.dll
367956f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000018451cfa530
368056f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000018451cfa530
368156f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=45A464176830F0AA8063DB542765DA4B4DCE6F9E
368256f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
368356f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
368456f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0410~31bf3856ad364e35~amd64~~10.0.22000.1098.cat'; file='\Device\HarddiskVolume8\Windows\System32\wbemcomn.dll'
368556f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
368656f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
368756f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\wbemcomn.dll) WinVerifyTrust
368856f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\wbemcomn.dll
368956f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
369056f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
369156f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
369256f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
369356f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
369456f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\wbem\wbemprox.dll
369556f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\wbemcomn.dll
369656f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdc73d0000 LB 0x00082000 C:\Windows\SYSTEM32\wbemcomn.dll [fFlags=0x0]
369756f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\wbemcomn.dll
369856f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdca8d0000 LB 0x00010000 C:\Windows\system32\wbem\wbemprox.dll [fFlags=0x0]
369956f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\wbem\wbemprox.dll
370056f0.5ef4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(API-MS-Win-Core-LocalRegistry-L1-1-0.dll) -> 0x0, fPresent=1
370156f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
370256f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4410000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
370356f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdca8d0000 'C:\Windows\system32\wbem\wbemprox.dll'
370456f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ca8 pwszName=\Device\HarddiskVolume8\Windows\System32\wbem\wbemsvc.dll
370556f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000018451cfa530
370656f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000018451cfa530
370756f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3B9E6574CB33BE95DDDFC06987443AD17F741154
370856f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
370956f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
371056f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0410~31bf3856ad364e35~amd64~~10.0.22000.1098.cat'; file='\Device\HarddiskVolume8\Windows\System32\wbem\wbemsvc.dll'
371156f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
371256f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
371356f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
371456f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
371556f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\wbem\wbemsvc.dll
371656f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
371756f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume8\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
371856f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
371956f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
372056f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
372156f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\wbem\wbemsvc.dll
372256f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdc5ce0000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [fFlags=0x0]
372356f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\wbem\wbemsvc.dll
372456f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdc5ce0000 'C:\Windows\system32\wbem\wbemsvc.dll'
372556f0.5ef4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-0.dll) -> 0x0, fPresent=1
372656f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
372756f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4410000 'api-ms-win-core-localization-l1-2-0.dll'
372856f0.5ef4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-1-0.dll) -> 0x0, fPresent=1
372956f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
373056f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4410000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
373156f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e6c pwszName=\Device\HarddiskVolume8\Windows\System32\wbem\fastprox.dll
373256f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000018451cfa530
373356f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000018451cfa530
373456f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C006C9BBF3712859F7F5F20A758C570A45C51802
373556f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
373656f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
373756f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0410~31bf3856ad364e35~amd64~~10.0.22000.1098.cat'; file='\Device\HarddiskVolume8\Windows\System32\wbem\fastprox.dll'
373856f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
373956f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
374056f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'wbemcomn.dll'.
374156f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
374256f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\wbem\fastprox.dll
374356f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
374456f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume8\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
374556f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\wbemcomn.dll
374656f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
374756f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
374856f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
374956f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\wbem\fastprox.dll
375056f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdc5d00000 LB 0x000fa000 C:\Windows\system32\wbem\fastprox.dll [fFlags=0x0]
375156f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\wbem\fastprox.dll
375256f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdc5d00000 'C:\Windows\system32\wbem\fastprox.dll'
375356f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ea0 pwszName=\Device\HarddiskVolume8\Windows\System32\amsi.dll
375456f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000018451cfa530
375556f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000018451cfa530
375656f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1F9B29D2C3CA3C23581BE3FA30ADAFAE25F38574
375756f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
375856f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
375956f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.22000.1098.cat'; file='\Device\HarddiskVolume8\Windows\System32\amsi.dll'
376056f0.5ef4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
376156f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
376256f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
376356f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\amsi.dll) WinVerifyTrust
376456f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\amsi.dll
376556f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
376656f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume8\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
376756f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
376856f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
376956f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\amsi.dll (Input=amsi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
377056f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\amsi.dll
377156f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdc56e0000 LB 0x00023000 C:\Windows\System32\amsi.dll [fFlags=0x0]
377256f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\amsi.dll
377356f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdc56e0000 'C:\Windows\System32\amsi.dll'
377456f0.5ef4: \Device\HarddiskVolume8\Program Files\Avast Software\Avast\aswAMSI.dll: Owner is administrators group.
