VirtualBox

Ticket #21488: VBoxHardening.log

File VBoxHardening.log, 453.0 KB (added by seven_vb, 20 months ago)
Line 
13570.62f0: \SystemRoot\System32\ntdll.dll:
23570.62f0: CreationTime: 2022-11-30T10:47:54.611997200Z
33570.62f0: LastWriteTime: 2022-11-30T10:47:54.653518800Z
43570.62f0: ChangeTime: 2023-01-23T07:55:09.766507900Z
53570.62f0: FileAttributes: 0x20
63570.62f0: Size: 0x212f88
73570.62f0: NT Headers: 0xe0
83570.62f0: Timestamp: 0xa97a9ed6
93570.62f0: Machine: 0x8664 - amd64
103570.62f0: Timestamp: 0xa97a9ed6
113570.62f0: Image Version: 10.0
123570.62f0: SizeOfImage: 0x214000 (2179072)
133570.62f0: Resource Dir: 0x19e000 LB 0x747c8
143570.62f0: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
153570.62f0: [Raw version resource data: 0x19e0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
163570.62f0: ProductName: Microsoft® Windows® Operating System
173570.62f0: ProductVersion: 10.0.22621.900
183570.62f0: FileVersion: 10.0.22621.900 (WinBuild.160101.0800)
193570.62f0: FileDescription: NT Layer DLL
203570.62f0: \SystemRoot\System32\kernel32.dll:
213570.62f0: CreationTime: 2023-01-23T07:54:28.266970200Z
223570.62f0: LastWriteTime: 2023-01-23T07:54:28.287808400Z
233570.62f0: ChangeTime: 2023-01-23T08:05:41.567673000Z
243570.62f0: FileAttributes: 0x20
253570.62f0: Size: 0xc6118
263570.62f0: NT Headers: 0xe8
273570.62f0: Timestamp: 0xc8f98068
283570.62f0: Machine: 0x8664 - amd64
293570.62f0: Timestamp: 0xc8f98068
303570.62f0: Image Version: 10.0
313570.62f0: SizeOfImage: 0xc3000 (798720)
323570.62f0: Resource Dir: 0xc1000 LB 0x520
333570.62f0: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
343570.62f0: [Raw version resource data: 0xc10b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
353570.62f0: ProductName: Microsoft® Windows® Operating System
363570.62f0: ProductVersion: 10.0.22621.1192
373570.62f0: FileVersion: 10.0.22621.1192 (WinBuild.160101.0800)
383570.62f0: FileDescription: Windows NT BASE API Client DLL
393570.62f0: \SystemRoot\System32\KernelBase.dll:
403570.62f0: CreationTime: 2023-01-23T07:54:30.948765300Z
413570.62f0: LastWriteTime: 2023-01-23T07:54:31.075418500Z
423570.62f0: ChangeTime: 2023-01-23T08:05:41.614555000Z
433570.62f0: FileAttributes: 0x20
443570.62f0: Size: 0x3a3780
453570.62f0: NT Headers: 0x100
463570.62f0: Timestamp: 0xfaa44dd0
473570.62f0: Machine: 0x8664 - amd64
483570.62f0: Timestamp: 0xfaa44dd0
493570.62f0: Image Version: 10.0
503570.62f0: SizeOfImage: 0x39c000 (3784704)
513570.62f0: Resource Dir: 0x36b000 LB 0x548
523570.62f0: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
533570.62f0: [Raw version resource data: 0x36b0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
543570.62f0: ProductName: Microsoft® Windows® Operating System
553570.62f0: ProductVersion: 10.0.22621.1192
563570.62f0: FileVersion: 10.0.22621.1192 (WinBuild.160101.0800)
573570.62f0: FileDescription: Windows NT BASE API Client DLL
583570.62f0: \SystemRoot\System32\apisetschema.dll:
593570.62f0: CreationTime: 2023-01-23T07:54:18.790267200Z
603570.62f0: LastWriteTime: 2023-01-23T07:54:18.794216300Z
613570.62f0: ChangeTime: 2023-01-23T08:04:45.040904700Z
623570.62f0: FileAttributes: 0x20
633570.62f0: Size: 0x24560
643570.62f0: NT Headers: 0xc8
653570.62f0: Timestamp: 0x845ac5a8
663570.62f0: Machine: 0x8664 - amd64
673570.62f0: Timestamp: 0x845ac5a8
683570.62f0: Image Version: 10.0
693570.62f0: SizeOfImage: 0x23000 (143360)
703570.62f0: Resource Dir: 0x22000 LB 0x408
713570.62f0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
723570.62f0: [Raw version resource data: 0x22060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
733570.62f0: ProductName: Microsoft® Windows® Operating System
743570.62f0: ProductVersion: 10.0.22621.1192
753570.62f0: FileVersion: 10.0.22621.1192 (WinBuild.160101.0800)
763570.62f0: FileDescription: ApiSet Schema DLL
773570.62f0: NtOpenDirectoryObject failed on \Driver: 0xc0000022
783570.62f0: supR3HardenedWinFindAdversaries: 0x4
793570.62f0: \SystemRoot\System32\drivers\aswMonFlt.sys:
803570.62f0: CreationTime: 2023-01-09T06:26:20.946486700Z
813570.62f0: LastWriteTime: 2023-01-09T06:26:17.918675600Z
823570.62f0: ChangeTime: 2023-01-09T06:26:17.918675600Z
833570.62f0: FileAttributes: 0x20
843570.62f0: Size: 0x41670
853570.62f0: NT Headers: 0xe8
863570.62f0: Timestamp: 0x6385db89
873570.62f0: Machine: 0x8664 - amd64
883570.62f0: Timestamp: 0x6385db89
893570.62f0: Image Version: 10.0
903570.62f0: SizeOfImage: 0x45000 (282624)
913570.62f0: Resource Dir: 0x43000 LB 0x3a0
923570.62f0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
933570.62f0: [Raw version resource data: 0x43060 LB 0x340, codepage 0x0 (reserved 0x0)]
943570.62f0: ProductName: Avast Antivirus
953570.62f0: ProductVersion: 22.12.474.0
963570.62f0: FileVersion: 22.12.474.0
973570.62f0: FileDescription: Avast File System Filter
983570.62f0: \SystemRoot\System32\drivers\aswRdr2.sys:
993570.62f0: CreationTime: 2023-01-09T06:26:20.944534900Z
1003570.62f0: LastWriteTime: 2023-01-09T06:26:17.879419200Z
1013570.62f0: ChangeTime: 2023-01-09T06:26:17.879419200Z
1023570.62f0: FileAttributes: 0x20
1033570.62f0: Size: 0x19b20
1043570.62f0: NT Headers: 0xe8
1053570.62f0: Timestamp: 0x6385db8a
1063570.62f0: Machine: 0x8664 - amd64
1073570.62f0: Timestamp: 0x6385db8a
1083570.62f0: Image Version: 10.0
1093570.62f0: SizeOfImage: 0x1b000 (110592)
1103570.62f0: Resource Dir: 0x19000 LB 0x388
1113570.62f0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1123570.62f0: [Raw version resource data: 0x19060 LB 0x324, codepage 0x0 (reserved 0x0)]
1133570.62f0: ProductName: Avast Antivirus
1143570.62f0: ProductVersion: 22.12.474.0
1153570.62f0: FileVersion: 22.12.474.0
1163570.62f0: FileDescription: Avast Antivirus
1173570.62f0: \SystemRoot\System32\drivers\aswRvrt.sys:
1183570.62f0: CreationTime: 2023-01-09T06:26:20.947463700Z
1193570.62f0: LastWriteTime: 2023-01-09T06:26:17.940251300Z
1203570.62f0: ChangeTime: 2023-01-09T06:26:17.940251300Z
1213570.62f0: FileAttributes: 0x20
1223570.62f0: Size: 0x139f8
1233570.62f0: NT Headers: 0xe8
1243570.62f0: Timestamp: 0x6385db88
1253570.62f0: Machine: 0x8664 - amd64
1263570.62f0: Timestamp: 0x6385db88
1273570.62f0: Image Version: 10.0
1283570.62f0: SizeOfImage: 0x13000 (77824)
1293570.62f0: Resource Dir: 0x11000 LB 0x380
1303570.62f0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1313570.62f0: [Raw version resource data: 0x11060 LB 0x320, codepage 0x0 (reserved 0x0)]
1323570.62f0: ProductName: Avast Antivirus
1333570.62f0: ProductVersion: 22.12.474.0
1343570.62f0: FileVersion: 22.12.474.0
1353570.62f0: FileDescription: Avast Revert
1363570.62f0: \SystemRoot\System32\drivers\aswSnx.sys:
1373570.62f0: CreationTime: 2023-01-09T06:26:20.939101300Z
1383570.62f0: LastWriteTime: 2023-01-09T06:26:12.663482100Z
1393570.62f0: ChangeTime: 2023-01-09T06:26:12.663482100Z
1403570.62f0: FileAttributes: 0x20
1413570.62f0: Size: 0xd0020
1423570.62f0: NT Headers: 0xf0
1433570.62f0: Timestamp: 0x6385dba5
1443570.62f0: Machine: 0x8664 - amd64
1453570.62f0: Timestamp: 0x6385dba5
1463570.62f0: Image Version: 10.0
1473570.62f0: SizeOfImage: 0xd0000 (851968)
1483570.62f0: Resource Dir: 0xcd000 LB 0x388
1493570.62f0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1503570.62f0: [Raw version resource data: 0xcd060 LB 0x324, codepage 0x0 (reserved 0x0)]
1513570.62f0: ProductName: Avast Antivirus
1523570.62f0: ProductVersion: 22.12.474.0
1533570.62f0: FileVersion: 22.12.474.0
1543570.62f0: FileDescription: Avast Antivirus
1553570.62f0: \SystemRoot\System32\drivers\aswsp.sys:
1563570.62f0: CreationTime: 2023-01-09T06:26:20.947463700Z
1573570.62f0: LastWriteTime: 2023-02-01T14:26:26.879778500Z
1583570.62f0: ChangeTime: 2023-02-01T14:26:26.879778500Z
1593570.62f0: FileAttributes: 0x20
1603570.62f0: Size: 0xa9cd0
1613570.62f0: NT Headers: 0xe8
1623570.62f0: Timestamp: 0x63d9172a
1633570.62f0: Machine: 0x8664 - amd64
1643570.62f0: Timestamp: 0x63d9172a
1653570.62f0: Image Version: 10.0
1663570.62f0: SizeOfImage: 0xac000 (704512)
1673570.62f0: Resource Dir: 0xa9000 LB 0x388
1683570.62f0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1693570.62f0: [Raw version resource data: 0xa9060 LB 0x328, codepage 0x0 (reserved 0x0)]
1703570.62f0: ProductName: Avast Antivirus
1713570.62f0: ProductVersion: 22.12.501.0
1723570.62f0: FileVersion: 22.12.501.0
1733570.62f0: FileDescription: Avast Self Protection
1743570.62f0: \SystemRoot\System32\drivers\aswStm.sys:
1753570.62f0: CreationTime: 2023-01-09T06:26:20.950392400Z
1763570.62f0: LastWriteTime: 2023-01-09T06:26:18.270876600Z
1773570.62f0: ChangeTime: 2023-01-09T06:26:18.270876600Z
1783570.62f0: FileAttributes: 0x20
1793570.62f0: Size: 0x33e98
1803570.62f0: NT Headers: 0xf0
1813570.62f0: Timestamp: 0x6385db9e
1823570.62f0: Machine: 0x8664 - amd64
1833570.62f0: Timestamp: 0x6385db9e
1843570.62f0: Image Version: 10.0
1853570.62f0: SizeOfImage: 0x35000 (217088)
1863570.62f0: Resource Dir: 0x33000 LB 0x390
1873570.62f0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1883570.62f0: [Raw version resource data: 0x33060 LB 0x32c, codepage 0x0 (reserved 0x0)]
1893570.62f0: ProductName: Avast Antivirus
1903570.62f0: ProductVersion: 22.12.474.0
1913570.62f0: FileVersion: 22.12.474.0
1923570.62f0: FileDescription: Avast Stream Filter
1933570.62f0: \SystemRoot\System32\drivers\aswVmm.sys:
1943570.62f0: CreationTime: 2023-01-09T06:26:20.951949700Z
1953570.62f0: LastWriteTime: 2023-01-09T06:26:19.193172200Z
1963570.62f0: ChangeTime: 2023-01-09T06:26:19.193172200Z
1973570.62f0: FileAttributes: 0x20
1983570.62f0: Size: 0x4dbf8
1993570.62f0: NT Headers: 0xf8
2003570.62f0: Timestamp: 0x6385db98
2013570.62f0: Machine: 0x8664 - amd64
2023570.62f0: Timestamp: 0x6385db98
2033570.62f0: Image Version: 10.0
2043570.62f0: SizeOfImage: 0x4c000 (311296)
2053570.62f0: Resource Dir: 0x4a000 LB 0x388
2063570.62f0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
2073570.62f0: [Raw version resource data: 0x4a060 LB 0x328, codepage 0x0 (reserved 0x0)]
2083570.62f0: ProductName: Avast Antivirus
2093570.62f0: ProductVersion: 22.12.474.0
2103570.62f0: FileVersion: 22.12.474.0
2113570.62f0: FileDescription: Avast VM Monitor
2123570.62f0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
2133570.62f0: Calling main()
2143570.62f0: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
2153570.62f0: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
2163570.62f0: SUPR3HardenedMain: Respawn #1
2173570.62f0: System32: \Device\HarddiskVolume5\Windows\System32
2183570.62f0: WinSxS: \Device\HarddiskVolume5\Windows\WinSxS
2193570.62f0: KnownDllPath: C:\WINDOWS\System32
2203570.62f0: supR3HardenedWinInit: Performing a limited self purification...
2213570.62f0: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION
2223570.62f0: *0000000000000000-000000007ffdffff 0x0001/0x0000 0x0000000
2233570.62f0: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
2243570.62f0: 000000007ffe1000-000000007ffebfff 0x0001/0x0000 0x0000000
2253570.62f0: *000000007ffec000-000000007ffecfff 0x0002/0x0002 0x0020000
2263570.62f0: 000000007ffed000-00000005d35fffff 0x0001/0x0000 0x0000000
2273570.62f0: *00000005d3600000-00000005d3771fff 0x0000/0x0004 0x0020000
2283570.62f0: 00000005d3772000-00000005d3774fff 0x0004/0x0004 0x0020000
2293570.62f0: 00000005d3775000-00000005d37fffff 0x0000/0x0004 0x0020000
2303570.62f0: *00000005d3800000-00000005d38b0fff 0x0000/0x0004 0x0020000
2313570.62f0: 00000005d38b1000-00000005d38b3fff 0x0104/0x0004 0x0020000
2323570.62f0: 00000005d38b4000-00000005d38fffff 0x0004/0x0004 0x0020000
2333570.62f0: 00000005d3900000-00000138f8b3ffff 0x0001/0x0000 0x0000000
2343570.62f0: *00000138f8b40000-00000138f8b4ffff 0x0004/0x0004 0x0040000
2353570.62f0: *00000138f8b50000-00000138f8b52fff 0x0002/0x0002 0x0040000
2363570.62f0: 00000138f8b53000-00000138f8b5ffff 0x0001/0x0000 0x0000000
2373570.62f0: *00000138f8b60000-00000138f8b7efff 0x0002/0x0002 0x0040000
2383570.62f0: 00000138f8b7f000-00000138f8b7ffff 0x0001/0x0000 0x0000000
2393570.62f0: *00000138f8b80000-00000138f8b80fff 0x0020/0x0020 0x0040000 !!
2403570.62f0: 00000138f8b81000-00000138f8b8ffff 0x0001/0x0000 0x0000000
2413570.62f0: *00000138f8b90000-00000138f8b93fff 0x0002/0x0002 0x0040000
2423570.62f0: 00000138f8b94000-00000138f8b9ffff 0x0001/0x0000 0x0000000
2433570.62f0: *00000138f8ba0000-00000138f8ba0fff 0x0002/0x0002 0x0040000
2443570.62f0: 00000138f8ba1000-00000138f8baffff 0x0001/0x0000 0x0000000
2453570.62f0: *00000138f8bb0000-00000138f8bb1fff 0x0004/0x0004 0x0020000
2463570.62f0: 00000138f8bb2000-00000138f8bbffff 0x0001/0x0000 0x0000000
2473570.62f0: *00000138f8bc0000-00000138f8bc2fff 0x0002/0x0002 0x0040000
2483570.62f0: 00000138f8bc3000-00000138f8bcffff 0x0001/0x0000 0x0000000
2493570.62f0: *00000138f8bd0000-00000138f8bd1fff 0x0004/0x0004 0x0020000
2503570.62f0: 00000138f8bd2000-00000138f8c31fff 0x0000/0x0004 0x0020000
2513570.62f0: 00000138f8c32000-00000138f8c3ffff 0x0001/0x0000 0x0000000
2523570.62f0: *00000138f8c40000-00000138f8c40fff 0x0002/0x0002 0x0040000
2533570.62f0: 00000138f8c41000-00000138f8c4ffff 0x0001/0x0000 0x0000000
2543570.62f0: *00000138f8c50000-00000138f8c50fff 0x0002/0x0002 0x0040000
2553570.62f0: 00000138f8c51000-00000138f8c5ffff 0x0001/0x0000 0x0000000
2563570.62f0: *00000138f8c60000-00000138f8c60fff 0x0002/0x0002 0x0040000
2573570.62f0: 00000138f8c61000-00000138f8c7ffff 0x0001/0x0000 0x0000000
2583570.62f0: *00000138f8c80000-00000138f8c8afff 0x0004/0x0004 0x0020000
2593570.62f0: 00000138f8c8b000-00000138f8d7ffff 0x0000/0x0004 0x0020000
2603570.62f0: *00000138f8d80000-00000138f8e4dfff 0x0002/0x0002 0x0040000
2613570.62f0: 00000138f8e4e000-00000138f8e4ffff 0x0001/0x0000 0x0000000
2623570.62f0: *00000138f8e50000-00000138f8e51fff 0x0004/0x0004 0x0020000
2633570.62f0: 00000138f8e52000-00000138f8eb1fff 0x0000/0x0004 0x0020000
2643570.62f0: 00000138f8eb2000-00000138f8ebffff 0x0001/0x0000 0x0000000
2653570.62f0: *00000138f8ec0000-00000138f8eedfff 0x0004/0x0004 0x0020000
2663570.62f0: 00000138f8eee000-00000138f8fbffff 0x0000/0x0004 0x0020000
2673570.62f0: 00000138f8fc0000-00000138f8fdffff 0x0001/0x0000 0x0000000
2683570.62f0: *00000138f8fe0000-00000138f8feefff 0x0004/0x0004 0x0020000
2693570.62f0: 00000138f8fef000-00000138f8feffff 0x0000/0x0004 0x0020000
2703570.62f0: *00000138f8ff0000-00000138f8ff8fff 0x0000/0x0004 0x0020000
2713570.62f0: 00000138f8ff9000-00000138f920dfff 0x0004/0x0004 0x0020000
2723570.62f0: 00000138f920e000-00000138f920efff 0x0000/0x0004 0x0020000
2733570.62f0: 00000138f920f000-00007df44128ffff 0x0001/0x0000 0x0000000
2743570.62f0: *00007df441290000-00007df441294fff 0x0002/0x0002 0x0040000
2753570.62f0: 00007df441295000-00007df44138ffff 0x0000/0x0002 0x0040000
2763570.62f0: *00007df441390000-00007df5413affff 0x0000/0x0004 0x0020000
2773570.62f0: *00007df5413b0000-00007df5433affff 0x0000/0x0004 0x0020000
2783570.62f0: 00007df5433b0000-00007df5433b0fff 0x0004/0x0004 0x0020000
2793570.62f0: 00007df5433b1000-00007df5433bffff 0x0001/0x0000 0x0000000
2803570.62f0: *00007df5433c0000-00007df5433c0fff 0x0002/0x0002 0x0040000
2813570.62f0: 00007df5433c1000-00007df5433cffff 0x0001/0x0000 0x0000000
2823570.62f0: *00007df5433d0000-00007df544d8afff 0x0000/0x0001 0x0040000
2833570.62f0: 00007df544d8b000-00007df544e13fff 0x0001/0x0001 0x0040000
2843570.62f0: 00007df544e14000-00007df5451c0fff 0x0000/0x0001 0x0040000
2853570.62f0: 00007df5451c1000-00007df5451c1fff 0x0001/0x0001 0x0040000
2863570.62f0: 00007df5451c2000-00007dfa271fdfff 0x0000/0x0001 0x0040000
2873570.62f0: 00007dfa271fe000-00007dfa271fefff 0x0002/0x0001 0x0040000
2883570.62f0: 00007dfa271ff000-00007ff523246fff 0x0000/0x0001 0x0040000
2893570.62f0: 00007ff523247000-00007ff52324bfff 0x0002/0x0001 0x0040000
2903570.62f0: 00007ff52324c000-00007ff53a0e3fff 0x0000/0x0001 0x0040000
2913570.62f0: 00007ff53a0e4000-00007ff53e36bfff 0x0001/0x0001 0x0040000
2923570.62f0: 00007ff53e36c000-00007ff53e36cfff 0x0002/0x0001 0x0040000
2933570.62f0: 00007ff53e36d000-00007ff53e7acfff 0x0001/0x0001 0x0040000
2943570.62f0: 00007ff53e7ad000-00007ff53e7adfff 0x0002/0x0001 0x0040000
2953570.62f0: 00007ff53e7ae000-00007ff53f2cffff 0x0001/0x0001 0x0040000
2963570.62f0: 00007ff53f2d0000-00007ff53f2defff 0x0002/0x0001 0x0040000
2973570.62f0: 00007ff53f2df000-00007ff53f2e9fff 0x0001/0x0001 0x0040000
2983570.62f0: 00007ff53f2ea000-00007ff53f2edfff 0x0002/0x0001 0x0040000
2993570.62f0: 00007ff53f2ee000-00007ff53f367fff 0x0001/0x0001 0x0040000
3003570.62f0: 00007ff53f368000-00007ff53f371fff 0x0002/0x0001 0x0040000
3013570.62f0: 00007ff53f372000-00007ff5433cffff 0x0000/0x0001 0x0040000
3023570.62f0: 00007ff5433d0000-00007ff7f9dbffff 0x0001/0x0000 0x0000000
3033570.62f0: *00007ff7f9dc0000-00007ff7f9dc0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3043570.62f0: 00007ff7f9dc1000-00007ff7f9e2afff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3053570.62f0: 00007ff7f9e2b000-00007ff7f9e2bfff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3063570.62f0: 00007ff7f9e2c000-00007ff7f9e7efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3073570.62f0: 00007ff7f9e7f000-00007ff7f9e81fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3083570.62f0: 00007ff7f9e82000-00007ff7f9e84fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3093570.62f0: 00007ff7f9e85000-00007ff7f9e87fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3103570.62f0: 00007ff7f9e88000-00007ff7f9e88fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3113570.62f0: 00007ff7f9e89000-00007ff7f9e8afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3123570.62f0: 00007ff7f9e8b000-00007ff7f9e8bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3133570.62f0: 00007ff7f9e8c000-00007ff7f9ed3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3143570.62f0: 00007ff7f9ed4000-00007ffebe71ffff 0x0001/0x0000 0x0000000
3153570.62f0: *00007ffebe720000-00007ffebe72ffff 0x0020/0x0040 0x0020000 !!