377556f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
377656f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
377756f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
377856f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
377956f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
378056f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
378156f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
378256f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
378356f0.5ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'powrprof.dll'.
378456f0.5ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Program Files\Avast Software\Avast\aswAMSI.dll) WinVerifyTrust
378556f0.5ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Program Files\Avast Software\Avast\aswAMSI.dll
378656f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'powrprof.dll'...
378756f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'powrprof.dll' -> '\Device\HarddiskVolume8\Windows\System32\powrprof.dll' [rcNtRedir=0xc0150008]
378856f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\powrprof.dll
378956f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
379056f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume8\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
379156f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
379256f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume8\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
379356f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
379456f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume8\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
379556f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
379656f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume8\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
379756f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\shell32.dll
379856f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
379956f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume8\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
380056f0.5ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\advapi32.dll
380156f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
380256f0.5ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume8\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
380356f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Avast Software\Avast\aswAMSI.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
380456f0.5ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Avast Software\Avast\aswAMSI.dll
380556f0.5ef4: supR3HardenedDllNotificationCallback: load 00007ffdc5480000 LB 0x0025c000 C:\Program Files\Avast Software\Avast\aswAMSI.dll [fFlags=0x0]
380656f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Avast Software\Avast\aswAMSI.dll
380756f0.5ef4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
380856f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
380956f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4410000 'api-ms-win-core-synch-l1-2-0'
381056f0.5ef4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
381156f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
381256f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4410000 'api-ms-win-core-fibers-l1-1-1'
381356f0.5ef4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
381456f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
381556f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4410000 'api-ms-win-core-synch-l1-2-0'
381656f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\kernel32.dll
381756f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
381856f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd5270000 'C:\Windows\System32\kernel32.dll'
381956f0.5ef4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-security-systemfunctions-l1-1-0) -> 0x0, fPresent=1
382056f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-security-systemfunctions-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
382156f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4e80000 'api-ms-win-security-systemfunctions-l1-1-0'
382256f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdc5480000 'C:\Program Files\Avast Software\Avast\aswAMSI.dll'
382356f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\advapi32.dll
382456f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
382556f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4e80000 'C:\Windows\System32\ADVAPI32.dll'
382656f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd6be0000 'C:\Windows\system32\ole32.dll'
382756f0.3328: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd6be0000 'C:\Windows\system32\ole32.dll'
382856f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
382956f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
383056f0.5d60: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll: Signature #1/2: info status: 24202
383156f0.5d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
383256f0.5d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
383356f0.5d60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.
383456f0.5d60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140_1.dll'.
383556f0.5d60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp140.dll'.
383656f0.5d60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
383756f0.5d60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
383856f0.5d60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
383956f0.5d60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
384056f0.5d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
384156f0.5d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume8\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
384256f0.5d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
384356f0.5d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
384456f0.5d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
384556f0.5d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
384656f0.5d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
384756f0.5d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
384856f0.5d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
384956f0.5d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
385056f0.5d60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
385156f0.5d60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
385256f0.5d60: supR3HardenedDllNotificationCallback: load 00007ffdc2530000 LB 0x00010000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
385356f0.5d60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
385456f0.5d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdc2530000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
385556f0.5b80: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll: Signature #1/2: info status: 24202
385656f0.5b80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
385756f0.5b80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
385856f0.5b80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.
385956f0.5b80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140_1.dll'.
386056f0.5b80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp140.dll'.
386156f0.5b80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
386256f0.5b80: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
386356f0.5b80: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
386456f0.5b80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
386556f0.5b80: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
386656f0.5b80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
386756f0.5b80: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
386856f0.5b80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
386956f0.5b80: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
387056f0.5b80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
387156f0.5b80: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
387256f0.5b80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
387356f0.5b80: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
387456f0.5b80: supR3HardenedDllNotificationCallback: load 00007ffdc1fc0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
387556f0.5b80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
387656f0.5b80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdc1fc0000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
387756f0.2e68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\shell32.dll
387856f0.2e68: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
387956f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd6420000 'C:\Windows\system32\Shell32.dll'
388056f0.2e68: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll: Signature #1/2: info status: 24202
388156f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
388256f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
388356f0.2e68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.
388456f0.2e68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
388556f0.2e68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
388656f0.2e68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
388756f0.2e68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'oleaut32.dll'.
388856f0.2e68: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll) WinVerifyTrust
388956f0.2e68: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
389056f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
389156f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume8\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
389256f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
389356f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume8\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
389456f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
389556f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume8\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
389656f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
389756f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
389856f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
389956f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
390056f0.2e68: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
390156f0.2e68: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
390256f0.2e68: supR3HardenedDllNotificationCallback: load 00007ffda5e00000 LB 0x00081000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
390356f0.2e68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
390456f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffda5e00000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
390556f0.2e68: supR3HardenedDllNotificationCallback: Unload 00007ffda5e00000 LB 0x00081000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
390656f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
390756f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
390856f0.2e68: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxDD.dll: Signature #1/2: info status: 24202
390956f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
391056f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
391156f0.2e68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.
391256f0.2e68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140_1.dll'.
391356f0.2e68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
391456f0.2e68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
391556f0.2e68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
391656f0.2e68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
391756f0.2e68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
391856f0.2e68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
391956f0.2e68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
392056f0.2e68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
392156f0.2e68: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
392256f0.2e68: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxDD.dll
392356f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
392456f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume8\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
392556f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
392656f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
392756f0.2e68: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
392856f0.2e68: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\IPHLPAPI.DLL
392956f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
393056f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume8\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
393156f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
393256f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume8\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
393356f0.2e68: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\ws2_32.dll
393456f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
393556f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume8\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
393656f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
393756f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
393856f0.2e68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
393956f0.2e68: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\setupapi.dll) WinVerifyTrust
394056f0.2e68: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\setupapi.dll
394156f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
394256f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume8\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
394356f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
394456f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
394556f0.2e68: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxDD2.dll: Signature #1/2: info status: 24202
394656f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
394756f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
394856f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
394956f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
395056f0.2e68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
395156f0.2e68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vcruntime140.dll'.
395256f0.2e68: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
395356f0.2e68: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxDD2.dll
395456f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
395556f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
395656f0.2e68: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxDDU.dll: Signature #1/2: info status: 24202
395756f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
395856f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
395956f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
396056f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
396156f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
396256f0.2e68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\crypt32.dll
396356f0.2e68: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
396456f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
396556f0.2e68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.
396656f0.2e68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
396756f0.2e68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
396856f0.2e68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
396956f0.2e68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
397056f0.2e68: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
397156f0.2e68: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxDDU.dll
397256f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
397356f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
397456f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
397556f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
397656f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
397756f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
397856f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
397956f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume8\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
398056f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
398156f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume8\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
398256f0.2e68: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\setupapi.dll
398356f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
398456f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume8\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
398556f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
398656f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