3163570.62f0: 00007ffebe730000-00007ffecf75ffff 0x0001/0x0000 0x0000000
3173570.62f0: *00007ffecf760000-00007ffecf760fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Avast Software\Avast\aswhook.dll
3183570.62f0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffecf760000 LB 0x1000 (base 00007ffecf760000) - 'aswhook.dll'
3193570.62f0: 00007ffecf761000-00007ffecf76afff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Avast Software\Avast\aswhook.dll
3203570.62f0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffecf761000 LB 0xa000 (base 00007ffecf760000) - 'aswhook.dll'
3213570.62f0: 00007ffecf76b000-00007ffecf76dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Avast Software\Avast\aswhook.dll
3223570.62f0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffecf76b000 LB 0x3000 (base 00007ffecf760000) - 'aswhook.dll'
3233570.62f0: 00007ffecf76e000-00007ffecf76ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Avast Software\Avast\aswhook.dll
3243570.62f0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffecf76e000 LB 0x2000 (base 00007ffecf760000) - 'aswhook.dll'
3253570.62f0: 00007ffecf770000-00007ffecf773fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Avast Software\Avast\aswhook.dll
3263570.62f0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffecf770000 LB 0x4000 (base 00007ffecf760000) - 'aswhook.dll'
3273570.62f0: 00007ffecf774000-00007ffecf774fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Avast Software\Avast\aswhook.dll
3283570.62f0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffecf774000 LB 0x1000 (base 00007ffecf760000) - 'aswhook.dll'
3293570.62f0: 00007ffecf775000-00007ffecf776fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Avast Software\Avast\aswhook.dll
3303570.62f0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffecf775000 LB 0x2000 (base 00007ffecf760000) - 'aswhook.dll'
3313570.62f0: 00007ffecf777000-00007ffefbffffff 0x0001/0x0000 0x0000000
3323570.62f0: *00007ffefc000000-00007ffefc000fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\KernelBase.dll
3333570.62f0: 00007ffefc001000-00007ffefc189fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\KernelBase.dll
3343570.62f0: 00007ffefc18a000-00007ffefc34bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\KernelBase.dll
3353570.62f0: 00007ffefc34c000-00007ffefc350fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\KernelBase.dll
3363570.62f0: 00007ffefc351000-00007ffefc39bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\KernelBase.dll
3373570.62f0: 00007ffefc39c000-00007ffefc67ffff 0x0001/0x0000 0x0000000
3383570.62f0: *00007ffefc680000-00007ffefc680fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\kernel32.dll
3393570.62f0: 00007ffefc681000-00007ffefc701fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\kernel32.dll
3403570.62f0: 00007ffefc702000-00007ffefc737fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\kernel32.dll
3413570.62f0: 00007ffefc738000-00007ffefc738fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\kernel32.dll
3423570.62f0: 00007ffefc739000-00007ffefc739fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\kernel32.dll
3433570.62f0: 00007ffefc73a000-00007ffefc742fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\kernel32.dll
3443570.62f0: 00007ffefc743000-00007ffefe62ffff 0x0001/0x0000 0x0000000
3453570.62f0: *00007ffefe630000-00007ffefe630fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
3463570.62f0: 00007ffefe631000-00007ffefe760fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
3473570.62f0: 00007ffefe761000-00007ffefe7adfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
3483570.62f0: 00007ffefe7ae000-00007ffefe7aefff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
3493570.62f0: 00007ffefe7af000-00007ffefe7b0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
3503570.62f0: 00007ffefe7b1000-00007ffefe7b9fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
3513570.62f0: 00007ffefe7ba000-00007ffefe843fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
3523570.62f0: 00007ffefe844000-00007ffffffeffff 0x0001/0x0000 0x0000000
3533570.62f0: kernel32.dll: timestamp 0xc8f98068 (rc=VINF_SUCCESS)
3543570.62f0: kernelbase.dll: timestamp 0xfaa44dd0 (rc=VINF_SUCCESS)
3553570.62f0: VirtualBoxVM.exe: timestamp 0x63bee674 (rc=VINF_SUCCESS)
3563570.62f0: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
3573570.62f0: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
3583570.62f0: VirtualBoxVM.exe: Differences in section #7 (.00cfg) between file and memory:
3593570.62f0: 00007ff7f9e93000 / 0x00d3000: 00 != f0
3603570.62f0: 00007ff7f9e93001 / 0x00d3001: 0d != ea
3613570.62f0: 00007ff7f9e93002 / 0x00d3002: de != 6b
3623570.62f0: 00007ff7f9e93003 / 0x00d3003: f9 != fe
3633570.62f0: 00007ff7f9e93004 / 0x00d3004: f7 != fe
3643570.62f0: 00007ff7f9e93008 / 0x00d3008: 00 != f0
3653570.62f0: 00007ff7f9e93009 / 0x00d3009: 0d != ea
3663570.62f0: 00007ff7f9e9300a / 0x00d300a: de != 6b
3673570.62f0: 00007ff7f9e9300b / 0x00d300b: f9 != fe
3683570.62f0: 00007ff7f9e9300c / 0x00d300c: f7 != fe
3693570.62f0: 00007ff7f9e93010 / 0x00d3010: 40 != 30
3703570.62f0: 00007ff7f9e93011 / 0x00d3011: ab != ec
3713570.62f0: 00007ff7f9e93012 / 0x00d3012: e2 != 6b
3723570.62f0: 00007ff7f9e93013 / 0x00d3013: f9 != fe
3733570.62f0: 00007ff7f9e93014 / 0x00d3014: f7 != fe
3743570.62f0: 00007ff7f9e93018 / 0x00d3018: 60 != 30
3753570.62f0: 00007ff7f9e93019 / 0x00d3019: ab != ec
3763570.62f0: 00007ff7f9e9301a / 0x00d301a: e2 != 6b
3773570.62f0: 00007ff7f9e9301b / 0x00d301b: f9 != fe
3783570.62f0: 00007ff7f9e9301c / 0x00d301c: f7 != fe
3793570.62f0: 00007ff7f9e93020 / 0x00d3020: 60 != 30
3803570.62f0: 00007ff7f9e93021 / 0x00d3021: ab != ec
3813570.62f0: 00007ff7f9e93022 / 0x00d3022: e2 != 6b
3823570.62f0: 00007ff7f9e93023 / 0x00d3023: f9 != fe
3833570.62f0: 00007ff7f9e93024 / 0x00d3024: f7 != fe
3843570.62f0: Restored 0x28 bytes of original file content at 00007ff7f9e93000
3853570.62f0: VirtualBoxVM.exe: Differences in section #8 (.rsrc) between file and memory:
3863570.62f0: 00007ff7f9ed25f4 / 0x01125f4: 00 != 50
3873570.62f0: 00007ff7f9ed25f5 / 0x01125f5: 00 != 41
3883570.62f0: 00007ff7f9ed25f6 / 0x01125f6: 00 != 44
3893570.62f0: 00007ff7f9ed25f7 / 0x01125f7: 00 != 44
3903570.62f0: 00007ff7f9ed25f8 / 0x01125f8: 00 != 49
3913570.62f0: 00007ff7f9ed25f9 / 0x01125f9: 00 != 4e
3923570.62f0: 00007ff7f9ed25fa / 0x01125fa: 00 != 47
3933570.62f0: 00007ff7f9ed25fb / 0x01125fb: 00 != 58
3943570.62f0: 00007ff7f9ed25fc / 0x01125fc: 00 != 58
3953570.62f0: 00007ff7f9ed25fd / 0x01125fd: 00 != 50
3963570.62f0: 00007ff7f9ed25fe / 0x01125fe: 00 != 41
3973570.62f0: 00007ff7f9ed25ff / 0x01125ff: 00 != 44
3983570.62f0: Restored 0xa0c bytes of original file content at 00007ff7f9ed25f4
3993570.62f0: '\Device\HarddiskVolume5\Windows\System32\ntdll.dll' has no imports
4003570.62f0: ntdll.dll: Differences in section #1 (.text) between file and memory:
4013570.62f0: 00007ffefe64ed70 / 0x001ed70: 48 != e9
4023570.62f0: 00007ffefe64ed71 / 0x001ed71: 89 != 63
4033570.62f0: 00007ffefe64ed72 / 0x001ed72: 5c != 14
4043570.62f0: 00007ffefe64ed73 / 0x001ed73: 24 != 0d
4053570.62f0: 00007ffefe64ed74 / 0x001ed74: 08 != c0
4063570.62f0: 00007ffefe64ed75 / 0x001ed75: 48 != cc
4073570.62f0: 00007ffefe64ed76 / 0x001ed76: 89 != cc
4083570.62f0: 00007ffefe64ed77 / 0x001ed77: 74 != cc
4093570.62f0: 00007ffefe64ed78 / 0x001ed78: 24 != cc
4103570.62f0: 00007ffefe64ed79 / 0x001ed79: 20 != cc
4113570.62f0: Restored 0x2000 bytes of original file content at 00007ffefe64d000
4123570.62f0: ntdll.dll: Differences in section #1 (.text) between file and memory:
4133570.62f0: 00007ffefe65a8a0 / 0x002a8a0: 48 != e9
4143570.62f0: 00007ffefe65a8a1 / 0x002a8a1: 89 != 93
4153570.62f0: 00007ffefe65a8a2 / 0x002a8a2: 5c != 59
4163570.62f0: 00007ffefe65a8a3 / 0x002a8a3: 24 != 0c
4173570.62f0: 00007ffefe65a8a4 / 0x002a8a4: 10 != c0
4183570.62f0: 00007ffefe65a8a5 / 0x002a8a5: 56 != cc
4193570.62f0: Restored 0x2000 bytes of original file content at 00007ffefe659000
4203570.62f0: ntdll.dll: Differences in section #1 (.text) between file and memory:
4213570.62f0: 00007ffefe731370 / 0x0101370: 48 != e9
4223570.62f0: 00007ffefe731371 / 0x0101371: 89 != 03
4233570.62f0: 00007ffefe731372 / 0x0101372: 5c != ee
4243570.62f0: 00007ffefe731373 / 0x0101373: 24 != fe
4253570.62f0: 00007ffefe731374 / 0x0101374: 08 != bf
4263570.62f0: 00007ffefe731375 / 0x0101375: 48 != cc
4273570.62f0: 00007ffefe731376 / 0x0101376: 89 != cc
4283570.62f0: 00007ffefe731377 / 0x0101377: 74 != cc
4293570.62f0: 00007ffefe731378 / 0x0101378: 24 != cc
4303570.62f0: 00007ffefe731379 / 0x0101379: 10 != cc
4313570.62f0: Restored 0x2000 bytes of original file content at 00007ffefe730e7e
4323570.62f0: ntdll.dll: Differences in section #9 (.00cfg) between file and memory:
4333570.62f0: 00007ffefe7cd000 / 0x019d000: b0 != 30
4343570.62f0: 00007ffefe7cd001 / 0x019d001: 2a != ec
4353570.62f0: 00007ffefe7cd002 / 0x019d002: 6d != 6b
4363570.62f0: 00007ffefe7cd008 / 0x019d008: e0 != f0
4373570.62f0: 00007ffefe7cd009 / 0x019d009: e9 != ea
4383570.62f0: 00007ffefe7cd010 / 0x019d010: d0 != 30
4393570.62f0: 00007ffefe7cd011 / 0x019d011: 2a != ec
4403570.62f0: 00007ffefe7cd012 / 0x019d012: 6d != 6b
4413570.62f0: 00007ffefe7cd018 / 0x019d018: d0 != 30
4423570.62f0: 00007ffefe7cd019 / 0x019d019: 2a != ec
4433570.62f0: 00007ffefe7cd01a / 0x019d01a: 6d != 6b
4443570.62f0: Restored 0x28 bytes of original file content at 00007ffefe7cd000
4453570.62f0: kernel32.dll: Differences in section #2 (.rdata) between file and memory:
4463570.62f0: 00007ffefc706568 / 0x0086568: 80 != f0
4473570.62f0: 00007ffefc706569 / 0x0086569: 02 != ea
4483570.62f0: 00007ffefc70656a / 0x008656a: 6a != 6b
4493570.62f0: 00007ffefc70656b / 0x008656b: fc != fe
4503570.62f0: 00007ffefc706570 / 0x0086570: 90 != 30
4513570.62f0: 00007ffefc706571 / 0x0086571: 3f != ec
4523570.62f0: 00007ffefc706572 / 0x0086572: 6a != 6b
4533570.62f0: 00007ffefc706573 / 0x0086573: fc != fe
4543570.62f0: 00007ffefc706578 / 0x0086578: 80 != f0
4553570.62f0: 00007ffefc706579 / 0x0086579: 02 != ea
4563570.62f0: 00007ffefc70657a / 0x008657a: 6a != 6b
4573570.62f0: 00007ffefc70657b / 0x008657b: fc != fe
4583570.62f0: 00007ffefc706580 / 0x0086580: b0 != 30
4593570.62f0: 00007ffefc706581 / 0x0086581: 3f != ec
4603570.62f0: 00007ffefc706582 / 0x0086582: 6a != 6b
4613570.62f0: 00007ffefc706583 / 0x0086583: fc != fe
4623570.62f0: 00007ffefc706588 / 0x0086588: b0 != 30
4633570.62f0: 00007ffefc706589 / 0x0086589: 3f != ec
4643570.62f0: 00007ffefc70658a / 0x008658a: 6a != 6b
4653570.62f0: 00007ffefc70658b / 0x008658b: fc != fe
4663570.62f0: Restored 0x2000 bytes of original file content at 00007ffefc706000
4673570.62f0: kernelbase.dll: Differences in section #2 (.rdata) between file and memory:
4683570.62f0: 00007ffefc259820 / 0x0259820: e0 != f0
4693570.62f0: 00007ffefc259821 / 0x0259821: e6 != ea
4703570.62f0: 00007ffefc259822 / 0x0259822: 0b != 6b
4713570.62f0: 00007ffefc259823 / 0x0259823: fc != fe
4723570.62f0: 00007ffefc259828 / 0x0259828: 90 != 30
4733570.62f0: 00007ffefc259829 / 0x0259829: ea != ec
4743570.62f0: 00007ffefc25982a / 0x025982a: 0b != 6b
4753570.62f0: 00007ffefc25982b / 0x025982b: fc != fe
4763570.62f0: 00007ffefc259830 / 0x0259830: e0 != f0
4773570.62f0: 00007ffefc259831 / 0x0259831: e6 != ea
4783570.62f0: 00007ffefc259832 / 0x0259832: 0b != 6b
4793570.62f0: 00007ffefc259833 / 0x0259833: fc != fe
4803570.62f0: 00007ffefc259838 / 0x0259838: b0 != 30
4813570.62f0: 00007ffefc259839 / 0x0259839: ea != ec
4823570.62f0: 00007ffefc25983a / 0x025983a: 0b != 6b
4833570.62f0: 00007ffefc25983b / 0x025983b: fc != fe
4843570.62f0: 00007ffefc259840 / 0x0259840: b0 != 30
4853570.62f0: 00007ffefc259841 / 0x0259841: ea != ec
4863570.62f0: 00007ffefc259842 / 0x0259842: 0b != 6b
4873570.62f0: 00007ffefc259843 / 0x0259843: fc != fe
4883570.62f0: Restored 0x2000 bytes of original file content at 00007ffefc258000
4893570.62f0: supHardNtVpCheckHandles:
4903570.62f0: supR3HardenedWinInit: SUPHARDNTVPKIND_SELF_PURIFICATION_LIMITED -> VINF_SUCCESS, cFixes=8
4913570.62f0: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
4923570.62f0: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
4933570.62f0: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
4943570.62f0: supR3HardNtEnableThreadCreationEx:
4953570.62f0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffefe6a3e50 pvNtTerminateThread=00007ffefe6cf850
4963570.62f0: supR3HardenedWinDoReSpawn(1): New child 3d18.6634 [kernel32].
4973570.62f0: supR3HardNtChildGatherData: PebBaseAddress=000000bd4cbd3000 cbPeb=0x388
4983570.62f0: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffefe630000 uNtDllChildAddr=00007ffefe630000
4993570.62f0: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffefe6a3e50
5003570.62f0: supR3HardenedWinSetupChildInit: Initial context:
501 rax=0000000000000000 rbx=0000000000000000 rcx=00007ff7f9dcb7a0 rdx=000000bd4cbd3000
502 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
503 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
504 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
505 rip=00007ffefe68df90 rsp=000000bd4ccffa48 rbp=0000000000000000 ctxflags=0010001b
506 cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
507 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
508 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
509 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
510 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
5113570.62f0: supR3HardenedWinSetupChildInit: Start child.
5123570.62f0: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms.
5133570.62f0: supR3HardNtChildPurify: Startup delay kludge #1/0: 518 ms, 60 sleeps
5143570.62f0: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
5153570.62f0: *0000000000000000-000000007ffdffff 0x0001/0x0000 0x0000000
5163570.62f0: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
5173570.62f0: 000000007ffe1000-000000007ffebfff 0x0001/0x0000 0x0000000
5183570.62f0: *000000007ffec000-000000007ffecfff 0x0002/0x0002 0x0020000
5193570.62f0: 000000007ffed000-000000bd4c9fffff 0x0001/0x0000 0x0000000
5203570.62f0: *000000bd4ca00000-000000bd4cbd2fff 0x0000/0x0004 0x0020000
5213570.62f0: 000000bd4cbd3000-000000bd4cbd5fff 0x0004/0x0004 0x0020000
5223570.62f0: 000000bd4cbd6000-000000bd4cbfffff 0x0000/0x0004 0x0020000
5233570.62f0: *000000bd4cc00000-000000bd4ccfafff 0x0000/0x0004 0x0020000
5243570.62f0: 000000bd4ccfb000-000000bd4ccfdfff 0x0104/0x0004 0x0020000
5253570.62f0: 000000bd4ccfe000-000000bd4ccfffff 0x0004/0x0004 0x0020000
5263570.62f0: 000000bd4cd00000-0000028f3cd1ffff 0x0001/0x0000 0x0000000
5273570.62f0: *0000028f3cd20000-0000028f3cd3ffff 0x0004/0x0004 0x0020000
5283570.62f0: *0000028f3cd40000-0000028f3cd5efff 0x0002/0x0002 0x0040000
5293570.62f0: 0000028f3cd5f000-0000028f3cd5ffff 0x0001/0x0000 0x0000000
5303570.62f0: *0000028f3cd60000-0000028f3cd60fff 0x0020/0x0020 0x0040000 !!