398756f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
398856f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
398956f0.2e68: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
399056f0.2e68: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxDD.dll
399156f0.2e68: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxDDU.dll
399256f0.2e68: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxDD2.dll
399356f0.2e68: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\IPHLPAPI.DLL
399456f0.2e68: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\cfgmgr32.dll
399556f0.2e68: supR3HardenedDllNotificationCallback: load 00007ffdd5fa0000 LB 0x0046c000 C:\Windows\System32\SETUPAPI.dll [fFlags=0x0]
399656f0.2e68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\setupapi.dll
399756f0.2e68: supR3HardenedDllNotificationCallback: load 00007ffdaa8a0000 LB 0x00070000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
399856f0.2e68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxDDU.dll
399956f0.2e68: supR3HardenedDllNotificationCallback: load 00007ffce1090000 LB 0x0085d000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
400056f0.2e68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxDD2.dll
400156f0.2e68: supR3HardenedDllNotificationCallback: load 00007ffdd3030000 LB 0x0002d000 C:\Windows\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
400256f0.2e68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\IPHLPAPI.DLL
400356f0.2e68: supR3HardenedDllNotificationCallback: load 00007ffdd4110000 LB 0x0004c000 C:\Windows\SYSTEM32\cfgmgr32.DLL [fFlags=0x0]
400456f0.2e68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\cfgmgr32.dll
400556f0.2e68: supR3HardenedDllNotificationCallback: load 00007ffce2c10000 LB 0x00b97000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
400656f0.2e68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxDD.dll
400756f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce2c10000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
400856f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
400956f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
401056f0.2e68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
401156f0.2e68: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
401256f0.2e68: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
401356f0.2e68: supR3HardenedDllNotificationCallback: load 00007ffda5e00000 LB 0x00081000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
401456f0.2e68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
401556f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffda5e00000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
401656f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
401756f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
401856f0.2e68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxC.dll
401956f0.2e68: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
402056f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf3d80000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
402156f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
402256f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
402356f0.2e68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxDD2.dll
402456f0.2e68: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
402556f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce1090000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
402656f0.2e68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\rsaenh.dll
402756f0.2e68: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
402856f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
402956f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
403056f0.2e68: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll: Signature #1/2: info status: 24202
403156f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
403256f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
403356f0.2e68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.
403456f0.2e68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
403556f0.2e68: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll) WinVerifyTrust
403656f0.2e68: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
403756f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
403856f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
403956f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
404056f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
404156f0.2e68: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
404256f0.2e68: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
404356f0.2e68: supR3HardenedDllNotificationCallback: load 00007ffdc1780000 LB 0x00012000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL [fFlags=0x0]
404456f0.2e68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
404556f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdc1780000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL'
404656f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
404756f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
404856f0.2e68: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll: Signature #1/2: info status: 24202
404956f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
405056f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
405156f0.2e68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.
405256f0.2e68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
405356f0.2e68: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll) WinVerifyTrust
405456f0.2e68: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
405556f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
405656f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
405756f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
405856f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
405956f0.2e68: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
406056f0.2e68: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
406156f0.2e68: supR3HardenedDllNotificationCallback: load 00007ffdc1300000 LB 0x00013000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [fFlags=0x0]
406256f0.2e68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
406356f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdc1300000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL'
406456f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
406556f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
406656f0.2e68: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll: Signature #1/2: info status: 24202
406756f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
406856f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
406956f0.2e68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.
407056f0.2e68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
407156f0.2e68: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll) WinVerifyTrust
407256f0.2e68: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
407356f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
407456f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
407556f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
407656f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
407756f0.2e68: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
407856f0.2e68: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
407956f0.2e68: supR3HardenedDllNotificationCallback: load 00007ffdbe9f0000 LB 0x00014000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [fFlags=0x0]
408056f0.2e68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
408156f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdbe9f0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL'
408256f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
408356f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
408456f0.708: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll: Signature #1/2: info status: 24202
408556f0.708: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
408656f0.708: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
408756f0.708: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.
408856f0.708: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
408956f0.708: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
409056f0.708: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
409156f0.708: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
409256f0.708: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
409356f0.708: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
409456f0.708: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
409556f0.708: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
409656f0.708: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
409756f0.708: supR3HardenedDllNotificationCallback: load 00007ffdbe940000 LB 0x00014000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
409856f0.708: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
409956f0.708: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdbe940000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
410056f0.5d38: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll: Signature #1/2: info status: 24202
410156f0.5d38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
410256f0.5d38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
410356f0.5d38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.
410456f0.5d38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140_1.dll'.
410556f0.5d38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp140.dll'.
410656f0.5d38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
410756f0.5d38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
410856f0.5d38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
410956f0.5d38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
411056f0.5d38: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
411156f0.5d38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
411256f0.5d38: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
411356f0.5d38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
411456f0.5d38: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
411556f0.5d38: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll
411656f0.5d38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
411756f0.5d38: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
411856f0.5d38: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
411956f0.5d38: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
412056f0.5d38: supR3HardenedDllNotificationCallback: load 00007ffdc1fb0000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
412156f0.5d38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
412256f0.5d38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdc1fb0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
412356f0.1f98: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll: Signature #1/2: info status: 24202
412456f0.1f98: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
412556f0.1f98: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
412656f0.1f98: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.
412756f0.1f98: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140_1.dll'.
412856f0.1f98: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp140.dll'.
412956f0.1f98: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
413056f0.1f98: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
413156f0.1f98: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
413256f0.1f98: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
413356f0.1f98: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
413456f0.1f98: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
413556f0.1f98: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
413656f0.1f98: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
413756f0.1f98: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
413856f0.1f98: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
413956f0.1f98: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
414056f0.1f98: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\vcruntime140.dll
414156f0.1f98: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
414256f0.1f98: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
414356f0.1f98: supR3HardenedDllNotificationCallback: load 00007ffdc1290000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
414456f0.1f98: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
414556f0.1f98: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdc1290000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
414656f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
414756f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
414856f0.2e68: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll: Signature #1/2: info status: 24202
414956f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
415056f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
415156f0.2e68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.
415256f0.2e68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
415356f0.2e68: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll) WinVerifyTrust
415456f0.2e68: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
415556f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
415656f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
415756f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
415856f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
415956f0.2e68: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
416056f0.2e68: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
416156f0.2e68: supR3HardenedDllNotificationCallback: load 00007ffdd0800000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL [fFlags=0x0]
416256f0.2e68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
416356f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd0800000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL'
416456f0.2e68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\IPHLPAPI.DLL
416556f0.2e68: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
416656f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd3030000 'C:\Windows\system32\Iphlpapi.dll'
416756f0.2e68: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\winnsi.dll)
416856f0.2e68: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\winnsi.dll
416956f0.2e68: supR3HardenedDllNotificationCallback: load 00007ffdccc40000 LB 0x0000c000 C:\Windows\SYSTEM32\WINNSI.DLL [fFlags=0x0]
417056f0.2e68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\winnsi.dll [avoiding WinVerifyTrust]
417156f0.2e68: supR3HardenedDllNotificationCallback: load 00007ffdd5b20000 LB 0x00009000 C:\Windows\System32\NSI.dll [fFlags=0x0]
417256f0.2e68: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\nsi.dll)
417356f0.2e68: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\nsi.dll
417456f0.2e68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
417556f0.2e68: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\dhcpcsvc6.dll)
417656f0.2e68: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\dhcpcsvc6.dll
417756f0.2e68: supR3HardenedDllNotificationCallback: load 00007ffdcccf0000 LB 0x00019000 C:\Windows\SYSTEM32\dhcpcsvc6.DLL [fFlags=0x0]
417856f0.2e68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\dhcpcsvc6.dll [avoiding WinVerifyTrust]
417956f0.2e68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
418056f0.2e68: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\dhcpcsvc.dll)
418156f0.2e68: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\dhcpcsvc.dll
418256f0.2e68: supR3HardenedDllNotificationCallback: load 00007ffdcdc80000 LB 0x0001e000 C:\Windows\SYSTEM32\dhcpcsvc.DLL [fFlags=0x0]