5313570.62f0: supHardNtVpScanVirtualMemory: Unmapping exec mem at 0000028f3cd60000 (0000028f3cd60000/0000028f3cd60000 LB 0x1000)
5323570.62f0: 0000028f3cd61000-0000028f3cd6ffff 0x0001/0x0000 0x0000000
5333570.62f0: *0000028f3cd70000-0000028f3cd73fff 0x0002/0x0002 0x0040000
5343570.62f0: 0000028f3cd74000-0000028f3cd7ffff 0x0001/0x0000 0x0000000
5353570.62f0: *0000028f3cd80000-0000028f3cd80fff 0x0002/0x0002 0x0040000
5363570.62f0: 0000028f3cd81000-0000028f3cd8ffff 0x0001/0x0000 0x0000000
5373570.62f0: *0000028f3cd90000-0000028f3cd91fff 0x0004/0x0004 0x0020000
5383570.62f0: 0000028f3cd92000-00007df5b35affff 0x0001/0x0000 0x0000000
5393570.62f0: *00007df5b35b0000-00007df5b35b0fff 0x0002/0x0002 0x0040000
5403570.62f0: 00007df5b35b1000-00007df5b35bffff 0x0001/0x0000 0x0000000
5413570.62f0: *00007df5b35c0000-00007df5b4f7afff 0x0000/0x0001 0x0040000
5423570.62f0: 00007df5b4f7b000-00007df5b5003fff 0x0001/0x0001 0x0040000
5433570.62f0: 00007df5b5004000-00007df5b53b0fff 0x0000/0x0001 0x0040000
5443570.62f0: 00007df5b53b1000-00007df5b53b1fff 0x0001/0x0001 0x0040000
5453570.62f0: 00007df5b53b2000-00007dfff04f4fff 0x0000/0x0001 0x0040000
5463570.62f0: 00007dfff04f5000-00007dfff04f5fff 0x0002/0x0001 0x0040000
5473570.62f0: 00007dfff04f6000-00007ff593436fff 0x0000/0x0001 0x0040000
5483570.62f0: 00007ff593437000-00007ff59343bfff 0x0002/0x0001 0x0040000
5493570.62f0: 00007ff59343c000-00007ff5aa2d3fff 0x0000/0x0001 0x0040000
5503570.62f0: 00007ff5aa2d4000-00007ff5af557fff 0x0001/0x0001 0x0040000
5513570.62f0: 00007ff5af558000-00007ff5af561fff 0x0002/0x0001 0x0040000
5523570.62f0: 00007ff5af562000-00007ff5b35bffff 0x0000/0x0001 0x0040000
5533570.62f0: 00007ff5b35c0000-00007ff7f9dbffff 0x0001/0x0000 0x0000000
5543570.62f0: *00007ff7f9dc0000-00007ff7f9dc0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
5553570.62f0: 00007ff7f9dc1000-00007ff7f9e2afff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
5563570.62f0: 00007ff7f9e2b000-00007ff7f9e2bfff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
5573570.62f0: 00007ff7f9e2c000-00007ff7f9e7efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
5583570.62f0: 00007ff7f9e7f000-00007ff7f9e7ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
5593570.62f0: 00007ff7f9e80000-00007ff7f9e80fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
5603570.62f0: 00007ff7f9e81000-00007ff7f9e85fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
5613570.62f0: 00007ff7f9e86000-00007ff7f9e8bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
5623570.62f0: 00007ff7f9e8c000-00007ff7f9ed3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
5633570.62f0: 00007ff7f9ed4000-00007ffefe62ffff 0x0001/0x0000 0x0000000
5643570.62f0: *00007ffefe630000-00007ffefe630fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
5653570.62f0: 00007ffefe631000-00007ffefe760fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
5663570.62f0: 00007ffefe761000-00007ffefe7adfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
5673570.62f0: 00007ffefe7ae000-00007ffefe7b9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
5683570.62f0: 00007ffefe7ba000-00007ffefe7c8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
5693570.62f0: 00007ffefe7c9000-00007ffefe7c9fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
5703570.62f0: 00007ffefe7ca000-00007ffefe7ccfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
5713570.62f0: 00007ffefe7cd000-00007ffefe843fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
5723570.62f0: 00007ffefe844000-00007ffffffeffff 0x0001/0x0000 0x0000000
5733570.62f0: VirtualBoxVM.exe: Differences in section #8 (.rsrc) between file and memory:
5743570.62f0: 00007ff7f9ed25f4 / 0x01125f4: 00 != 50
5753570.62f0: 00007ff7f9ed25f5 / 0x01125f5: 00 != 41
5763570.62f0: 00007ff7f9ed25f6 / 0x01125f6: 00 != 44
5773570.62f0: 00007ff7f9ed25f7 / 0x01125f7: 00 != 44
5783570.62f0: 00007ff7f9ed25f8 / 0x01125f8: 00 != 49
5793570.62f0: 00007ff7f9ed25f9 / 0x01125f9: 00 != 4e
5803570.62f0: 00007ff7f9ed25fa / 0x01125fa: 00 != 47
5813570.62f0: 00007ff7f9ed25fb / 0x01125fb: 00 != 58
5823570.62f0: 00007ff7f9ed25fc / 0x01125fc: 00 != 58
5833570.62f0: 00007ff7f9ed25fd / 0x01125fd: 00 != 50
5843570.62f0: 00007ff7f9ed25fe / 0x01125fe: 00 != 41
5853570.62f0: 00007ff7f9ed25ff / 0x01125ff: 00 != 44
5863570.62f0: Restored 0xa0c bytes of original file content at 00007ff7f9ed25f4
5873570.62f0: supR3HardNtChildPurify: cFixes=2 g_fSupAdversaries=0x4
5883570.62f0: supR3HardNtChildPurify: Startup delay kludge #1/1: 513 ms, 59 sleeps
5893570.62f0: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
5903570.62f0: *0000000000000000-000000007ffdffff 0x0001/0x0000 0x0000000
5913570.62f0: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
5923570.62f0: 000000007ffe1000-000000007ffebfff 0x0001/0x0000 0x0000000
5933570.62f0: *000000007ffec000-000000007ffecfff 0x0002/0x0002 0x0020000
5943570.62f0: 000000007ffed000-000000bd4c9fffff 0x0001/0x0000 0x0000000
5953570.62f0: *000000bd4ca00000-000000bd4cbd2fff 0x0000/0x0004 0x0020000
5963570.62f0: 000000bd4cbd3000-000000bd4cbd5fff 0x0004/0x0004 0x0020000
5973570.62f0: 000000bd4cbd6000-000000bd4cbfffff 0x0000/0x0004 0x0020000
5983570.62f0: *000000bd4cc00000-000000bd4ccfafff 0x0000/0x0004 0x0020000
5993570.62f0: 000000bd4ccfb000-000000bd4ccfdfff 0x0104/0x0004 0x0020000
6003570.62f0: 000000bd4ccfe000-000000bd4ccfffff 0x0004/0x0004 0x0020000
6013570.62f0: 000000bd4cd00000-0000028f3cd1ffff 0x0001/0x0000 0x0000000
6023570.62f0: *0000028f3cd20000-0000028f3cd3ffff 0x0004/0x0004 0x0020000
6033570.62f0: *0000028f3cd40000-0000028f3cd5efff 0x0002/0x0002 0x0040000
6043570.62f0: 0000028f3cd5f000-0000028f3cd6ffff 0x0001/0x0000 0x0000000
6053570.62f0: *0000028f3cd70000-0000028f3cd73fff 0x0002/0x0002 0x0040000
6063570.62f0: 0000028f3cd74000-0000028f3cd7ffff 0x0001/0x0000 0x0000000
6073570.62f0: *0000028f3cd80000-0000028f3cd80fff 0x0002/0x0002 0x0040000
6083570.62f0: 0000028f3cd81000-0000028f3cd8ffff 0x0001/0x0000 0x0000000
6093570.62f0: *0000028f3cd90000-0000028f3cd91fff 0x0004/0x0004 0x0020000
6103570.62f0: 0000028f3cd92000-00007df5b35affff 0x0001/0x0000 0x0000000
6113570.62f0: *00007df5b35b0000-00007df5b35b0fff 0x0002/0x0002 0x0040000
6123570.62f0: 00007df5b35b1000-00007df5b35bffff 0x0001/0x0000 0x0000000
6133570.62f0: *00007df5b35c0000-00007df5b4f7afff 0x0000/0x0001 0x0040000
6143570.62f0: 00007df5b4f7b000-00007df5b5003fff 0x0001/0x0001 0x0040000
6153570.62f0: 00007df5b5004000-00007df5b53b0fff 0x0000/0x0001 0x0040000
6163570.62f0: 00007df5b53b1000-00007df5b53b1fff 0x0001/0x0001 0x0040000
6173570.62f0: 00007df5b53b2000-00007dfff04f4fff 0x0000/0x0001 0x0040000
6183570.62f0: 00007dfff04f5000-00007dfff04f5fff 0x0002/0x0001 0x0040000
6193570.62f0: 00007dfff04f6000-00007ff593436fff 0x0000/0x0001 0x0040000
6203570.62f0: 00007ff593437000-00007ff59343bfff 0x0002/0x0001 0x0040000
6213570.62f0: 00007ff59343c000-00007ff5aa2d3fff 0x0000/0x0001 0x0040000
6223570.62f0: 00007ff5aa2d4000-00007ff5af557fff 0x0001/0x0001 0x0040000
6233570.62f0: 00007ff5af558000-00007ff5af561fff 0x0002/0x0001 0x0040000
6243570.62f0: 00007ff5af562000-00007ff5b35bffff 0x0000/0x0001 0x0040000
6253570.62f0: 00007ff5b35c0000-00007ff7f9dbffff 0x0001/0x0000 0x0000000
6263570.62f0: *00007ff7f9dc0000-00007ff7f9dc0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
6273570.62f0: 00007ff7f9dc1000-00007ff7f9e2afff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
6283570.62f0: 00007ff7f9e2b000-00007ff7f9e2bfff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
6293570.62f0: 00007ff7f9e2c000-00007ff7f9e7efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
6303570.62f0: 00007ff7f9e7f000-00007ff7f9e8bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
6313570.62f0: 00007ff7f9e8c000-00007ff7f9ed3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
6323570.62f0: 00007ff7f9ed4000-00007ffefe62ffff 0x0001/0x0000 0x0000000
6333570.62f0: *00007ffefe630000-00007ffefe630fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
6343570.62f0: 00007ffefe631000-00007ffefe760fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
6353570.62f0: 00007ffefe761000-00007ffefe7adfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
6363570.62f0: 00007ffefe7ae000-00007ffefe7b1fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
6373570.62f0: 00007ffefe7b2000-00007ffefe7b9fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
6383570.62f0: 00007ffefe7ba000-00007ffefe7c8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
6393570.62f0: 00007ffefe7c9000-00007ffefe7c9fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
6403570.62f0: 00007ffefe7ca000-00007ffefe7ccfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
6413570.62f0: 00007ffefe7cd000-00007ffefe843fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
6423570.62f0: 00007ffefe844000-00007ffffffeffff 0x0001/0x0000 0x0000000
6433570.62f0: supR3HardNtChildPurify: Done after 1039 ms and 2 fixes (loop #1).
6443d18.6634: supR3HardenedVmProcessInit: uNtDllAddr=00007ffefe630000 g_uNtVerCombined=0xa0585d00 (stack ~000000bd4ccfe810)
6453d18.6634: ntdll.dll: timestamp 0xa97a9ed6 (rc=VINF_SUCCESS)
6463d18.6634: New simple heap: #1 0000028f3cea0000 LB 0x800000 (for 2179072 allocation)
6473570.62f0: supR3HardNtEnableThreadCreationEx:
6483d18.6634: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
6493d18.6634: System32: \Device\HarddiskVolume5\Windows\System32
6503d18.6634: WinSxS: \Device\HarddiskVolume5\Windows\WinSxS
6513d18.6634: KnownDllPath: C:\WINDOWS\System32
6523d18.6634: supR3HardenedVmProcessInit: Opening vboxsup stub...
6533d18.6634: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
6543d18.6634: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
6553d18.6634: Registered Dll notification callback with NTDLL.
6563d18.6634: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\kernel32.dll)
6573d18.6634: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\kernel32.dll
6583d18.6634: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
6593d18.6634: supR3HardenedMonitor_KiUserApcDispatcher_C: pfnRoutine=0000028f3cd60088 enmState=3 -> supR3HardenedWinDummyApcRoutine
6603d18.6634: supR3HardenedWinDummyApcRoutine: pvArg1=0000028f3cd60000 pvArg2=0000000000000000 pvArg3=0000000000000000
6613d18.6634: supR3HardenedDllNotificationCallback: load 00007ffefc000000 LB 0x0039c000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
6623d18.6634: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\KernelBase.dll)
6633d18.6634: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\KernelBase.dll
6643d18.6634: supR3HardenedDllNotificationCallback: load 00007ffefc680000 LB 0x000c3000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
6653d18.6634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
6663d18.6634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc680000 'C:\WINDOWS\System32\KERNEL32.DLL'
6673d18.6634: supR3HardenedDllNotificationCallback: load 00007ff7f9dc0000 LB 0x00114000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
6683d18.6634: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
6693d18.6634: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
6703d18.6634: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
6713d18.6634: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
6723d18.6634: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffefe6a3e50 pvNtTerminateThread=00007ffefe6cf850
6733570.62f0: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 82 ms.
6743d18.6634: \SystemRoot\System32\ntdll.dll:
6753d18.6634: CreationTime: 2022-11-30T10:47:54.611997200Z
6763d18.6634: LastWriteTime: 2022-11-30T10:47:54.653518800Z
6773d18.6634: ChangeTime: 2023-01-23T07:55:09.766507900Z
6783d18.6634: FileAttributes: 0x20
6793d18.6634: Size: 0x212f88
6803d18.6634: NT Headers: 0xe0
6813d18.6634: Timestamp: 0xa97a9ed6
6823d18.6634: Machine: 0x8664 - amd64
6833d18.6634: Timestamp: 0xa97a9ed6
6843d18.6634: Image Version: 10.0
6853d18.6634: SizeOfImage: 0x214000 (2179072)
6863d18.6634: Resource Dir: 0x19e000 LB 0x747c8
6873d18.6634: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
6883d18.6634: [Raw version resource data: 0x19e0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
6893d18.6634: ProductName: Microsoft® Windows® Operating System
6903d18.6634: ProductVersion: 10.0.22621.900
6913d18.6634: FileVersion: 10.0.22621.900 (WinBuild.160101.0800)
6923d18.6634: FileDescription: NT Layer DLL
6933d18.6634: \SystemRoot\System32\kernel32.dll:
6943d18.6634: CreationTime: 2023-01-23T07:54:28.266970200Z
6953d18.6634: LastWriteTime: 2023-01-23T07:54:28.287808400Z
6963d18.6634: ChangeTime: 2023-01-23T08:05:41.567673000Z
6973d18.6634: FileAttributes: 0x20
6983d18.6634: Size: 0xc6118
6993d18.6634: NT Headers: 0xe8
7003d18.6634: Timestamp: 0xc8f98068
7013d18.6634: Machine: 0x8664 - amd64
7023d18.6634: Timestamp: 0xc8f98068
7033d18.6634: Image Version: 10.0
7043d18.6634: SizeOfImage: 0xc3000 (798720)
7053d18.6634: Resource Dir: 0xc1000 LB 0x520
7063d18.6634: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
7073d18.6634: [Raw version resource data: 0xc10b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
7083d18.6634: ProductName: Microsoft® Windows® Operating System
7093d18.6634: ProductVersion: 10.0.22621.1192
7103d18.6634: FileVersion: 10.0.22621.1192 (WinBuild.160101.0800)
7113d18.6634: FileDescription: Windows NT BASE API Client DLL
7123d18.6634: \SystemRoot\System32\KernelBase.dll:
7133d18.6634: CreationTime: 2023-01-23T07:54:30.948765300Z
7143d18.6634: LastWriteTime: 2023-01-23T07:54:31.075418500Z
7153d18.6634: ChangeTime: 2023-01-23T08:05:41.614555000Z
7163d18.6634: FileAttributes: 0x20
7173d18.6634: Size: 0x3a3780
7183d18.6634: NT Headers: 0x100
7193d18.6634: Timestamp: 0xfaa44dd0
7203d18.6634: Machine: 0x8664 - amd64
7213d18.6634: Timestamp: 0xfaa44dd0
7223d18.6634: Image Version: 10.0
7233d18.6634: SizeOfImage: 0x39c000 (3784704)
7243d18.6634: Resource Dir: 0x36b000 LB 0x548
7253d18.6634: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
7263d18.6634: [Raw version resource data: 0x36b0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
7273d18.6634: ProductName: Microsoft® Windows® Operating System
7283d18.6634: ProductVersion: 10.0.22621.1192
7293d18.6634: FileVersion: 10.0.22621.1192 (WinBuild.160101.0800)
7303d18.6634: FileDescription: Windows NT BASE API Client DLL
7313d18.6634: \SystemRoot\System32\apisetschema.dll:
7323d18.6634: CreationTime: 2023-01-23T07:54:18.790267200Z
7333d18.6634: LastWriteTime: 2023-01-23T07:54:18.794216300Z
7343d18.6634: ChangeTime: 2023-01-23T08:04:45.040904700Z
7353d18.6634: FileAttributes: 0x20
7363d18.6634: Size: 0x24560
7373d18.6634: NT Headers: 0xc8
7383d18.6634: Timestamp: 0x845ac5a8
7393d18.6634: Machine: 0x8664 - amd64
7403d18.6634: Timestamp: 0x845ac5a8
7413d18.6634: Image Version: 10.0
7423d18.6634: SizeOfImage: 0x23000 (143360)
7433d18.6634: Resource Dir: 0x22000 LB 0x408
7443d18.6634: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
7453d18.6634: [Raw version resource data: 0x22060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
7463d18.6634: ProductName: Microsoft® Windows® Operating System
7473d18.6634: ProductVersion: 10.0.22621.1192
7483d18.6634: FileVersion: 10.0.22621.1192 (WinBuild.160101.0800)
7493d18.6634: FileDescription: ApiSet Schema DLL
7503d18.6634: NtOpenDirectoryObject failed on \Driver: 0xc0000022
7513d18.6634: supR3HardenedWinFindAdversaries: 0x4
7523d18.6634: \SystemRoot\System32\drivers\aswMonFlt.sys:
7533d18.6634: CreationTime: 2023-01-09T06:26:20.946486700Z
7543d18.6634: LastWriteTime: 2023-01-09T06:26:17.918675600Z
7553d18.6634: ChangeTime: 2023-01-09T06:26:17.918675600Z
7563d18.6634: FileAttributes: 0x20
7573d18.6634: Size: 0x41670
7583d18.6634: NT Headers: 0xe8
7593d18.6634: Timestamp: 0x6385db89
7603d18.6634: Machine: 0x8664 - amd64
7613d18.6634: Timestamp: 0x6385db89
7623d18.6634: Image Version: 10.0
7633d18.6634: SizeOfImage: 0x45000 (282624)
7643d18.6634: Resource Dir: 0x43000 LB 0x3a0
7653d18.6634: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
7663d18.6634: [Raw version resource data: 0x43060 LB 0x340, codepage 0x0 (reserved 0x0)]
7673d18.6634: ProductName: Avast Antivirus
7683d18.6634: ProductVersion: 22.12.474.0
7693d18.6634: FileVersion: 22.12.474.0
7703d18.6634: FileDescription: Avast File System Filter
7713d18.6634: \SystemRoot\System32\drivers\aswRdr2.sys:
7723d18.6634: CreationTime: 2023-01-09T06:26:20.944534900Z
7733d18.6634: LastWriteTime: 2023-01-09T06:26:17.879419200Z
7743d18.6634: ChangeTime: 2023-01-09T06:26:17.879419200Z
7753d18.6634: FileAttributes: 0x20
7763d18.6634: Size: 0x19b20
7773d18.6634: NT Headers: 0xe8
7783d18.6634: Timestamp: 0x6385db8a
7793d18.6634: Machine: 0x8664 - amd64
7803d18.6634: Timestamp: 0x6385db8a
7813d18.6634: Image Version: 10.0
7823d18.6634: SizeOfImage: 0x1b000 (110592)
7833d18.6634: Resource Dir: 0x19000 LB 0x388
7843d18.6634: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
7853d18.6634: [Raw version resource data: 0x19060 LB 0x324, codepage 0x0 (reserved 0x0)]
7863d18.6634: ProductName: Avast Antivirus
7873d18.6634: ProductVersion: 22.12.474.0
7883d18.6634: FileVersion: 22.12.474.0
7893d18.6634: FileDescription: Avast Antivirus
7903d18.6634: \SystemRoot\System32\drivers\aswRvrt.sys:
7913d18.6634: CreationTime: 2023-01-09T06:26:20.947463700Z
7923d18.6634: LastWriteTime: 2023-01-09T06:26:17.940251300Z
7933d18.6634: ChangeTime: 2023-01-09T06:26:17.940251300Z
7943d18.6634: FileAttributes: 0x20
7953d18.6634: Size: 0x139f8
7963d18.6634: NT Headers: 0xe8
7973d18.6634: Timestamp: 0x6385db88
7983d18.6634: Machine: 0x8664 - amd64
7993d18.6634: Timestamp: 0x6385db88
8003d18.6634: Image Version: 10.0
8013d18.6634: SizeOfImage: 0x13000 (77824)
8023d18.6634: Resource Dir: 0x11000 LB 0x380
8033d18.6634: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
8043d18.6634: [Raw version resource data: 0x11060 LB 0x320, codepage 0x0 (reserved 0x0)]
8053d18.6634: ProductName: Avast Antivirus
8063d18.6634: ProductVersion: 22.12.474.0
8073d18.6634: FileVersion: 22.12.474.0
8083d18.6634: FileDescription: Avast Revert
8093d18.6634: \SystemRoot\System32\drivers\aswSnx.sys:
8103d18.6634: CreationTime: 2023-01-09T06:26:20.939101300Z
8113d18.6634: LastWriteTime: 2023-01-09T06:26:12.663482100Z
8123d18.6634: ChangeTime: 2023-01-09T06:26:12.663482100Z
8133d18.6634: FileAttributes: 0x20
8143d18.6634: Size: 0xd0020
8153d18.6634: NT Headers: 0xf0
8163d18.6634: Timestamp: 0x6385dba5
8173d18.6634: Machine: 0x8664 - amd64
8183d18.6634: Timestamp: 0x6385dba5
8193d18.6634: Image Version: 10.0
8203d18.6634: SizeOfImage: 0xd0000 (851968)
8213d18.6634: Resource Dir: 0xcd000 LB 0x388
8223d18.6634: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
8233d18.6634: [Raw version resource data: 0xcd060 LB 0x324, codepage 0x0 (reserved 0x0)]
8243d18.6634: ProductName: Avast Antivirus
8253d18.6634: ProductVersion: 22.12.474.0
8263d18.6634: FileVersion: 22.12.474.0
8273d18.6634: FileDescription: Avast Antivirus
8283d18.6634: \SystemRoot\System32\drivers\aswsp.sys:
8293d18.6634: CreationTime: 2023-01-09T06:26:20.947463700Z
8303d18.6634: LastWriteTime: 2023-02-01T14:26:26.879778500Z
8313d18.6634: ChangeTime: 2023-02-01T14:26:26.879778500Z
8323d18.6634: FileAttributes: 0x20
8333d18.6634: Size: 0xa9cd0
8343d18.6634: NT Headers: 0xe8
8353d18.6634: Timestamp: 0x63d9172a
8363d18.6634: Machine: 0x8664 - amd64
8373d18.6634: Timestamp: 0x63d9172a
8383d18.6634: Image Version: 10.0
8393d18.6634: SizeOfImage: 0xac000 (704512)
8403d18.6634: Resource Dir: 0xa9000 LB 0x388
8413d18.6634: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
8423d18.6634: [Raw version resource data: 0xa9060 LB 0x328, codepage 0x0 (reserved 0x0)]
8433d18.6634: ProductName: Avast Antivirus
8443d18.6634: ProductVersion: 22.12.501.0
8453d18.6634: FileVersion: 22.12.501.0
8463d18.6634: FileDescription: Avast Self Protection
8473d18.6634: \SystemRoot\System32\drivers\aswStm.sys:
8483d18.6634: CreationTime: 2023-01-09T06:26:20.950392400Z
8493d18.6634: LastWriteTime: 2023-01-09T06:26:18.270876600Z
8503d18.6634: ChangeTime: 2023-01-09T06:26:18.270876600Z
8513d18.6634: FileAttributes: 0x20
8523d18.6634: Size: 0x33e98
8533d18.6634: NT Headers: 0xf0
8543d18.6634: Timestamp: 0x6385db9e
8553d18.6634: Machine: 0x8664 - amd64
8563d18.6634: Timestamp: 0x6385db9e
8573d18.6634: Image Version: 10.0
8583d18.6634: SizeOfImage: 0x35000 (217088)
8593d18.6634: Resource Dir: 0x33000 LB 0x390
8603d18.6634: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
8613d18.6634: [Raw version resource data: 0x33060 LB 0x32c, codepage 0x0 (reserved 0x0)]
8623d18.6634: ProductName: Avast Antivirus
8633d18.6634: ProductVersion: 22.12.474.0
8643d18.6634: FileVersion: 22.12.474.0
8653d18.6634: FileDescription: Avast Stream Filter
8663d18.6634: \SystemRoot\System32\drivers\aswVmm.sys:
8673d18.6634: CreationTime: 2023-01-09T06:26:20.951949700Z
8683d18.6634: LastWriteTime: 2023-01-09T06:26:19.193172200Z
8693d18.6634: ChangeTime: 2023-01-09T06:26:19.193172200Z
8703d18.6634: FileAttributes: 0x20
8713d18.6634: Size: 0x4dbf8
8723d18.6634: NT Headers: 0xf8
8733d18.6634: Timestamp: 0x6385db98
8743d18.6634: Machine: 0x8664 - amd64
8753d18.6634: Timestamp: 0x6385db98
8763d18.6634: Image Version: 10.0
8773d18.6634: SizeOfImage: 0x4c000 (311296)
8783d18.6634: Resource Dir: 0x4a000 LB 0x388
8793d18.6634: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
8803d18.6634: [Raw version resource data: 0x4a060 LB 0x328, codepage 0x0 (reserved 0x0)]
8813d18.6634: ProductName: Avast Antivirus
8823d18.6634: ProductVersion: 22.12.474.0
8833d18.6634: FileVersion: 22.12.474.0
8843d18.6634: FileDescription: Avast VM Monitor
8853d18.6634: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
8863d18.6634: Calling main()
8873d18.6634: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
8883d18.6634: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
8893d18.6634: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
8903d18.6634: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
8913d18.6634: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
8923d18.6634: SUPR3HardenedMain: Respawn #2
8933d18.6634: supR3HardNtEnableThreadCreationEx:
8943d18.6634: supR3HardenedDllNotificationCallback: load 00007ffefc8b0000 LB 0x000a4000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
8953d18.6634: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\sechost.dll)
8963d18.6634: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\sechost.dll
8973d18.6634: '\Device\HarddiskVolume5\Windows\System32\ntdll.dll' has no imports
8983d18.6634: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\ntdll.dll)
8993d18.6634: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\ntdll.dll
9003d18.6634: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
9013d18.6634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe630000 'C:\WINDOWS\System32\ntdll.dll'
9023d18.6634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\KernelBase.dll [lacks WinVerifyTrust]
9033d18.6634: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KernelBase.dll (Input=KernelBase, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
9043d18.6634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc000000 'C:\WINDOWS\System32\KernelBase.dll'
9053d18.6634: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffefe6a3e50 pvNtTerminateThread=00007ffefe6cf850
9063d18.6634: supR3HardenedWinDoReSpawn(2): New child 5b34.3c5c [kernel32].
9073d18.6634: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
9083d18.6634: supR3HardNtChildGatherData: PebBaseAddress=000000aa127d4000 cbPeb=0x388
9093d18.6634: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffefe630000 uNtDllChildAddr=00007ffefe630000
9103d18.6634: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffefe6a3e50
9113d18.6634: supR3HardenedWinSetupChildInit: Initial context:
912 rax=0000000000000000 rbx=0000000000000000 rcx=00007ff7f9dcb7a0 rdx=000000aa127d4000
913 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
914 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
915 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
916 rip=00007ffefe68df90 rsp=000000aa128ff868 rbp=0000000000000000 ctxflags=0010001b
917 cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
918 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
919 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
920 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
921 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
9223d18.6634: kernel32.dll: timestamp 0xc8f98068 (rc=VINF_SUCCESS)
9233d18.6634: supR3HardenedWinSetupChildInit: Start child.
9243d18.6634: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
9253d18.6634: supR3HardNtChildPurify: Startup delay kludge #1/0: 519 ms, 60 sleeps
9263d18.6634: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
9273d18.6634: *0000000000000000-000000007ffdffff 0x0001/0x0000 0x0000000
9283d18.6634: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
9293d18.6634: 000000007ffe1000-000000007ffebfff 0x0001/0x0000 0x0000000
9303d18.6634: *000000007ffec000-000000007ffecfff 0x0002/0x0002 0x0020000
9313d18.6634: 000000007ffed000-000000aa125fffff 0x0001/0x0000 0x0000000
9323d18.6634: *000000aa12600000-000000aa127d3fff 0x0000/0x0004 0x0020000
9333d18.6634: 000000aa127d4000-000000aa127d6fff 0x0004/0x0004 0x0020000
9343d18.6634: 000000aa127d7000-000000aa127fffff 0x0000/0x0004 0x0020000
9353d18.6634: *000000aa12800000-000000aa128fafff 0x0000/0x0004 0x0020000
9363d18.6634: 000000aa128fb000-000000aa128fdfff 0x0104/0x0004 0x0020000
9373d18.6634: 000000aa128fe000-000000aa128fffff 0x0004/0x0004 0x0020000
9383d18.6634: 000000aa12900000-0000028f0e63ffff 0x0001/0x0000 0x0000000
9393d18.6634: *0000028f0e640000-0000028f0e65ffff 0x0004/0x0004 0x0020000
9403d18.6634: *0000028f0e660000-0000028f0e67efff 0x0002/0x0002 0x0040000
9413d18.6634: 0000028f0e67f000-0000028f0e67ffff 0x0001/0x0000 0x0000000
9423d18.6634: *0000028f0e680000-0000028f0e680fff 0x0020/0x0020 0x0040000 !!
9433d18.6634: supHardNtVpScanVirtualMemory: Unmapping exec mem at 0000028f0e680000 (0000028f0e680000/0000028f0e680000 LB 0x1000)
9443d18.6634: 0000028f0e681000-0000028f0e68ffff 0x0001/0x0000 0x0000000
9453d18.6634: *0000028f0e690000-0000028f0e693fff 0x0002/0x0002 0x0040000
9463d18.6634: 0000028f0e694000-0000028f0e69ffff 0x0001/0x0000 0x0000000
9473d18.6634: *0000028f0e6a0000-0000028f0e6a0fff 0x0002/0x0002 0x0040000
9483d18.6634: 0000028f0e6a1000-0000028f0e6affff 0x0001/0x0000 0x0000000
9493d18.6634: *0000028f0e6b0000-0000028f0e6b1fff 0x0004/0x0004 0x0020000
9503d18.6634: 0000028f0e6b2000-00007df5acb1ffff 0x0001/0x0000 0x0000000
9513d18.6634: *00007df5acb20000-00007df5acb20fff 0x0002/0x0002 0x0040000
9523d18.6634: 00007df5acb21000-00007df5acb2ffff 0x0001/0x0000 0x0000000
9533d18.6634: *00007df5acb30000-00007df5ae4eafff 0x0000/0x0001 0x0040000
9543d18.6634: 00007df5ae4eb000-00007df5ae573fff 0x0001/0x0001 0x0040000
9553d18.6634: 00007df5ae574000-00007df5ae920fff 0x0000/0x0001 0x0040000
9563d18.6634: 00007df5ae921000-00007df5ae921fff 0x0001/0x0001 0x0040000
9573d18.6634: 00007df5ae922000-00007dffe8ec9fff 0x0000/0x0001 0x0040000
9583d18.6634: 00007dffe8eca000-00007dffe8ecafff 0x0002/0x0001 0x0040000
9593d18.6634: 00007dffe8ecb000-00007ff58c9a6fff 0x0000/0x0001 0x0040000
9603d18.6634: 00007ff58c9a7000-00007ff58c9abfff 0x0002/0x0001 0x0040000
9613d18.6634: 00007ff58c9ac000-00007ff5a3843fff 0x0000/0x0001 0x0040000
9623d18.6634: 00007ff5a3844000-00007ff5a8ac7fff 0x0001/0x0001 0x0040000
9633d18.6634: 00007ff5a8ac8000-00007ff5a8ad1fff 0x0002/0x0001 0x0040000
9643d18.6634: 00007ff5a8ad2000-00007ff5acb2ffff 0x0000/0x0001 0x0040000
9653d18.6634: 00007ff5acb30000-00007ff7f9dbffff 0x0001/0x0000 0x0000000
9663d18.6634: *00007ff7f9dc0000-00007ff7f9dc0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
9673d18.6634: 00007ff7f9dc1000-00007ff7f9e2afff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
9683d18.6634: 00007ff7f9e2b000-00007ff7f9e2bfff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
9693d18.6634: 00007ff7f9e2c000-00007ff7f9e7efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
9703d18.6634: 00007ff7f9e7f000-00007ff7f9e7ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
9713d18.6634: 00007ff7f9e80000-00007ff7f9e80fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
9723d18.6634: 00007ff7f9e81000-00007ff7f9e85fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
9733d18.6634: 00007ff7f9e86000-00007ff7f9e8bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
9743d18.6634: 00007ff7f9e8c000-00007ff7f9ed3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
9753d18.6634: 00007ff7f9ed4000-00007ffefe62ffff 0x0001/0x0000 0x0000000
9763d18.6634: *00007ffefe630000-00007ffefe630fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
9773d18.6634: 00007ffefe631000-00007ffefe760fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
9783d18.6634: 00007ffefe761000-00007ffefe7adfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
9793d18.6634: 00007ffefe7ae000-00007ffefe7b9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
9803d18.6634: 00007ffefe7ba000-00007ffefe7c8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
9813d18.6634: 00007ffefe7c9000-00007ffefe7c9fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
9823d18.6634: 00007ffefe7ca000-00007ffefe7ccfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
9833d18.6634: 00007ffefe7cd000-00007ffefe843fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
9843d18.6634: 00007ffefe844000-00007ffffffeffff 0x0001/0x0000 0x0000000
9853d18.6634: VirtualBoxVM.exe: timestamp 0x63bee674 (rc=VINF_SUCCESS)
9863d18.6634: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
9873d18.6634: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
9883d18.6634: VirtualBoxVM.exe: Differences in section #8 (.rsrc) between file and memory:
9893d18.6634: 00007ff7f9ed25f4 / 0x01125f4: 00 != 50
9903d18.6634: 00007ff7f9ed25f5 / 0x01125f5: 00 != 41
9913d18.6634: 00007ff7f9ed25f6 / 0x01125f6: 00 != 44
9923d18.6634: 00007ff7f9ed25f7 / 0x01125f7: 00 != 44
9933d18.6634: 00007ff7f9ed25f8 / 0x01125f8: 00 != 49
9943d18.6634: 00007ff7f9ed25f9 / 0x01125f9: 00 != 4e
9953d18.6634: 00007ff7f9ed25fa / 0x01125fa: 00 != 47
9963d18.6634: 00007ff7f9ed25fb / 0x01125fb: 00 != 58
9973d18.6634: 00007ff7f9ed25fc / 0x01125fc: 00 != 58
9983d18.6634: 00007ff7f9ed25fd / 0x01125fd: 00 != 50
9993d18.6634: 00007ff7f9ed25fe / 0x01125fe: 00 != 41
10003d18.6634: 00007ff7f9ed25ff / 0x01125ff: 00 != 44
10013d18.6634: Restored 0xa0c bytes of original file content at 00007ff7f9ed25f4
10023d18.6634: '\Device\HarddiskVolume5\Windows\System32\ntdll.dll' has no imports
10033d18.6634: supR3HardNtChildPurify: cFixes=2 g_fSupAdversaries=0x4
10043d18.6634: supR3HardNtChildPurify: Startup delay kludge #1/1: 518 ms, 60 sleeps
10053d18.6634: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
10063d18.6634: *0000000000000000-000000007ffdffff 0x0001/0x0000 0x0000000
10073d18.6634: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
10083d18.6634: 000000007ffe1000-000000007ffebfff 0x0001/0x0000 0x0000000
10093d18.6634: *000000007ffec000-000000007ffecfff 0x0002/0x0002 0x0020000
10103d18.6634: 000000007ffed000-000000aa125fffff 0x0001/0x0000 0x0000000
10113d18.6634: *000000aa12600000-000000aa127d3fff 0x0000/0x0004 0x0020000
10123d18.6634: 000000aa127d4000-000000aa127d6fff 0x0004/0x0004 0x0020000
10133d18.6634: 000000aa127d7000-000000aa127fffff 0x0000/0x0004 0x0020000
10143d18.6634: *000000aa12800000-000000aa128fafff 0x0000/0x0004 0x0020000
10153d18.6634: 000000aa128fb000-000000aa128fdfff 0x0104/0x0004 0x0020000
10163d18.6634: 000000aa128fe000-000000aa128fffff 0x0004/0x0004 0x0020000
10173d18.6634: 000000aa12900000-0000028f0e63ffff 0x0001/0x0000 0x0000000
10183d18.6634: *0000028f0e640000-0000028f0e65ffff 0x0004/0x0004 0x0020000
10193d18.6634: *0000028f0e660000-0000028f0e67efff 0x0002/0x0002 0x0040000
10203d18.6634: 0000028f0e67f000-0000028f0e68ffff 0x0001/0x0000 0x0000000
10213d18.6634: *0000028f0e690000-0000028f0e693fff 0x0002/0x0002 0x0040000
10223d18.6634: 0000028f0e694000-0000028f0e69ffff 0x0001/0x0000 0x0000000
10233d18.6634: *0000028f0e6a0000-0000028f0e6a0fff 0x0002/0x0002 0x0040000
10243d18.6634: 0000028f0e6a1000-0000028f0e6affff 0x0001/0x0000 0x0000000
10253d18.6634: *0000028f0e6b0000-0000028f0e6b1fff 0x0004/0x0004 0x0020000
10263d18.6634: 0000028f0e6b2000-00007df5acb1ffff 0x0001/0x0000 0x0000000
10273d18.6634: *00007df5acb20000-00007df5acb20fff 0x0002/0x0002 0x0040000
10283d18.6634: 00007df5acb21000-00007df5acb2ffff 0x0001/0x0000 0x0000000
10293d18.6634: *00007df5acb30000-00007df5ae4eafff 0x0000/0x0001 0x0040000
10303d18.6634: 00007df5ae4eb000-00007df5ae573fff 0x0001/0x0001 0x0040000
10313d18.6634: 00007df5ae574000-00007df5ae920fff 0x0000/0x0001 0x0040000
10323d18.6634: 00007df5ae921000-00007df5ae921fff 0x0001/0x0001 0x0040000
10333d18.6634: 00007df5ae922000-00007dffe8ec9fff 0x0000/0x0001 0x0040000
10343d18.6634: 00007dffe8eca000-00007dffe8ecafff 0x0002/0x0001 0x0040000
10353d18.6634: 00007dffe8ecb000-00007ff58c9a6fff 0x0000/0x0001 0x0040000
10363d18.6634: 00007ff58c9a7000-00007ff58c9abfff 0x0002/0x0001 0x0040000
10373d18.6634: 00007ff58c9ac000-00007ff5a3843fff 0x0000/0x0001 0x0040000
10383d18.6634: 00007ff5a3844000-00007ff5a8ac7fff 0x0001/0x0001 0x0040000
10393d18.6634: 00007ff5a8ac8000-00007ff5a8ad1fff 0x0002/0x0001 0x0040000
10403d18.6634: 00007ff5a8ad2000-00007ff5acb2ffff 0x0000/0x0001 0x0040000
10413d18.6634: 00007ff5acb30000-00007ff7f9dbffff 0x0001/0x0000 0x0000000
10423d18.6634: *00007ff7f9dc0000-00007ff7f9dc0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
10433d18.6634: 00007ff7f9dc1000-00007ff7f9e2afff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
10443d18.6634: 00007ff7f9e2b000-00007ff7f9e2bfff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
10453d18.6634: 00007ff7f9e2c000-00007ff7f9e7efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
10463d18.6634: 00007ff7f9e7f000-00007ff7f9e8bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
10473d18.6634: 00007ff7f9e8c000-00007ff7f9ed3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
10483d18.6634: 00007ff7f9ed4000-00007ffefe62ffff 0x0001/0x0000 0x0000000
10493d18.6634: *00007ffefe630000-00007ffefe630fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
10503d18.6634: 00007ffefe631000-00007ffefe760fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
10513d18.6634: 00007ffefe761000-00007ffefe7adfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
10523d18.6634: 00007ffefe7ae000-00007ffefe7b1fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
10533d18.6634: 00007ffefe7b2000-00007ffefe7b9fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
10543d18.6634: 00007ffefe7ba000-00007ffefe7c8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
10553d18.6634: 00007ffefe7c9000-00007ffefe7c9fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
10563d18.6634: 00007ffefe7ca000-00007ffefe7ccfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
10573d18.6634: 00007ffefe7cd000-00007ffefe843fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
10583d18.6634: 00007ffefe844000-00007ffffffeffff 0x0001/0x0000 0x0000000
10593d18.6634: supR3HardNtChildPurify: Done after 1074 ms and 2 fixes (loop #1).
10605b34.3c5c: supR3HardenedVmProcessInit: uNtDllAddr=00007ffefe630000 g_uNtVerCombined=0xa0585d00 (stack ~000000aa128fe630)
10613d18.6634: supR3HardenedEarlyCompact: Removed heap 1 (0x00028f3cea0000 LB 0x800000)
10625b34.3c5c: ntdll.dll: timestamp 0xa97a9ed6 (rc=VINF_SUCCESS)
10633d18.6634: supR3HardNtEnableThreadCreationEx:
10645b34.3c5c: New simple heap: #1 0000028f0e7c0000 LB 0x800000 (for 2179072 allocation)
10655b34.3c5c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
10665b34.3c5c: System32: \Device\HarddiskVolume5\Windows\System32
10675b34.3c5c: WinSxS: \Device\HarddiskVolume5\Windows\WinSxS
10685b34.3c5c: KnownDllPath: C:\WINDOWS\System32
10695b34.3c5c: supR3HardenedVmProcessInit: Opening vboxsup...
10705b34.3c5c: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
10715b34.3c5c: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
10725b34.3c5c: Registered Dll notification callback with NTDLL.
10735b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\kernel32.dll)
10745b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\kernel32.dll
10755b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
10765b34.3c5c: supR3HardenedMonitor_KiUserApcDispatcher_C: pfnRoutine=0000028f0e680088 enmState=4 -> supR3HardenedWinDummyApcRoutine
10775b34.3c5c: supR3HardenedWinDummyApcRoutine: pvArg1=0000028f0e680000 pvArg2=0000000000000000 pvArg3=0000000000000000
10785b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffefc000000 LB 0x0039c000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
10795b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\KernelBase.dll)
10805b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\KernelBase.dll
10815b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffefc680000 LB 0x000c3000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
10825b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
10835b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc680000 'C:\WINDOWS\System32\KERNEL32.DLL'
10845b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ff7f9dc0000 LB 0x00114000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
10855b34.3c5c: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
10865b34.3c5c: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
10875b34.3c5c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
10885b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
10895b34.3c5c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffefe6a3e50 pvNtTerminateThread=00007ffefe6cf850
10903d18.6634: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 192 ms.
10915b34.3c5c: \SystemRoot\System32\ntdll.dll:
10925b34.3c5c: CreationTime: 2022-11-30T10:47:54.611997200Z
10935b34.3c5c: LastWriteTime: 2022-11-30T10:47:54.653518800Z
10945b34.3c5c: ChangeTime: 2023-01-23T07:55:09.766507900Z
10955b34.3c5c: FileAttributes: 0x20
10965b34.3c5c: Size: 0x212f88
10975b34.3c5c: NT Headers: 0xe0
10985b34.3c5c: Timestamp: 0xa97a9ed6
10995b34.3c5c: Machine: 0x8664 - amd64
11005b34.3c5c: Timestamp: 0xa97a9ed6
11015b34.3c5c: Image Version: 10.0
11025b34.3c5c: SizeOfImage: 0x214000 (2179072)
11035b34.3c5c: Resource Dir: 0x19e000 LB 0x747c8
11045b34.3c5c: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
11055b34.3c5c: [Raw version resource data: 0x19e0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
11065b34.3c5c: ProductName: Microsoft® Windows® Operating System
11075b34.3c5c: ProductVersion: 10.0.22621.900
11085b34.3c5c: FileVersion: 10.0.22621.900 (WinBuild.160101.0800)
11095b34.3c5c: FileDescription: NT Layer DLL
11105b34.3c5c: \SystemRoot\System32\kernel32.dll:
11115b34.3c5c: CreationTime: 2023-01-23T07:54:28.266970200Z
11125b34.3c5c: LastWriteTime: 2023-01-23T07:54:28.287808400Z
11135b34.3c5c: ChangeTime: 2023-01-23T08:05:41.567673000Z
11145b34.3c5c: FileAttributes: 0x20
11155b34.3c5c: Size: 0xc6118
11165b34.3c5c: NT Headers: 0xe8
11175b34.3c5c: Timestamp: 0xc8f98068
11185b34.3c5c: Machine: 0x8664 - amd64
11195b34.3c5c: Timestamp: 0xc8f98068
11205b34.3c5c: Image Version: 10.0
11215b34.3c5c: SizeOfImage: 0xc3000 (798720)
11225b34.3c5c: Resource Dir: 0xc1000 LB 0x520
11235b34.3c5c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
11245b34.3c5c: [Raw version resource data: 0xc10b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
11255b34.3c5c: ProductName: Microsoft® Windows® Operating System
11265b34.3c5c: ProductVersion: 10.0.22621.1192
11275b34.3c5c: FileVersion: 10.0.22621.1192 (WinBuild.160101.0800)
11285b34.3c5c: FileDescription: Windows NT BASE API Client DLL
11295b34.3c5c: \SystemRoot\System32\KernelBase.dll:
11305b34.3c5c: CreationTime: 2023-01-23T07:54:30.948765300Z
11315b34.3c5c: LastWriteTime: 2023-01-23T07:54:31.075418500Z
11325b34.3c5c: ChangeTime: 2023-01-23T08:05:41.614555000Z
11335b34.3c5c: FileAttributes: 0x20
11345b34.3c5c: Size: 0x3a3780
11355b34.3c5c: NT Headers: 0x100
11365b34.3c5c: Timestamp: 0xfaa44dd0
11375b34.3c5c: Machine: 0x8664 - amd64
11385b34.3c5c: Timestamp: 0xfaa44dd0
11395b34.3c5c: Image Version: 10.0
11405b34.3c5c: SizeOfImage: 0x39c000 (3784704)
11415b34.3c5c: Resource Dir: 0x36b000 LB 0x548
11425b34.3c5c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
11435b34.3c5c: [Raw version resource data: 0x36b0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
11445b34.3c5c: ProductName: Microsoft® Windows® Operating System
11455b34.3c5c: ProductVersion: 10.0.22621.1192
11465b34.3c5c: FileVersion: 10.0.22621.1192 (WinBuild.160101.0800)
11475b34.3c5c: FileDescription: Windows NT BASE API Client DLL
11485b34.3c5c: \SystemRoot\System32\apisetschema.dll:
11495b34.3c5c: CreationTime: 2023-01-23T07:54:18.790267200Z
11505b34.3c5c: LastWriteTime: 2023-01-23T07:54:18.794216300Z
11515b34.3c5c: ChangeTime: 2023-01-23T08:04:45.040904700Z
11525b34.3c5c: FileAttributes: 0x20
11535b34.3c5c: Size: 0x24560
11545b34.3c5c: NT Headers: 0xc8
11555b34.3c5c: Timestamp: 0x845ac5a8
11565b34.3c5c: Machine: 0x8664 - amd64
11575b34.3c5c: Timestamp: 0x845ac5a8
11585b34.3c5c: Image Version: 10.0
11595b34.3c5c: SizeOfImage: 0x23000 (143360)
11605b34.3c5c: Resource Dir: 0x22000 LB 0x408
11615b34.3c5c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
11625b34.3c5c: [Raw version resource data: 0x22060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
11635b34.3c5c: ProductName: Microsoft® Windows® Operating System
11645b34.3c5c: ProductVersion: 10.0.22621.1192
11655b34.3c5c: FileVersion: 10.0.22621.1192 (WinBuild.160101.0800)
11665b34.3c5c: FileDescription: ApiSet Schema DLL
11675b34.3c5c: NtOpenDirectoryObject failed on \Driver: 0xc0000022
11685b34.3c5c: supR3HardenedWinFindAdversaries: 0x4
11695b34.3c5c: \SystemRoot\System32\drivers\aswMonFlt.sys:
11705b34.3c5c: CreationTime: 2023-01-09T06:26:20.946486700Z
11715b34.3c5c: LastWriteTime: 2023-01-09T06:26:17.918675600Z
11725b34.3c5c: ChangeTime: 2023-01-09T06:26:17.918675600Z
11735b34.3c5c: FileAttributes: 0x20
11745b34.3c5c: Size: 0x41670
11755b34.3c5c: NT Headers: 0xe8
11765b34.3c5c: Timestamp: 0x6385db89
11775b34.3c5c: Machine: 0x8664 - amd64
11785b34.3c5c: Timestamp: 0x6385db89
11795b34.3c5c: Image Version: 10.0
11805b34.3c5c: SizeOfImage: 0x45000 (282624)
11815b34.3c5c: Resource Dir: 0x43000 LB 0x3a0
11825b34.3c5c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
11835b34.3c5c: [Raw version resource data: 0x43060 LB 0x340, codepage 0x0 (reserved 0x0)]
11845b34.3c5c: ProductName: Avast Antivirus
11855b34.3c5c: ProductVersion: 22.12.474.0
11865b34.3c5c: FileVersion: 22.12.474.0
11875b34.3c5c: FileDescription: Avast File System Filter
11885b34.3c5c: \SystemRoot\System32\drivers\aswRdr2.sys:
11895b34.3c5c: CreationTime: 2023-01-09T06:26:20.944534900Z
11905b34.3c5c: LastWriteTime: 2023-01-09T06:26:17.879419200Z
11915b34.3c5c: ChangeTime: 2023-01-09T06:26:17.879419200Z
11925b34.3c5c: FileAttributes: 0x20
11935b34.3c5c: Size: 0x19b20
11945b34.3c5c: NT Headers: 0xe8
11955b34.3c5c: Timestamp: 0x6385db8a
11965b34.3c5c: Machine: 0x8664 - amd64
11975b34.3c5c: Timestamp: 0x6385db8a
11985b34.3c5c: Image Version: 10.0
11995b34.3c5c: SizeOfImage: 0x1b000 (110592)
12005b34.3c5c: Resource Dir: 0x19000 LB 0x388
12015b34.3c5c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
12025b34.3c5c: [Raw version resource data: 0x19060 LB 0x324, codepage 0x0 (reserved 0x0)]
12035b34.3c5c: ProductName: Avast Antivirus
12045b34.3c5c: ProductVersion: 22.12.474.0
12055b34.3c5c: FileVersion: 22.12.474.0
12065b34.3c5c: FileDescription: Avast Antivirus
12075b34.3c5c: \SystemRoot\System32\drivers\aswRvrt.sys:
12085b34.3c5c: CreationTime: 2023-01-09T06:26:20.947463700Z
12095b34.3c5c: LastWriteTime: 2023-01-09T06:26:17.940251300Z
12105b34.3c5c: ChangeTime: 2023-01-09T06:26:17.940251300Z
12115b34.3c5c: FileAttributes: 0x20
12125b34.3c5c: Size: 0x139f8
12135b34.3c5c: NT Headers: 0xe8
12145b34.3c5c: Timestamp: 0x6385db88
12155b34.3c5c: Machine: 0x8664 - amd64
12165b34.3c5c: Timestamp: 0x6385db88
12175b34.3c5c: Image Version: 10.0
12185b34.3c5c: SizeOfImage: 0x13000 (77824)
12195b34.3c5c: Resource Dir: 0x11000 LB 0x380
12205b34.3c5c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
12215b34.3c5c: [Raw version resource data: 0x11060 LB 0x320, codepage 0x0 (reserved 0x0)]
12225b34.3c5c: ProductName: Avast Antivirus
12235b34.3c5c: ProductVersion: 22.12.474.0
12245b34.3c5c: FileVersion: 22.12.474.0
12255b34.3c5c: FileDescription: Avast Revert
12265b34.3c5c: \SystemRoot\System32\drivers\aswSnx.sys:
12275b34.3c5c: CreationTime: 2023-01-09T06:26:20.939101300Z
12285b34.3c5c: LastWriteTime: 2023-01-09T06:26:12.663482100Z
12295b34.3c5c: ChangeTime: 2023-01-09T06:26:12.663482100Z
12305b34.3c5c: FileAttributes: 0x20
12315b34.3c5c: Size: 0xd0020
12325b34.3c5c: NT Headers: 0xf0
12335b34.3c5c: Timestamp: 0x6385dba5
12345b34.3c5c: Machine: 0x8664 - amd64
12355b34.3c5c: Timestamp: 0x6385dba5
12365b34.3c5c: Image Version: 10.0
12375b34.3c5c: SizeOfImage: 0xd0000 (851968)
12385b34.3c5c: Resource Dir: 0xcd000 LB 0x388
12395b34.3c5c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
12405b34.3c5c: [Raw version resource data: 0xcd060 LB 0x324, codepage 0x0 (reserved 0x0)]
12415b34.3c5c: ProductName: Avast Antivirus
12425b34.3c5c: ProductVersion: 22.12.474.0
12435b34.3c5c: FileVersion: 22.12.474.0
12445b34.3c5c: FileDescription: Avast Antivirus
12455b34.3c5c: \SystemRoot\System32\drivers\aswsp.sys:
12465b34.3c5c: CreationTime: 2023-01-09T06:26:20.947463700Z
12475b34.3c5c: LastWriteTime: 2023-02-01T14:26:26.879778500Z
12485b34.3c5c: ChangeTime: 2023-02-01T14:26:26.879778500Z
12495b34.3c5c: FileAttributes: 0x20
12505b34.3c5c: Size: 0xa9cd0
12515b34.3c5c: NT Headers: 0xe8
12525b34.3c5c: Timestamp: 0x63d9172a
12535b34.3c5c: Machine: 0x8664 - amd64
12545b34.3c5c: Timestamp: 0x63d9172a
12555b34.3c5c: Image Version: 10.0
12565b34.3c5c: SizeOfImage: 0xac000 (704512)
12575b34.3c5c: Resource Dir: 0xa9000 LB 0x388
12585b34.3c5c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
12595b34.3c5c: [Raw version resource data: 0xa9060 LB 0x328, codepage 0x0 (reserved 0x0)]
12605b34.3c5c: ProductName: Avast Antivirus
12615b34.3c5c: ProductVersion: 22.12.501.0
12625b34.3c5c: FileVersion: 22.12.501.0
12635b34.3c5c: FileDescription: Avast Self Protection
12645b34.3c5c: \SystemRoot\System32\drivers\aswStm.sys:
12655b34.3c5c: CreationTime: 2023-01-09T06:26:20.950392400Z
12665b34.3c5c: LastWriteTime: 2023-01-09T06:26:18.270876600Z
12675b34.3c5c: ChangeTime: 2023-01-09T06:26:18.270876600Z
12685b34.3c5c: FileAttributes: 0x20
12695b34.3c5c: Size: 0x33e98
12705b34.3c5c: NT Headers: 0xf0
12715b34.3c5c: Timestamp: 0x6385db9e
12725b34.3c5c: Machine: 0x8664 - amd64
12735b34.3c5c: Timestamp: 0x6385db9e
12745b34.3c5c: Image Version: 10.0
12755b34.3c5c: SizeOfImage: 0x35000 (217088)
12765b34.3c5c: Resource Dir: 0x33000 LB 0x390
12775b34.3c5c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
12785b34.3c5c: [Raw version resource data: 0x33060 LB 0x32c, codepage 0x0 (reserved 0x0)]
12795b34.3c5c: ProductName: Avast Antivirus
12805b34.3c5c: ProductVersion: 22.12.474.0
12815b34.3c5c: FileVersion: 22.12.474.0
12825b34.3c5c: FileDescription: Avast Stream Filter
12835b34.3c5c: \SystemRoot\System32\drivers\aswVmm.sys:
12845b34.3c5c: CreationTime: 2023-01-09T06:26:20.951949700Z
12855b34.3c5c: LastWriteTime: 2023-01-09T06:26:19.193172200Z
12865b34.3c5c: ChangeTime: 2023-01-09T06:26:19.193172200Z
12875b34.3c5c: FileAttributes: 0x20
12885b34.3c5c: Size: 0x4dbf8
12895b34.3c5c: NT Headers: 0xf8
12905b34.3c5c: Timestamp: 0x6385db98
12915b34.3c5c: Machine: 0x8664 - amd64
12925b34.3c5c: Timestamp: 0x6385db98
12935b34.3c5c: Image Version: 10.0
12945b34.3c5c: SizeOfImage: 0x4c000 (311296)
12955b34.3c5c: Resource Dir: 0x4a000 LB 0x388
12965b34.3c5c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
12975b34.3c5c: [Raw version resource data: 0x4a060 LB 0x328, codepage 0x0 (reserved 0x0)]
12985b34.3c5c: ProductName: Avast Antivirus
12995b34.3c5c: ProductVersion: 22.12.474.0
13005b34.3c5c: FileVersion: 22.12.474.0
13015b34.3c5c: FileDescription: Avast VM Monitor
13025b34.3c5c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
13035b34.3c5c: Calling main()
13045b34.3c5c: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
13055b34.3c5c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
13065b34.3c5c: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
13075b34.3c5c: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
13085b34.3c5c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
13095b34.3c5c: SUPR3HardenedMain: Final process, opening VBoxDrv...
13105b34.3c5c: supR3HardenedEarlyCompact: Removed heap 1 (0x00028f0e7c0000 LB 0x800000)
13115b34.3c5c: supR3HardNtEnableThreadCreationEx:
13125b34.3c5c: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll: Signature #1/2: info status: 24202
13135b34.3c5c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
13145b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
13155b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
13165b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (24202) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
13175b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffef7110000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
13185b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (24202) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
13195b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (24202) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
13205b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
13215b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef7110000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
13225b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (24202) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
13235b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
13245b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef7110000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
13255b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef7110000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
13265b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
13275b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'rpcrt4.dll'.
13285b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\wintrust.dll)
13295b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\wintrust.dll
13305b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
13315b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
13325b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll)
13335b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll
13345b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13355b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13365b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\msvcrt.dll)
13375b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\msvcrt.dll
13385b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
13395b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffefe540000 LB 0x000a7000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0]
13405b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
13415b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffefcbd0000 LB 0x00115000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
13425b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
13435b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffefbe70000 LB 0x0006b000 C:\WINDOWS\System32\Wintrust.dll [fFlags=0x0]
13445b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
13455b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffefbb60000 LB 0x00111000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0]
13465b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\ucrtbase.dll)
13475b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\ucrtbase.dll
13485b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffefbd00000 LB 0x00166000 C:\WINDOWS\System32\CRYPT32.dll [fFlags=0x0]
13495b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\crypt32.dll)
13505b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\crypt32.dll
13515b34.3c5c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
13525b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
13535b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc000000 'api-ms-win-core-synch-l1-2-0'
13545b34.3c5c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
13555b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
13565b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc000000 'api-ms-win-core-fibers-l1-1-1'
13575b34.3c5c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
13585b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
13595b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc000000 'api-ms-win-core-synch-l1-2-0'
13605b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\msasn1.dll)
13615b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\msasn1.dll
13625b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffefb700000 LB 0x00012000 C:\WINDOWS\SYSTEM32\MSASN1.dll [fFlags=0x0]
13635b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
13645b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbe70000 'C:\WINDOWS\system32\Wintrust.dll'
13655b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\bcrypt.dll)
13665b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\bcrypt.dll
13675b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
13685b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
13695b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffefb410000 LB 0x00028000 C:\WINDOWS\system32\bcrypt.dll [fFlags=0x0]
13705b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
13715b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefb410000 'C:\WINDOWS\system32\bcrypt.dll'
13725b34.3c5c: bcrypt.dll loaded at 00007ffefb410000, BCryptOpenAlgorithmProvider at 00007ffefb4141c0, preloading providers:
13735b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\bcryptprimitives.dll)
13745b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\bcryptprimitives.dll
13755b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
13765b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffefbc80000 LB 0x0007b000 C:\WINDOWS\System32\bcryptprimitives.dll [fFlags=0x0]
13775b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
13785b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbc80000 'C:\WINDOWS\system32\bcryptprimitives.dll'
13795b34.3c5c: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=0000028f0f142440)
13805b34.3c5c: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=0000028f0f145070)
13815b34.3c5c: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=0000028f0f1453c0)
13825b34.3c5c: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000028f0f145710)
13835b34.3c5c: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000028f0f145a60)
13845b34.3c5c: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000028f0f145db0)
13855b34.3c5c: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000028f0f146100)
13865b34.3c5c: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000028f0f146450)
13875b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\cryptsp.dll)
13885b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\cryptsp.dll
13895b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffefb200000 LB 0x0001b000 C:\WINDOWS\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
13905b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
13915b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\rsaenh.dll)
13925b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\rsaenh.dll
13935b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
13945b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
13955b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffefa9f0000 LB 0x00035000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
13965b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
13975b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
13985b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\cryptbase.dll)
13995b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\cryptbase.dll
14005b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffefb1e0000 LB 0x0000c000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
14015b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
14025b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
14035b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
14045b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc680000 'C:\WINDOWS\System32\kernel32.dll'
14055b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
14065b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
14075b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbe70000 'C:\WINDOWS\System32\WINTRUST.DLL'
14085b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
14095b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
14105b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\CRYPT32.dll'
14115b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffefd210000 LB 0x0001f000 C:\WINDOWS\System32\imagehlp.dll [fFlags=0x0]
14125b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\imagehlp.dll)
14135b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\imagehlp.dll
14145b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
14155b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
14165b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
14175b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffefc8b0000 LB 0x000a4000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
14185b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\sechost.dll)
14195b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\sechost.dll
14205b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14215b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
14225b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\gpapi.dll)
14235b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\gpapi.dll
14245b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffefaf50000 LB 0x00026000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0]
14255b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
14265b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\profapi.dll)
14275b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\profapi.dll
14285b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffefb9a0000 LB 0x00021000 C:\WINDOWS\SYSTEM32\profapi.dll [fFlags=0x0]
14295b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\profapi.dll [lacks WinVerifyTrust]
14305b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14315b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
14325b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\cryptnet.dll)
14335b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\cryptnet.dll
14345b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
14355b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume5\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
14365b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
14375b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
14385b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
14395b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
14405b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
14415b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
14425b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
14435b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
14445b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
14455b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
14465b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
14475b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
14485b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffed1060000 LB 0x00032000 C:\WINDOWS\System32\cryptnet.dll [fFlags=0x0]
14495b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
14505b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
14515b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
14525b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed1060000 'C:\WINDOWS\System32\cryptnet.dll'
14535b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
14545b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
14555b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed1060000 'C:\WINDOWS\System32\cryptnet.dll'
14565b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
14575b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
14585b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed1060000 'C:\WINDOWS\System32\cryptnet.dll'
14595b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
14605b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
14615b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed1060000 'C:\WINDOWS\System32\cryptnet.dll'
14625b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
14635b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
14645b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed1060000 'C:\WINDOWS\System32\cryptnet.dll'
14655b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
14665b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
14675b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed1060000 'C:\WINDOWS\System32\cryptnet.dll'
14685b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
14695b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed1060000 'C:\WINDOWS\System32\cryptnet.dll'
14705b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
14715b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed1060000 'C:\WINDOWS\System32\cryptnet.dll'
14725b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
14735b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed1060000 'C:\WINDOWS\System32\cryptnet.dll'
14745b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
14755b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed1060000 'C:\WINDOWS\System32\cryptnet.dll'
14765b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
14775b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed1060000 'C:\WINDOWS\System32\cryptnet.dll'
14785b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed1060000 'C:\WINDOWS\System32\cryptnet.dll'
14795b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
14805b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed1060000 'C:\Windows\System32\cryptnet.dll'
14815b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
14825b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
14835b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcbd0000 'C:\WINDOWS\System32\rpcrt4.dll'
14845b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
14855b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
14865b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
14875b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffefdb80000 LB 0x000ae000 C:\WINDOWS\System32\advapi32.dll [fFlags=0x0]
14885b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14895b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.
14905b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'rpcrt4.dll'.
14915b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\advapi32.dll)
14925b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\advapi32.dll
14935b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
14945b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
14955b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
14965b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
14975b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
14985b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume5\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
14995b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\sechost.dll [lacks WinVerifyTrust]
15005b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15015b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15025b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
15035b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
15045b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
15055b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
15065b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
15075b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
15085b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
15095b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000028f0f17c890
15105b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000028f0f17c890
15115b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3D5FCA8EDCFD5BB5595ED9D320C21FB18E3FE9DB
15125b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
15135b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
15145b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
15155b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
15165b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
15175b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
15185b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package051420~31bf3856ad364e35~amd64~~10.0.22621.963.cat'; file='\SystemRoot\System32\ntdll.dll'
15195b34.3c5c: g_pfnWinVerifyTrust=00007ffefbe824c0
15205b34.3c5c: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
15215b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
15225b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
15235b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
15245b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
15255b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
15265b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
15275b34.3c5c: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\crypt32.dll'
15285b34.3c5c: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
15295b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
15305b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
15315b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
15325b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll
15335b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
15345b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
15355b34.3c5c: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\wintrust.dll'
15365b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
15375b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
15385b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
15395b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
15405b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\advapi32.dll'
15415b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
15425b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
15435b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
15445b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\cryptnet.dll'
15455b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
15465b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
15475b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
15485b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\profapi.dll'
15495b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
15505b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
15515b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
15525b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\gpapi.dll'
15535b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
15545b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
15555b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
15565b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\sechost.dll'
15575b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
15585b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
15595b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
15605b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\imagehlp.dll'
15615b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
15625b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
15635b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
15645b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\cryptbase.dll'
15655b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
15665b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
15675b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll
15685b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
15695b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
15705b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\rsaenh.dll'
15715b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll
15725b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
15735b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
15745b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
15755b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\cryptsp.dll'
15765b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
15775b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
15785b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\bcryptprimitives.dll'
15795b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
15805b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
15815b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\bcrypt.dll'
15825b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
15835b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
15845b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\msasn1.dll'
15855b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
15865b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
15875b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\ucrtbase.dll'
15885b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
15895b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
15905b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll'
15915b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
15925b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
15935b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll'
15945b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
15955b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
15965b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
15975b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
15985b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
15995b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe'
16005b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
16015b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
16025b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\KernelBase.dll'
16035b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
16045b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
16055b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\kernel32.dll'
16065b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\system32\crypt32.dll'
16075b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0x670683072a91b300 C=US, O=Microsoft Corporation, CN=Microsoft Identity Verification Root Certificate Authority 2020
16085b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0xbbde687390e6bf00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Trusted Root G4
16095b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
16105b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
16115b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
16125b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
16135b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0xd12c4ca4bfded900 OU=generated by Avast Antivirus for SSL/TLS scanning, O=Avast Web/Mail Shield, CN=Avast Web/Mail Shield Root
16145b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
16155b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
16165b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
16175b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0xf966ca73e8079500 OU=GlobalSign Root CA - R6, O=GlobalSign, CN=GlobalSign
16185b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
16195b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
16205b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
16215b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0xf3bb4d7e894b420 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC TS Root Certificate Authority 2018
16225b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
16235b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
16245b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018
16255b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
16265b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0xca58a05dd401ae00 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Time Stamp Root Certificate Authority 2014
16275b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0x26c2e295b78ebf00 C=PA, ST=Panama, L=Panama City, O=TrustCor Systems S. de R.L., OU=TrustCor Certificate Authority, CN=TrustCor RootCert CA-1
16285b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0x2ca429a5c4c6a700 C=IT, L=Milan, O=Actalis S.p.A./03358520967, CN=Actalis Authentication Root CA
16295b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
16305b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0x3d993fde1950a700 C=US, O=IdenTrust, CN=IdenTrust Commercial Root CA 1
16315b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
16325b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0xbbde687390e6bf00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Trusted Root G4
16335b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
16345b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
16355b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
16365b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0x80d5e6f878f9bd00 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA 2
16375b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0xeae16ef49d40be00 C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
16385b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0xc6536f24d57ae723 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust ECC Certification Authority
16395b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0x3714f47324e8ad00 C=US, O=Internet Security Research Group, CN=ISRG Root X1
16405b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
16415b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0xcb7d2ba3dd0ff900 C=US, ST=Texas, L=Houston, O=SSL Corporation, CN=SSL.com Root Certification Authority RSA
16425b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
16435b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
16445b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
16455b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
16465b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
16475b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
16485b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
16495b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
16505b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
16515b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0xbebef0d2217f0bfb C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G3
16525b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
16535b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
16545b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
16555b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
16565b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0xb352b1523915d000 C=JP, O=SECOM Trust Systems CO.,LTD., OU=Security Communication RootCA2
16575b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0x362d8807333b600 C=US, O=DigiCert, Inc., CN=DigiCert CS RSA4096 Root G5
16585b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
16595b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
16605b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0xe87add30c52db600 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Code Signing Root R45
16615b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
16625b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0xd407c1f75ec7d700 C=NO, O=Buypass AS-983163327, CN=Buypass Class 2 Root CA
16635b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
16645b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0xb16dd37ffeb3b300 C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1
16655b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
16665b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
16675b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0x7b3081c535b843ae C=US, O=Google Trust Services LLC, CN=GTS Root R4
16685b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
16695b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0x665f55ebd06ce27b C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - EC1
16705b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0xb9ff821d139e9bf OU=GlobalSign ECC Root CA - R5, O=GlobalSign, CN=GlobalSign
16715b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
16725b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
16735b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
16745b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0x39bb496d7f0fc200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Development Root Certificate Authority 2014
16755b34.3c5c: supR3HardenedWinIsDesiredRootCA: Adding 0x90c7c28610d2ed15 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Development Root Certificate Authority 2018
16765b34.3c5c: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=69
16775b34.3c5c: SUPR3HardenedMain: Load Runtime...
16785b34.3c5c: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll: Signature #1/2: info status: 24202
16795b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
16805b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
16815b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.
16825b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140_1.dll'.
16835b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp140.dll'.
16845b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
16855b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'ws2_32.dll'.
16865b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
16875b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll
16885b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
16895b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
16905b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
16915b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
16925b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
16935b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\ws2_32.dll) WinVerifyTrust
16945b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\ws2_32.dll
16955b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
16965b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
16975b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll
16985b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
16995b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
17005b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
17015b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
17025b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll
17035b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
17045b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
17055b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.
17065b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140_1.dll'.
17075b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\msvcp140.dll) WinVerifyTrust
17085b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\msvcp140.dll
17095b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
17105b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
17115b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
17125b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
17135b34.3c5c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
17145b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vcruntime140.dll'.
17155b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll)
17165b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll
17175b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
17185b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
17195b34.3c5c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll'.
17205b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll)
17215b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\vcruntime140.dll
17225b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
17235b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
17245b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\vcruntime140.dll [lacks WinVerifyTrust]
17255b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
17265b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll
17275b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17285b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
17295b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vcruntime140.dll'.
17305b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll) WinVerifyTrust
17315b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
17325b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
17335b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\vcruntime140.dll [redoing WinVerifyTrust]
17345b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
17355b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
17365b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\vcruntime140.dll [lacks WinVerifyTrust]
17375b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
17385b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
17395b34.3c5c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll'
17405b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
17415b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll
17425b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\vcruntime140.dll
17435b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll [avoiding WinVerifyTrust]
17445b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcp140.dll
17455b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffedf240000 LB 0x0001b000 C:\WINDOWS\SYSTEM32\VCRUNTIME140.dll [fFlags=0x0]
17465b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\vcruntime140.dll
17475b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffede310000 LB 0x0000c000 C:\WINDOWS\SYSTEM32\VCRUNTIME140_1.dll [fFlags=0x0]
17485b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll [avoiding WinVerifyTrust]
17495b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffedf260000 LB 0x0008d000 C:\WINDOWS\SYSTEM32\MSVCP140.dll [fFlags=0x0]
17505b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcp140.dll
17515b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffefc980000 LB 0x00071000 C:\WINDOWS\System32\WS2_32.dll [fFlags=0x0]
17525b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ws2_32.dll
17535b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffe4a970000 LB 0x006c6000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
17545b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll
17555b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
17565b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
17575b34.3c5c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
17585b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
17595b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc000000 'api-ms-win-core-synch-l1-2-0'
17605b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
17615b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
17625b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
17635b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
17645b34.3c5c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
17655b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
17665b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc000000 'api-ms-win-core-fibers-l1-1-1'
17675b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
17685b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
17695b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
17705b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
17715b34.3c5c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
17725b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
17735b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc000000 'api-ms-win-core-synch-l1-2-0'
17745b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
17755b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
17765b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
17775b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
17785b34.3c5c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
17795b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
17805b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc000000 'api-ms-win-core-fibers-l1-1-1'
17815b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
17825b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
17835b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
17845b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
17855b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kernel32.dll
17865b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
17875b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc680000 'C:\WINDOWS\System32\kernel32.dll'
17885b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
17895b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
17905b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
17915b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
17925b34.3c5c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
17935b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
17945b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc000000 'api-ms-win-core-string-l1-1-0'
17955b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
17965b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
17975b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
17985b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
17995b34.3c5c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
18005b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
18015b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc000000 'api-ms-win-core-localization-l1-2-1'
18025b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
18035b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
18045b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
18055b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
18065b34.3c5c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
18075b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
18085b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc000000 'api-ms-win-core-datetime-l1-1-1'
18095b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
18105b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
18115b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
18125b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
18135b34.3c5c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
18145b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
18155b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc000000 'api-ms-win-core-localization-obsolete-l1-2-0'
18165b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
18175b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
18185b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
18195b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
18205b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll
18215b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18225b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4a970000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
18235b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
18245b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
18255b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
18265b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
18275b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll
18285b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18295b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4a970000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
18305b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
18315b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
18325b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
18335b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
18345b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll
18355b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18365b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4a970000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
18375b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
18385b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
18395b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
18405b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
18415b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll
18425b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18435b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4a970000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
18445b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
18455b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
18465b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
18475b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
18485b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll
18495b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18505b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4a970000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
18515b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
18525b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
18535b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
18545b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
18555b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll
18565b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18575b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4a970000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
18585b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
18595b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
18605b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
18615b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
18625b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4a970000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
18635b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
18645b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
18655b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
18665b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
18675b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4a970000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
18685b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
18695b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
18705b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
18715b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
18725b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4a970000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
18735b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
18745b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
18755b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
18765b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
18775b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4a970000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
18785b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
18795b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
18805b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
18815b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
18825b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4a970000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
18835b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
18845b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
18855b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
18865b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
18875b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4a970000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
18885b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
18895b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
18905b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
18915b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
18925b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4a970000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
18935b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
18945b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
18955b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
18965b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
18975b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll
18985b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18995b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4a970000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19005b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
19015b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
19025b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
19035b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
19045b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4a970000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19055b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
19065b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
19075b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
19085b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
19095b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4a970000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19105b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
19115b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
19125b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
19135b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
19145b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4a970000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19155b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
19165b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
19175b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
19185b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
19195b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4a970000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19205b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
19215b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
19225b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
19235b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
19245b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4a970000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19255b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
19265b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
19275b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
19285b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
19295b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4a970000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19305b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
19315b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
19325b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
19335b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
19345b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4a970000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19355b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
19365b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
19375b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
19385b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
19395b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4a970000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19405b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
19415b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
19425b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
19435b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
19445b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4a970000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19455b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
19465b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
19475b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
19485b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
19495b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4a970000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19505b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
19515b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
19525b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
19535b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
19545b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4a970000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19555b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
19565b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
19575b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
19585b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
19595b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4a970000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19605b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
19615b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
19625b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
19635b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
19645b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4a970000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19655b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
19665b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
19675b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
19685b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
19695b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4a970000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19705b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
19715b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
19725b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
19735b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
19745b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4a970000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19755b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
19765b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
19775b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
19785b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
19795b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll
19805b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
19815b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4a970000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19825b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
19835b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
19845b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
19855b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
19865b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4a970000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19875b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
19885b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
19895b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
19905b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
19915b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4a970000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19925b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
19935b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
19945b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4a970000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19955b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll
19965b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
19975b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
19985b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
19995b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'
20005b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll
20015b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
20025b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbe70000 'C:\WINDOWS\system32\Wintrust.dll'
20035b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
20045b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
20055b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
20065b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
20075b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\system32\crypt32.dll'
20085b34.3c5c: SUPR3HardenedMain: Load TrustedMain...
20095b34.904: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-appmodel-runtime-l1-1-2) -> 0x0, fPresent=1
20105b34.904: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-appmodel-runtime-l1-1-2 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
20115b34.904: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcrt.dll'.
20125b34.904: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\kernel.appcore.dll)
20135b34.904: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\kernel.appcore.dll
20145b34.904: supR3HardenedDllNotificationCallback: load 00007ffefaa80000 LB 0x00018000 C:\WINDOWS\SYSTEM32\kernel.appcore.dll [fFlags=0x0]
20155b34.904: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kernel.appcore.dll [avoiding WinVerifyTrust]
20165b34.904: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefaa80000 'api-ms-win-appmodel-runtime-l1-1-2'
20175b34.904: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20185b34.904: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20195b34.904: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll
20205b34.904: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
20215b34.904: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
20225b34.904: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\kernel.appcore.dll'
20235b34.3c5c: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll: Signature #1/2: info status: 24202
20245b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
20255b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
20265b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'uicommon.dll'.
20275b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
20285b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vcruntime140.dll'.
20295b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vcruntime140_1.dll'.
20305b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
20315b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5guivbox.dll'.
20325b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5widgetsvbox.dll'.
20335b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
20345b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'advapi32.dll'.
20355b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'ole32.dll'.
20365b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'oleaut32.dll'.
20375b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'winmm.dll'.
20385b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll) WinVerifyTrust
20395b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
20405b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
20415b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume5\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
20425b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
20435b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
20445b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\winmm.dll) WinVerifyTrust
20455b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\winmm.dll
20465b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
20475b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume5\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
20485b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
20495b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
20505b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
20515b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
20525b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
20535b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\oleaut32.dll) WinVerifyTrust
20545b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\oleaut32.dll
20555b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
20565b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
20575b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
20585b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
20595b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll
20605b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
20615b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume5\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
20625b34.3c5c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\combase.dll'.
20635b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
20645b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\combase.dll)
20655b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\combase.dll
20665b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
20675b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
20685b34.3c5c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll'.
20695b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll)
20705b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\msvcp_win.dll
20715b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
20725b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
20735b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll
20745b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
20755b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
20765b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
20775b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'gdi32.dll'.
20785b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #46 'user32.dll'.
20795b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #47 'combase.dll'.
20805b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\ole32.dll) WinVerifyTrust
20815b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\ole32.dll
20825b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
20835b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
20845b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll
20855b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20865b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20875b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
20885b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume5\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
20895b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\combase.dll [lacks WinVerifyTrust]
20905b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20915b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20925b34.3c5c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\user32.dll'.
20935b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
20945b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'gdi32.dll'.
20955b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\user32.dll)
20965b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\user32.dll
20975b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
20985b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
20995b34.3c5c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\gdi32.dll'.
21005b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'win32u.dll'.
21015b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\gdi32.dll)
21025b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\gdi32.dll
21035b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
21045b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
21055b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust]
21065b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
21075b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume5\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
21085b34.3c5c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\win32u.dll'.
21095b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\win32u.dll)
21105b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\win32u.dll
21115b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
21125b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
21135b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
21145b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
21155b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume5\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
21165b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\win32u.dll [lacks WinVerifyTrust]
21175b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
21185b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
21195b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
21205b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'gdi32.dll'.
21215b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\user32.dll) WinVerifyTrust
21225b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
21235b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
21245b34.3c5c: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll: Signature #1/2: info status: 24202
21255b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
21265b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
21275b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
21285b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
21295b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume5\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
21305b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\win32u.dll [lacks WinVerifyTrust]
21315b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
21325b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
21335b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5guivbox.dll'.
21345b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5corevbox.dll'.
21355b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'uxtheme.dll'.
21365b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'dwmapi.dll'.
21375b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
21385b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
21395b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
21405b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
21415b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcp140.dll'.
21425b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'msvcp140_1.dll'.
21435b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'vcruntime140.dll'.
21445b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'vcruntime140_1.dll'.
21455b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust
21465b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
21475b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
21485b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
21495b34.3c5c: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll: Signature #1/2: info status: 24202
21505b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
21515b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
21525b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll
21535b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
21545b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
21555b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\vcruntime140.dll
21565b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140_1.dll'...
21575b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140_1.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp140_1.dll' [rcNtRedir=0xc0150008]
21585b34.3c5c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\msvcp140_1.dll'.
21595b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp140.dll'.
21605b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140.dll'.
21615b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\msvcp140_1.dll)
21625b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\msvcp140_1.dll
21635b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
21645b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
21655b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcp140.dll
21665b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
21675b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
21685b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust]
21695b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
21705b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
21715b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
21725b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
21735b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
21745b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ole32.dll
21755b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
21765b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume5\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
21775b34.3c5c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\shell32.dll'.
21785b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
21795b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #72 'user32.dll'.
21805b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #74 'gdi32.dll'.
21815b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\shell32.dll)
21825b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\shell32.dll
21835b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
21845b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume5\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
21855b34.3c5c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\dwmapi.dll'.
21865b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'win32u.dll'.
21875b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
21885b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'gdi32.dll'.
21895b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\dwmapi.dll)
21905b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\dwmapi.dll
21915b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uxtheme.dll'...
21925b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'uxtheme.dll' -> '\Device\HarddiskVolume5\Windows\System32\uxtheme.dll' [rcNtRedir=0xc0150008]
21935b34.3c5c: Detected WinVerifyTrust recursion: rc=22900 '\Device\HarddiskVolume5\Windows\System32\uxtheme.dll'.
21945b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'gdi32.dll'.
21955b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #41 'user32.dll'.
21965b34.3c5c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\uxtheme.dll)
21975b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\uxtheme.dll
21985b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
21995b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
22005b34.3c5c: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll: Signature #1/2: info status: 24202
22015b34.3c5c: Detected WinVerifyTrust recursion: rc=24202 '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'.
22025b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'mpr.dll'.
22035b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'userenv.dll'.
22045b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'version.dll'.
22055b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'netapi32.dll'.
22065b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
22075b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
22085b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ole32.dll'.
22095b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'shell32.dll'.
22105b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'user32.dll'.
22115b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'winmm.dll'.
22125b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp140.dll'.
22135b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcp140_1.dll'.
22145b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'vcruntime140.dll'.
22155b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'vcruntime140_1.dll'.
22165b34.3c5c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll)
22175b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
22185b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
22195b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
22205b34.3c5c: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll: Signature #1/2: info status: 24202
22215b34.3c5c: Detected WinVerifyTrust recursion: rc=24202 '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'.
22225b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'd3d11.dll'.
22235b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'dxgi.dll'.
22245b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
22255b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
22265b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'opengl32.dll'.
22275b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
22285b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
22295b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp140.dll'.
22305b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'vcruntime140.dll'.
22315b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'vcruntime140_1.dll'.
22325b34.3c5c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll)
22335b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
22345b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
22355b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
22365b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll
22375b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
22385b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
22395b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\vcruntime140.dll
22405b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
22415b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
22425b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcp140.dll
22435b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
22445b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
22455b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust]
22465b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
22475b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
22485b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
22495b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
22505b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume5\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
22515b34.3c5c: Detected WinVerifyTrust recursion: rc=22900 '\Device\HarddiskVolume5\Windows\System32\opengl32.dll'.
22525b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22535b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
22545b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
22555b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
22565b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'glu32.dll'.
22575b34.3c5c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\opengl32.dll)
22585b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\opengl32.dll
22595b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
22605b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
22615b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ole32.dll
22625b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
22635b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
22645b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (24202) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
22655b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
22665b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume5\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
22675b34.3c5c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\dxgi.dll'.
22685b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
22695b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'win32u.dll'.
22705b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\dxgi.dll)
22715b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\dxgi.dll
22725b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
22735b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume5\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
22745b34.3c5c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\d3d11.dll'.
22755b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
22765b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'dxgi.dll'.
22775b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'win32u.dll'.
22785b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\d3d11.dll)
22795b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\d3d11.dll
22805b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
22815b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
22825b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll
22835b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
22845b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
22855b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\vcruntime140.dll
22865b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140_1.dll'...
22875b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140_1.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp140_1.dll' [rcNtRedir=0xc0150008]
22885b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcp140_1.dll [lacks WinVerifyTrust]
22895b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
22905b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
22915b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcp140.dll
22925b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
22935b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume5\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
22945b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\winmm.dll
22955b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
22965b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
22975b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust]
22985b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
22995b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume5\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
23005b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\shell32.dll [lacks WinVerifyTrust]
23015b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
23025b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
23035b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ole32.dll
23045b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
23055b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
23065b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll
23075b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
23085b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
23095b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ws2_32.dll
23105b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netapi32.dll'...
23115b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'netapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\netapi32.dll' [rcNtRedir=0xc0150008]
23125b34.3c5c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\netapi32.dll'.
23135b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23145b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\netapi32.dll)
23155b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\netapi32.dll
23165b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
23175b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume5\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
23185b34.3c5c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\version.dll'.
23195b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23205b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\version.dll)
23215b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\version.dll
23225b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'...
23235b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume5\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008]
23245b34.3c5c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\userenv.dll'.
23255b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'rpcrt4.dll'.
23265b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\userenv.dll)
23275b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\userenv.dll
23285b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
23295b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume5\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
23305b34.3c5c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\mpr.dll'.
23315b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\mpr.dll)
23325b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\mpr.dll
23335b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
23345b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
23355b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust]
23365b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
23375b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
23385b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
23395b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
23405b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
23415b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
23425b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
23435b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
23445b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust]
23455b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
23465b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume5\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
23475b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\win32u.dll [lacks WinVerifyTrust]
23485b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
23495b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
23505b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
23515b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
23525b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
23535b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust]
23545b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
23555b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
23565b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust]
23575b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
23585b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
23595b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
23605b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
23615b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcp140.dll
23625b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
23635b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
23645b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23655b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23665b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll
23675b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23685b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23695b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll
23705b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
23715b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume5\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
23725b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\win32u.dll [lacks WinVerifyTrust]
23735b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
23745b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume5\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
23755b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\dxgi.dll [lacks WinVerifyTrust]
23765b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
23775b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
23785b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust]
23795b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
23805b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume5\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
23815b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\win32u.dll [lacks WinVerifyTrust]
23825b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
23835b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
23845b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust]
23855b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
23865b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume5\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
23875b34.3c5c: Detected WinVerifyTrust recursion: rc=22900 '\Device\HarddiskVolume5\Windows\System32\glu32.dll'.
23885b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23895b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
23905b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'opengl32.dll'.
23915b34.3c5c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\glu32.dll)
23925b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\glu32.dll
23935b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
23945b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
23955b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
23965b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
23975b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
23985b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust]
23995b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
24005b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
24015b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll
24025b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24035b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24045b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll
24055b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
24065b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume5\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
24075b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (22900) on \Device\HarddiskVolume5\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
24085b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
24095b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
24105b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust]
24115b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24125b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24135b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
24145b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
24155b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'd3d11.dll'.
24165b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'dxgi.dll'.
24175b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
24185b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
24195b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'opengl32.dll'.
24205b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
24215b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
24225b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp140.dll'.
24235b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'vcruntime140.dll'.
24245b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'vcruntime140_1.dll'.
24255b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll) WinVerifyTrust
24265b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
24275b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
24285b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (24202) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust]
24295b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
24305b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
24315b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll
24325b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
24335b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
24345b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
24355b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
24365b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcp140.dll
24375b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
24385b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
24395b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust]
24405b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
24415b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
24425b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
24435b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
24445b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume5\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
24455b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (22900) on \Device\HarddiskVolume5\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
24465b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
24475b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
24485b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ole32.dll
24495b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
24505b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
24515b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (24202) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
24525b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
24535b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume5\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
24545b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\dxgi.dll [lacks WinVerifyTrust]
24555b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
24565b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume5\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
24575b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\d3d11.dll [lacks WinVerifyTrust]
24585b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
24595b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
24605b34.3c5c: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'
24615b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
24625b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
24635b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll
24645b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
24655b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
24665b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
24675b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
24685b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uicommon.dll'...
24695b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'uicommon.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\uicommon.dll' [rcNtRedir=0xc0150008]
24705b34.3c5c: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\UICommon.dll: Signature #1/2: info status: 24202
24715b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
24725b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
24735b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
24745b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140.dll'.
24755b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vcruntime140_1.dll'.
24765b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
24775b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5guivbox.dll'.
24785b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5widgetsvbox.dll'.
24795b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5helpvbox.dll'.
24805b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'user32.dll'.
24815b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'advapi32.dll'.
24825b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'ole32.dll'.
24835b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'oleaut32.dll'.
24845b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
24855b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\UICommon.dll) WinVerifyTrust
24865b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\UICommon.dll
24875b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
24885b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
24895b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
24905b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume5\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
24915b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\oleaut32.dll
24925b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
24935b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
24945b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ole32.dll
24955b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
24965b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
24975b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll
24985b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
24995b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
25005b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [redoing WinVerifyTrust]
25015b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
25025b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
25035b34.3c5c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\user32.dll'
25045b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5helpvbox.dll'...
25055b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5helpvbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5helpvbox.dll' [rcNtRedir=0xc0150008]
25065b34.3c5c: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5HelpVBox.dll: Signature #1/2: info status: 24202
25075b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
25085b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
25095b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
25105b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
25115b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5sqlvbox.dll'.
25125b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
25135b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'vcruntime140.dll'.
25145b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5HelpVBox.dll) WinVerifyTrust
25155b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5HelpVBox.dll
25165b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
25175b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
25185b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
25195b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
25205b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
25215b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (24202) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust]
25225b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
25235b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
25245b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
25255b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
25265b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
25275b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5sqlvbox.dll'...
25285b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5sqlvbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5sqlvbox.dll' [rcNtRedir=0xc0150008]
25295b34.3c5c: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll: Signature #1/2: info status: 24202
25305b34.3c5c: Detected WinVerifyTrust recursion: rc=24202 '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll'.
25315b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5corevbox.dll'.
25325b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vcruntime140.dll'.
25335b34.3c5c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll)
25345b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll
25355b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
25365b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
25375b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (24202) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
25385b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
25395b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
25405b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
25415b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
25425b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
25435b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
25445b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
25455b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
25465b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
25475b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
25485b34.3c5c: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'
25495b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
25505b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
25515b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
25525b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
25535b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
25545b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll
25555b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
25565b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
25575b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
25585b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
25595b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
25605b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
25615b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\UICommon.dll
25625b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
25635b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
25645b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
25655b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\winmm.dll
25665b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5HelpVBox.dll
25675b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
25685b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\userenv.dll [avoiding WinVerifyTrust]
25695b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\version.dll [avoiding WinVerifyTrust]
25705b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\netapi32.dll [avoiding WinVerifyTrust]
25715b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcp140_1.dll [avoiding WinVerifyTrust]
25725b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\d3d11.dll [avoiding WinVerifyTrust]
25735b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
25745b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (22900) on \Device\HarddiskVolume5\Windows\System32\opengl32.dll [avoiding WinVerifyTrust]
25755b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (22900) on \Device\HarddiskVolume5\Windows\System32\uxtheme.dll [avoiding WinVerifyTrust]
25765b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
25775b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (24202) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll [avoiding WinVerifyTrust]
25785b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (22900) on \Device\HarddiskVolume5\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
25795b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\netutils.dll)
25805b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\netutils.dll
25815b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
25825b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'win32u.dll'.
25835b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\DXCore.dll)
25845b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\DXCore.dll
25855b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
25865b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\srvcli.dll)
25875b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\srvcli.dll
25885b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffeeed40000 LB 0x0001e000 C:\WINDOWS\SYSTEM32\MPR.dll [fFlags=0x0]
25895b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
25905b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffefaf80000 LB 0x00028000 C:\WINDOWS\SYSTEM32\USERENV.dll [fFlags=0x0]
25915b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\userenv.dll [avoiding WinVerifyTrust]
25925b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffef2430000 LB 0x0000a000 C:\WINDOWS\SYSTEM32\VERSION.dll [fFlags=0x0]
25935b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\version.dll [avoiding WinVerifyTrust]
25945b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffeeed20000 LB 0x00019000 C:\WINDOWS\SYSTEM32\NETAPI32.dll [fFlags=0x0]
25955b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\netapi32.dll [avoiding WinVerifyTrust]
25965b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffefc3a0000 LB 0x0009a000 C:\WINDOWS\System32\msvcp_win.dll [fFlags=0x0]
25975b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcp_win.dll [avoiding WinVerifyTrust]
25985b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffefba70000 LB 0x00026000 C:\WINDOWS\System32\win32u.dll [fFlags=0x0]
25995b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\win32u.dll [avoiding WinVerifyTrust]
26005b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffefc440000 LB 0x001ad000 C:\WINDOWS\System32\USER32.dll [fFlags=0x0]
26015b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffefbee0000 LB 0x00112000 C:\WINDOWS\System32\gdi32full.dll [fFlags=0x0]
26025b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
26035b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'gdi32.dll'.
26045b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'user32.dll'.
26055b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'win32u.dll'.
26065b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\gdi32full.dll)
26075b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\gdi32full.dll
26085b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffefdb50000 LB 0x00029000 C:\WINDOWS\System32\GDI32.dll [fFlags=0x0]
26095b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [avoiding WinVerifyTrust]
26105b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffefdc30000 LB 0x0038a000 C:\WINDOWS\System32\combase.dll [fFlags=0x0]
26115b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\combase.dll [avoiding WinVerifyTrust]
26125b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffefce80000 LB 0x0019c000 C:\WINDOWS\System32\ole32.dll [fFlags=0x0]
26135b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ole32.dll
26145b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffefd240000 LB 0x007ef000 C:\WINDOWS\System32\SHELL32.dll [fFlags=0x0]
26155b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\shell32.dll [avoiding WinVerifyTrust]
26165b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffef2440000 LB 0x00034000 C:\WINDOWS\SYSTEM32\WINMM.dll [fFlags=0x0]
26175b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\winmm.dll
26185b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffec98e0000 LB 0x00009000 C:\WINDOWS\SYSTEM32\MSVCP140_1.dll [fFlags=0x0]
26195b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcp140_1.dll [avoiding WinVerifyTrust]
26205b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffefa550000 LB 0x0000c000 C:\WINDOWS\SYSTEM32\NETUTILS.DLL [fFlags=0x0]
26215b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\netutils.dll [avoiding WinVerifyTrust]
26225b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffeeecf0000 LB 0x00028000 C:\WINDOWS\SYSTEM32\SRVCLI.DLL [fFlags=0x0]
26235b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\srvcli.dll [avoiding WinVerifyTrust]
26245b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffe6af50000 LB 0x005c6000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
26255b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
26265b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffef9190000 LB 0x000f7000 C:\WINDOWS\SYSTEM32\dxgi.dll [fFlags=0x0]
26275b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
26285b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffef7be0000 LB 0x00257000 C:\WINDOWS\SYSTEM32\d3d11.dll [fFlags=0x0]
26295b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\d3d11.dll [avoiding WinVerifyTrust]
26305b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffef9130000 LB 0x00036000 C:\WINDOWS\SYSTEM32\dxcore.dll [fFlags=0x0]
26315b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\DXCore.dll [avoiding WinVerifyTrust]
26325b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffeae650000 LB 0x0002d000 C:\WINDOWS\SYSTEM32\GLU32.dll [fFlags=0x0]
26335b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (22900) on \Device\HarddiskVolume5\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
26345b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffeaf100000 LB 0x00100000 C:\WINDOWS\SYSTEM32\OPENGL32.dll [fFlags=0x0]
26355b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (22900) on \Device\HarddiskVolume5\Windows\System32\opengl32.dll [avoiding WinVerifyTrust]
26365b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffe4a2f0000 LB 0x0067c000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
26375b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
26385b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffef9010000 LB 0x000ab000 C:\WINDOWS\SYSTEM32\UxTheme.dll [fFlags=0x0]
26395b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (22900) on \Device\HarddiskVolume5\Windows\System32\uxtheme.dll [avoiding WinVerifyTrust]
26405b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffef92a0000 LB 0x0002b000 C:\WINDOWS\SYSTEM32\dwmapi.dll [fFlags=0x0]
26415b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
26425b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffe6aa00000 LB 0x00541000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
26435b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
26445b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffecf570000 LB 0x00036000 C:\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll [fFlags=0x0]
26455b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (24202) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll [avoiding WinVerifyTrust]
26465b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffed37e0000 LB 0x0006a000 C:\Program Files\Oracle\VirtualBox\Qt5HelpVBox.dll [fFlags=0x0]
26475b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5HelpVBox.dll
26485b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffefc7d0000 LB 0x000d7000 C:\WINDOWS\System32\OLEAUT32.dll [fFlags=0x0]
26495b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\oleaut32.dll
26505b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffe4b040000 LB 0x01bd7000 C:\Program Files\Oracle\VirtualBox\UICommon.dll [fFlags=0x0]
26515b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\UICommon.dll
26525b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffec1560000 LB 0x00147000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll [fFlags=0x0]
26535b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
26545b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'win32u.dll'.
26555b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\imm32.dll)
26565b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\imm32.dll
26575b34.3c5c: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 00000000000005fc (hFile=00000000000005e0) with 0xc0000022 -> STATUS_TRUST_FAILURE
26585b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\imm32.dll'.
26595b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\imm32.dll' [rescheduled]
26605b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\gdi32full.dll'.
26615b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\gdi32full.dll' [rescheduled]
26625b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\srvcli.dll'.
26635b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\srvcli.dll' [rescheduled]
26645b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\DXCore.dll'.
26655b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\DXCore.dll' [rescheduled]
26665b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\netutils.dll'.
26675b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\netutils.dll' [rescheduled]
26685b34.3c5c: Detected loader lock ownership: rc=24202 '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll'.
26695b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll' [rescheduled]
26705b34.3c5c: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume5\Windows\System32\glu32.dll'.
26715b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\glu32.dll' [rescheduled]
26725b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\mpr.dll'.
26735b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\mpr.dll' [rescheduled]
26745b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\userenv.dll'.
26755b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\userenv.dll' [rescheduled]
26765b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\version.dll'.
26775b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\version.dll' [rescheduled]
26785b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\netapi32.dll'.
26795b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\netapi32.dll' [rescheduled]
26805b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\d3d11.dll'.
26815b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\d3d11.dll' [rescheduled]
26825b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\dxgi.dll'.
26835b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\dxgi.dll' [rescheduled]
26845b34.3c5c: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume5\Windows\System32\opengl32.dll'.
26855b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\opengl32.dll' [rescheduled]
26865b34.3c5c: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume5\Windows\System32\uxtheme.dll'.
26875b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\uxtheme.dll' [rescheduled]
26885b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\dwmapi.dll'.
26895b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\dwmapi.dll' [rescheduled]
26905b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\shell32.dll'.
26915b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\shell32.dll' [rescheduled]
26925b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\msvcp140_1.dll'.
26935b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\msvcp140_1.dll' [rescheduled]
26945b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\win32u.dll'.
26955b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\win32u.dll' [rescheduled]
26965b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\gdi32.dll'.
26975b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rescheduled]
26985b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll'.
26995b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll' [rescheduled]
27005b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\combase.dll'.
27015b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\combase.dll' [rescheduled]
27025b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\imm32.dll [redoing WinVerifyTrust]
27035b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\imm32.dll'.
27045b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume5\Windows\System32\imm32.dll
27055b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
27065b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume5\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
27075b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\win32u.dll [redoing WinVerifyTrust]
27085b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\win32u.dll'.
27095b34.3c5c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume5\Windows\System32\win32u.dll
27105b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
27115b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume5\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
27125b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\win32u.dll [redoing WinVerifyTrust]
27135b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\win32u.dll'.
27145b34.3c5c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume5\Windows\System32\win32u.dll
27155b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
27165b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
27175b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
27185b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
27195b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
27205b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\gdi32.dll'.
27215b34.3c5c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume5\Windows\System32\gdi32.dll
27225b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
27235b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
27245b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
27255b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll'.
27265b34.3c5c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume5\Windows\System32\msvcp_win.dll
27275b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
27285b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
27295b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
27305b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume5\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
27315b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\win32u.dll [redoing WinVerifyTrust]
27325b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\win32u.dll'.
27335b34.3c5c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume5\Windows\System32\win32u.dll
27345b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
27355b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
27365b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
27375b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll'.
27385b34.3c5c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume5\Windows\System32\msvcp_win.dll
27395b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
27405b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffefc5f0000 LB 0x00032000 C:\WINDOWS\System32\IMM32.DLL [fFlags=0x0]
27415b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
27425b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc5f0000 'C:\WINDOWS\system32\IMM32.DLL'
27435b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\imm32.dll'.
27445b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\imm32.dll' [rescheduled]
27455b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\gdi32full.dll'.
27465b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\gdi32full.dll' [rescheduled]
27475b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\srvcli.dll'.
27485b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\srvcli.dll' [rescheduled]
27495b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\DXCore.dll'.
27505b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\DXCore.dll' [rescheduled]
27515b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\netutils.dll'.
27525b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\netutils.dll' [rescheduled]
27535b34.3c5c: Detected loader lock ownership: rc=24202 '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll'.
27545b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll' [rescheduled]
27555b34.3c5c: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume5\Windows\System32\glu32.dll'.
27565b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\glu32.dll' [rescheduled]
27575b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\mpr.dll'.
27585b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\mpr.dll' [rescheduled]
27595b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\userenv.dll'.
27605b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\userenv.dll' [rescheduled]
27615b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\version.dll'.
27625b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\version.dll' [rescheduled]
27635b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\netapi32.dll'.
27645b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\netapi32.dll' [rescheduled]
27655b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\d3d11.dll'.
27665b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\d3d11.dll' [rescheduled]
27675b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\dxgi.dll'.
27685b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\dxgi.dll' [rescheduled]
27695b34.3c5c: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume5\Windows\System32\opengl32.dll'.
27705b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\opengl32.dll' [rescheduled]
27715b34.3c5c: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume5\Windows\System32\uxtheme.dll'.
27725b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\uxtheme.dll' [rescheduled]
27735b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\dwmapi.dll'.
27745b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\dwmapi.dll' [rescheduled]
27755b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\shell32.dll'.
27765b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\shell32.dll' [rescheduled]
27775b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\msvcp140_1.dll'.
27785b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\msvcp140_1.dll' [rescheduled]
27795b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\win32u.dll'.
27805b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\win32u.dll' [rescheduled]
27815b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\gdi32.dll'.
27825b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rescheduled]
27835b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll'.
27845b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll' [rescheduled]
27855b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\combase.dll'.
27865b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\combase.dll' [rescheduled]
27875b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\imm32.dll'.
27885b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\imm32.dll' [rescheduled]
27895b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\gdi32full.dll'.
27905b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\gdi32full.dll' [rescheduled]
27915b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\srvcli.dll'.
27925b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\srvcli.dll' [rescheduled]
27935b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\DXCore.dll'.
27945b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\DXCore.dll' [rescheduled]
27955b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\netutils.dll'.
27965b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\netutils.dll' [rescheduled]
27975b34.3c5c: Detected loader lock ownership: rc=24202 '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll'.
27985b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll' [rescheduled]
27995b34.3c5c: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume5\Windows\System32\glu32.dll'.
28005b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\glu32.dll' [rescheduled]
28015b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\mpr.dll'.
28025b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\mpr.dll' [rescheduled]
28035b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\userenv.dll'.
28045b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\userenv.dll' [rescheduled]
28055b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\version.dll'.
28065b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\version.dll' [rescheduled]
28075b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\netapi32.dll'.
28085b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\netapi32.dll' [rescheduled]
28095b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\d3d11.dll'.
28105b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\d3d11.dll' [rescheduled]
28115b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\dxgi.dll'.
28125b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\dxgi.dll' [rescheduled]
28135b34.3c5c: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume5\Windows\System32\opengl32.dll'.
28145b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\opengl32.dll' [rescheduled]
28155b34.3c5c: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume5\Windows\System32\uxtheme.dll'.
28165b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\uxtheme.dll' [rescheduled]
28175b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\dwmapi.dll'.
28185b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\dwmapi.dll' [rescheduled]
28195b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\shell32.dll'.
28205b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\shell32.dll' [rescheduled]
28215b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\msvcp140_1.dll'.
28225b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\msvcp140_1.dll' [rescheduled]
28235b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\win32u.dll'.
28245b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\win32u.dll' [rescheduled]
28255b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\gdi32.dll'.
28265b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rescheduled]
28275b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll'.
28285b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll' [rescheduled]
28295b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\combase.dll'.
28305b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\combase.dll' [rescheduled]
28315b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
28325b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\gdi32.dll'.
28335b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume5\Windows\System32\gdi32.dll
28345b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefdb50000 'C:\WINDOWS\System32\gdi32.dll'
28355b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\imm32.dll'.
28365b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\imm32.dll' [rescheduled]
28375b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\gdi32full.dll'.
28385b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\gdi32full.dll' [rescheduled]
28395b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\srvcli.dll'.
28405b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\srvcli.dll' [rescheduled]
28415b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\DXCore.dll'.
28425b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\DXCore.dll' [rescheduled]
28435b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\netutils.dll'.
28445b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\netutils.dll' [rescheduled]
28455b34.3c5c: Detected loader lock ownership: rc=24202 '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll'.
28465b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll' [rescheduled]
28475b34.3c5c: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume5\Windows\System32\glu32.dll'.
28485b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\glu32.dll' [rescheduled]
28495b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\mpr.dll'.
28505b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\mpr.dll' [rescheduled]
28515b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\userenv.dll'.
28525b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\userenv.dll' [rescheduled]
28535b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\version.dll'.
28545b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\version.dll' [rescheduled]
28555b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\netapi32.dll'.
28565b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\netapi32.dll' [rescheduled]
28575b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\d3d11.dll'.
28585b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\d3d11.dll' [rescheduled]
28595b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\dxgi.dll'.
28605b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\dxgi.dll' [rescheduled]
28615b34.3c5c: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume5\Windows\System32\opengl32.dll'.
28625b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\opengl32.dll' [rescheduled]
28635b34.3c5c: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume5\Windows\System32\uxtheme.dll'.
28645b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\uxtheme.dll' [rescheduled]
28655b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\dwmapi.dll'.
28665b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\dwmapi.dll' [rescheduled]
28675b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\shell32.dll'.
28685b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\shell32.dll' [rescheduled]
28695b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\msvcp140_1.dll'.
28705b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\msvcp140_1.dll' [rescheduled]
28715b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\win32u.dll'.
28725b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\win32u.dll' [rescheduled]
28735b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\gdi32.dll'.
28745b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rescheduled]
28755b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll'.
28765b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll' [rescheduled]
28775b34.3c5c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\combase.dll'.
28785b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\combase.dll' [rescheduled]
28795b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec1560000 'C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll'
28805b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
28815b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
28825b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\imm32.dll'
28835b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
28845b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
28855b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\gdi32full.dll'
28865b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
28875b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
28885b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\srvcli.dll'
28895b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
28905b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
28915b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\DXCore.dll'
28925b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
28935b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
28945b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\netutils.dll'
28955b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
28965b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
28975b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll'
28985b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000578 pwszName=\Device\HarddiskVolume5\Windows\System32\glu32.dll
28995b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000028f0f17c890
29005b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000028f0f17c890
29015b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=90E5915C85BB39788F4BE3CBB591FA675C8C60D0
29025b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
29035b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
29045b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0212~31bf3856ad364e35~amd64~~10.0.22621.963.cat'; file='\Device\HarddiskVolume5\Windows\System32\glu32.dll'
29055b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
29065b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\glu32.dll'
29075b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
29085b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
29095b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\mpr.dll'
29105b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
29115b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
29125b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\userenv.dll'
29135b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
29145b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
29155b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\version.dll'
29165b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
29175b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
29185b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\netapi32.dll'
29195b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
29205b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
29215b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\d3d11.dll'
29225b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
29235b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
29245b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\dxgi.dll'
29255b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000564 pwszName=\Device\HarddiskVolume5\Windows\System32\opengl32.dll
29265b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000028f0f17c890
29275b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000028f0f17c890
29285b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E2293C74D841AADEE2B956D4714194C9516162BC
29295b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
29305b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll
29315b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29325b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
29335b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0212~31bf3856ad364e35~amd64~~10.0.22621.963.cat'; file='\Device\HarddiskVolume5\Windows\System32\opengl32.dll'
29345b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
29355b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\opengl32.dll'
29365b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000544 pwszName=\Device\HarddiskVolume5\Windows\System32\uxtheme.dll
29375b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000028f0f17c890
29385b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000028f0f17c890
29395b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B43BFAB160EC86D109E40F8AF848FD34D92B7B32
29405b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
29415b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
29425b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05~31bf3856ad364e35~amd64~~10.0.22621.963.cat'; file='\Device\HarddiskVolume5\Windows\System32\uxtheme.dll'
29435b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
29445b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\uxtheme.dll'
29455b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
29465b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
29475b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\dwmapi.dll'
29485b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll
29495b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29505b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
29515b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
29525b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\shell32.dll'
29535b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
29545b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
29555b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\msvcp140_1.dll'
29565b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
29575b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
29585b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\win32u.dll'
29595b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
29605b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
29615b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\gdi32.dll'
29625b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
29635b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
29645b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll'
29655b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
29665b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
29675b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\combase.dll'
29685b34.3c5c: SUPR3HardenedMain: Calling TrustedMain (00007ffec1561c90)...
29695b34.3c5c: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\platforms\qwindows.dll: Signature #1/2: info status: 24202
29705b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
29715b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
29725b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'dwmapi.dll'.
29735b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'imm32.dll'.
29745b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'.
29755b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'wtsapi32.dll'.
29765b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
29775b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
29785b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
29795b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5guivbox.dll'.
29805b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5corevbox.dll'.
29815b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shell32.dll'.
29825b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'winmm.dll'.
29835b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp140.dll'.
29845b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'vcruntime140.dll'.
29855b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'vcruntime140_1.dll'.
29865b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
29875b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
29885b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
29895b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
29905b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
29915b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
29925b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
29935b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
29945b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcp140.dll
29955b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
29965b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume5\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
29975b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\winmm.dll
29985b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
29995b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume5\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
30005b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\shell32.dll
30015b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
30025b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
30035b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
30045b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
30055b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
30065b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
30075b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
30085b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
30095b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
30105b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
30115b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
30125b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ole32.dll
30135b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wtsapi32.dll'...
30145b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'wtsapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\wtsapi32.dll' [rcNtRedir=0xc0150008]
30155b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
30165b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
30175b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
30185b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\wtsapi32.dll) WinVerifyTrust
30195b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\wtsapi32.dll
30205b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
30215b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume5\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
30225b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\oleaut32.dll
30235b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
30245b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume5\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
30255b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\imm32.dll
30265b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
30275b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume5\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
30285b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\dwmapi.dll
30295b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
30305b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
30315b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30325b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
30335b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wtsapi32.dll
30345b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffef8f10000 LB 0x00014000 C:\WINDOWS\SYSTEM32\WTSAPI32.dll [fFlags=0x0]
30355b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wtsapi32.dll
30365b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffec3f20000 LB 0x00161000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
30375b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
30385b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec3f20000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
30395b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
30405b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'bcryptprimitives.dll'.
30415b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #51 'combase.dll'.
30425b34.3c5c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\rpcss.dll)
30435b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\rpcss.dll
30445b34.3c5c: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000000794 (hFile=0000000000000778) with 0xc0000022 -> STATUS_TRUST_FAILURE
30455b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000077c pwszName=\Device\HarddiskVolume5\Windows\System32\rpcss.dll
30465b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000028f0f17c890
30475b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000028f0f17c890
30485b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5C6DE3FB1F9610C9D381DB82B9E122F1B7CF8B65
30495b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
30505b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume5\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
30515b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\combase.dll
30525b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
30535b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume5\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
30545b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\bcryptprimitives.dll
30555b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
30565b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
30575b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
30585b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
30595b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05142030~31bf3856ad364e35~amd64~~10.0.22621.1192.cat'; file='\Device\HarddiskVolume5\Windows\System32\rpcss.dll'
30605b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
30615b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\rpcss.dll'
30625b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\uxtheme.dll
30635b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
30645b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef9010000 'C:\WINDOWS\system32\uxtheme.dll'
30655b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc440000 'C:\WINDOWS\system32\user32.dll'
30665b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
30675b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
30685b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
30695b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\SHCore.dll) WinVerifyTrust
30705b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\SHCore.dll
30715b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
30725b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
30735b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcp_win.dll
30745b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\SHCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30755b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffefe440000 LB 0x000f1000 C:\WINDOWS\System32\SHCore.dll [fFlags=0x0]
30765b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\SHCore.dll
30775b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe440000 'C:\WINDOWS\system32\SHCore.dll'
30785b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\shell32.dll
30795b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30805b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefd240000 'C:\WINDOWS\system32\shell32.dll'
30815b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'combase.dll'.
30825b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'msvcp_win.dll'.
30835b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\windows.storage.dll)
30845b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\windows.storage.dll
30855b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'combase.dll'.
30865b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\WinTypes.dll)
30875b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\WinTypes.dll
30885b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffef9900000 LB 0x0013e000 C:\WINDOWS\SYSTEM32\wintypes.dll [fFlags=0x0]
30895b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust]
30905b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffef9a40000 LB 0x008c8000 C:\WINDOWS\SYSTEM32\windows.storage.dll [fFlags=0x0]
30915b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\windows.storage.dll [avoiding WinVerifyTrust]
30925b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffefda30000 LB 0x0005e000 C:\WINDOWS\System32\shlwapi.dll [fFlags=0x0]
30935b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
30945b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\shlwapi.dll)
30955b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\shlwapi.dll
30965b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
30975b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\powrprof.dll)
30985b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\powrprof.dll
30995b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffefb350000 LB 0x0004d000 C:\WINDOWS\SYSTEM32\powrprof.dll [fFlags=0x0]
31005b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\powrprof.dll [avoiding WinVerifyTrust]
31015b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\umpdc.dll)
31025b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\umpdc.dll
31035b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffefb330000 LB 0x00013000 C:\WINDOWS\SYSTEM32\UMPDC.dll [fFlags=0x0]
31045b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\umpdc.dll [avoiding WinVerifyTrust]
31055b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
31065b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
31075b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
31085b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
31095b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
31105b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume5\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
31115b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\combase.dll
31125b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
31135b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
31145b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
31155b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume5\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
31165b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\combase.dll
31175b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
31185b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
31195b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\umpdc.dll'
31205b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
31215b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
31225b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\powrprof.dll'
31235b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
31245b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
31255b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\shlwapi.dll'
31265b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
31275b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
31285b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\WinTypes.dll'
31295b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
31305b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
31315b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\windows.storage.dll'
31325b34.3c5c: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\styles\qwindowsvistastyle.dll: Signature #1/2: info status: 24202
31335b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
31345b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
31355b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
31365b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
31375b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
31385b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'uxtheme.dll'.
31395b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
31405b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
31415b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'vcruntime140.dll'.
31425b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'vcruntime140_1.dll'.
31435b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\styles\qwindowsvistastyle.dll) WinVerifyTrust
31445b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\styles\qwindowsvistastyle.dll
31455b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
31465b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
31475b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
31485b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
31495b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\vcruntime140.dll
31505b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
31515b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
31525b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
31535b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
31545b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uxtheme.dll'...
31555b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'uxtheme.dll' -> '\Device\HarddiskVolume5\Windows\System32\uxtheme.dll' [rcNtRedir=0xc0150008]
31565b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\uxtheme.dll
31575b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
31585b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
31595b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
31605b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
31615b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
31625b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
31635b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
31645b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
31655b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\styles\qwindowsvistastyle.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
31665b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\styles\qwindowsvistastyle.dll
31675b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffee47c0000 LB 0x00026000 C:\Program Files\Oracle\VirtualBox\styles\qwindowsvistastyle.dll [fFlags=0x0]
31685b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\styles\qwindowsvistastyle.dll
31695b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffee47c0000 'C:\Program Files\Oracle\VirtualBox\styles\qwindowsvistastyle.dll'
31705b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
31715b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
31725b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
31735b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'gdi32.dll'.
31745b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'user32.dll'.
31755b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.608_none_a9444ca7c10bb01d\comctl32.dll) WinVerifyTrust
31765b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.608_none_a9444ca7c10bb01d\comctl32.dll
31775b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
31785b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
31795b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll
31805b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
31815b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
31825b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
31835b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
31845b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.608_none_a9444ca7c10bb01d\comctl32.dll (Input=comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000004001:<flags> [calling]
31855b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.608_none_a9444ca7c10bb01d\comctl32.dll
31865b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffede080000 LB 0x0028e000 C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.608_none_a9444ca7c10bb01d\comctl32.dll [fFlags=0x0]
31875b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.608_none_a9444ca7c10bb01d\comctl32.dll
31885b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffede080000 'C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.608_none_a9444ca7c10bb01d\comctl32.dll'
31895b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.608_none_a9444ca7c10bb01d\comctl32.dll
31905b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.608_none_a9444ca7c10bb01d\comctl32.dll (Input=comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000004001:<flags> [calling]
31915b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffede080000 'C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.608_none_a9444ca7c10bb01d\comctl32.dll'
31925b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\WindowsCodecs.dll)
31935b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\WindowsCodecs.dll
31945b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffef77c0000 LB 0x001b0000 C:\WINDOWS\SYSTEM32\WindowsCodecs.dll [fFlags=0x0]
31955b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\WindowsCodecs.dll [avoiding WinVerifyTrust]
31965b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffefda90000 LB 0x000b0000 C:\WINDOWS\System32\clbcatq.dll [fFlags=0x0]
31975b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
31985b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
31995b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\clbcatq.dll)
32005b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\clbcatq.dll
32015b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
32025b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
32035b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
32045b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
32055b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
32065b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
32075b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\clbcatq.dll'
32085b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
32095b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
32105b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\WindowsCodecs.dll'
32115b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
32125b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
32135b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'msvcp_win.dll'.
32145b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\thumbcache.dll) WinVerifyTrust
32155b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\thumbcache.dll
32165b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
32175b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
32185b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\thumbcache.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
32195b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\thumbcache.dll
32205b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffebca70000 LB 0x0006e000 C:\Windows\System32\thumbcache.dll [fFlags=0x0]
32215b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\thumbcache.dll
32225b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebca70000 'C:\Windows\System32\thumbcache.dll'
32235b34.3c5c: '\Device\HarddiskVolume5\Windows\System32\imageres.dll' has no imports
32245b34.3c5c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\imageres.dll)
32255b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\imageres.dll
32265b34.3c5c: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 000000000000055c (hFile=00000000000005a0) with 0xc0000022 -> STATUS_TRUST_FAILURE
32275b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp110_win.dll'.
32285b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
32295b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\policymanager.dll)
32305b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\policymanager.dll
32315b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
32325b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\msvcp110_win.dll)
32335b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\msvcp110_win.dll
32345b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffef6a20000 LB 0x00093000 C:\WINDOWS\SYSTEM32\msvcp110_win.dll [fFlags=0x0]
32355b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcp110_win.dll [avoiding WinVerifyTrust]
32365b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffef6ce0000 LB 0x000a5000 C:\WINDOWS\SYSTEM32\policymanager.dll [fFlags=0x0]
32375b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\policymanager.dll [avoiding WinVerifyTrust]
32385b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
32395b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
32405b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
32415b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
32425b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp110_win.dll'...
32435b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp110_win.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp110_win.dll' [rcNtRedir=0xc0150008]
32445b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcp110_win.dll [lacks WinVerifyTrust]
32455b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
32465b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
32475b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\msvcp110_win.dll'
32485b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
32495b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
32505b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\policymanager.dll'
32515b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000059c pwszName=\Device\HarddiskVolume5\Windows\System32\imageres.dll
32525b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000028f0f17c890
32535b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000028f0f17c890
32545b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=661E607E0978A06F038FD2BBB20780B3AE60E1A2
32555b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
32565b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
32575b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.22621.963.cat'; file='\Device\HarddiskVolume5\Windows\System32\imageres.dll'
32585b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
32595b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\imageres.dll'
32605b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\WindowsCodecs.dll
32615b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\windowscodecs.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
32625b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef77c0000 'C:\WINDOWS\system32\windowscodecs.dll'
32635b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\imageres.dll
32645b34.3c5c: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000000848 (hFile=0000000000000818) with 0xc0000022 -> STATUS_TRUST_FAILURE
32655b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\imageres.dll
32665b34.3c5c: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000000820 (hFile=0000000000000860) with 0xc0000022 -> STATUS_TRUST_FAILURE
32675b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\imageres.dll
32685b34.3c5c: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000000820 (hFile=00000000000005b0) with 0xc0000022 -> STATUS_TRUST_FAILURE
32695b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcss.dll
32705b34.3c5c: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000000854 (hFile=0000000000000848) with 0xc0000022 -> STATUS