418356f0.2e68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\dhcpcsvc.dll [avoiding WinVerifyTrust]
418456f0.2e68: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\dnsapi.dll)
418556f0.2e68: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\dnsapi.dll
418656f0.2e68: supR3HardenedDllNotificationCallback: load 00007ffdd3060000 LB 0x000e8000 C:\Windows\SYSTEM32\DNSAPI.dll [fFlags=0x0]
418756f0.2e68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\dnsapi.dll [avoiding WinVerifyTrust]
418856f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
418956f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume8\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
419056f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
419156f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume8\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
419256f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
419356f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
419456f0.2e68: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\dnsapi.dll'
419556f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
419656f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
419756f0.2e68: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\dhcpcsvc.dll'
419856f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
419956f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
420056f0.2e68: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\dhcpcsvc6.dll'
420156f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
420256f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
420356f0.2e68: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\nsi.dll'
420456f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
420556f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
420656f0.2e68: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume8\Windows\System32\winnsi.dll'
420756f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
420856f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
420956f0.2e68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
421056f0.2e68: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\MMDevAPI.dll) WinVerifyTrust
421156f0.2e68: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\MMDevAPI.dll
421256f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
421356f0.2e68: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume8\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
421456f0.2e68: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
421556f0.2e68: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\MMDevAPI.dll
421656f0.2e68: supR3HardenedDllNotificationCallback: load 00007ffdc6240000 LB 0x0009b000 C:\Windows\System32\MMDevApi.dll [fFlags=0x0]
421756f0.2e68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\MMDevAPI.dll
421856f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdc6240000 'C:\Windows\System32\MMDevApi.dll'
421956f0.2e68: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\devobj.dll
422056f0.2e68: supR3HardenedDllNotificationCallback: load 00007ffdd40e0000 LB 0x0002c000 C:\Windows\System32\DEVOBJ.dll [fFlags=0x0]
422156f0.2e68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\devobj.dll
422256f0.2e68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\MMDevAPI.dll
422356f0.2e68: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
422456f0.2e68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdc6240000 'C:\Windows\System32\MMDEVAPI.DLL'
422556f0.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
422656f0.bc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\wintrust.dll
422756f0.bc0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
422856f0.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4790000 'C:\Windows\System32\WINTRUST.DLL'
422956f0.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\CRYPT32.dll'
423056f0.bc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\cryptnet.dll
423156f0.bc0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
423256f0.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdcc180000 'C:\Windows\System32\cryptnet.dll'
423356f0.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
423456f0.bc0: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxVRDP.dll: Signature #1/2: info status: 24202
423556f0.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
423656f0.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
423756f0.bc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.
423856f0.bc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
423956f0.bc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
424056f0.bc0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxVRDP.dll) WinVerifyTrust
424156f0.bc0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxVRDP.dll
424256f0.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
424356f0.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume8\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
424456f0.bc0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\ws2_32.dll
424556f0.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
424656f0.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
424756f0.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
424856f0.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume8\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
424956f0.bc0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxVRDP.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
425056f0.bc0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxVRDP.dll
425156f0.bc0: supR3HardenedDllNotificationCallback: load 00007ffda52a0000 LB 0x000c3000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxVRDP.DLL [fFlags=0x0]
425256f0.bc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxVRDP.dll
425356f0.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffda52a0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxVRDP.DLL'
425456f0.5250: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd34e0000 'C:\Windows\system32\rsaenh.dll'
425556f0.5250: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4af0000 'C:\Windows\System32\crypt32.dll'
425656f0.5250: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'ws2_32.dll'.
425756f0.5250: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
425856f0.5250: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\mswsock.dll) WinVerifyTrust
425956f0.5250: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\mswsock.dll
426056f0.5250: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
426156f0.5250: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume8\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
426256f0.5250: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
426356f0.5250: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume8\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
426456f0.5250: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\ws2_32.dll
426556f0.5250: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\mswsock.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
426656f0.5250: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\mswsock.dll
426756f0.5250: supR3HardenedDllNotificationCallback: load 00007ffdd3a20000 LB 0x00067000 C:\Windows\system32\mswsock.dll [fFlags=0x0]
426856f0.5250: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\mswsock.dll
426956f0.5250: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd3a20000 'C:\Windows\system32\mswsock.dll'
427056f0.5250: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\mswsock.dll
427156f0.5250: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\mswsock.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
427256f0.5250: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd3a20000 'C:\Windows\system32\mswsock.dll'
427356f0.5ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Windows\System32\ole32.dll
427456f0.5ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
427556f0.5ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd6be0000 'C:\Windows\system32\ole32.dll'
427656f0.468c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-sysinfo-l1-2-1) -> 0x0, fPresent=1
427756f0.468c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-sysinfo-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
427856f0.468c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd4410000 'api-ms-win-core-sysinfo-l1-2-1'
427956f0.1f98: supR3HardenedDllNotificationCallback: Unload 00007ffdc1290000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [flags=0x0]
428056f0.5d38: supR3HardenedDllNotificationCallback: Unload 00007ffdc1fb0000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [flags=0x0]
428156f0.708: supR3HardenedDllNotificationCallback: Unload 00007ffdbe940000 LB 0x00014000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [flags=0x0]
428256f0.5b80: supR3HardenedDllNotificationCallback: Unload 00007ffdc1fc0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [flags=0x0]
428356f0.5d60: supR3HardenedDllNotificationCallback: Unload 00007ffdc2530000 LB 0x00010000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [flags=0x0]
428456f0.2e68: supR3HardenedDllNotificationCallback: Unload 00007ffdbe9f0000 LB 0x00014000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [flags=0x0]
428556f0.2e68: supR3HardenedDllNotificationCallback: Unload 00007ffdc1300000 LB 0x00013000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [flags=0x0]
428656f0.2e68: supR3HardenedDllNotificationCallback: Unload 00007ffdc1780000 LB 0x00012000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL [flags=0x0]
428756f0.2e68: supR3HardenedDllNotificationCallback: Unload 00007ffda5e00000 LB 0x00081000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
428856f0.2e68: supR3HardenedDllNotificationCallback: Unload 00007ffce2c10000 LB 0x00b97000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [flags=0x0]
428956f0.2e68: supR3HardenedDllNotificationCallback: Unload 00007ffdaa8a0000 LB 0x00070000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [flags=0x0]
429056f0.2e68: supR3HardenedDllNotificationCallback: Unload 00007ffce1090000 LB 0x0085d000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [flags=0x0]
429156f0.2e68: supR3HardenedDllNotificationCallback: Unload 00007ffdd5fa0000 LB 0x0046c000 C:\Windows\System32\SETUPAPI.dll [flags=0x0]
429256f0.5ef4: supR3HardenedDllNotificationCallback: Unload 00007ffdcca70000 LB 0x00009000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL [flags=0x0]
429356f0.5ef4: supR3HardenedDllNotificationCallback: Unload 00007ffce37b0000 LB 0x004d1000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [flags=0x0]
429456f0.5ef4: supR3HardenedDllNotificationCallback: Unload 00007ffd9a830000 LB 0x00066000 C:\Windows\System32\thumbcache.dll [flags=0x0]
429556f0.5ef4: supR3HardenedDllNotificationCallback: Unload 00007ffdaf590000 LB 0x000db000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [flags=0x0]
429656f0.5ef4: supR3HardenedDllNotificationCallback: Unload 00007ffdc5ce0000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [flags=0x0]
429756f0.5ef4: supR3HardenedDllNotificationCallback: Unload 00007ffdca8d0000 LB 0x00010000 C:\Windows\system32\wbem\wbemprox.dll [flags=0x0]
429856f0.5ef4: supR3HardenedDllNotificationCallback: Unload 00007ffd9b2e0000 LB 0x0005d000 C:\Windows\system32\dataexchange.dll [flags=0x0]
429956f0.5ef4: supR3HardenedDllNotificationCallback: Unload 00007ffdcbc20000 LB 0x00266000 C:\Windows\system32\twinapi.appcore.dll [flags=0x0]
430056f0.5ef4: supR3HardenedDllNotificationCallback: Unload 00007ffcf3d80000 LB 0x003d8000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [flags=0x0]
430156f0.5ef4: supR3HardenedDllNotificationCallback: Unload 00007ffdc5d00000 LB 0x000fa000 C:\Windows\system32\wbem\fastprox.dll [flags=0x0]
430256f0.5ef4: supR3HardenedDllNotificationCallback: Unload 00007ffdc73d0000 LB 0x00082000 C:\Windows\SYSTEM32\wbemcomn.dll [flags=0x0]
430356f0.5ef4: Terminating the normal way: rcExit=0
43043d74.10f0: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 334692 ms, the end);
4305b88.3fc8: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 335850 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy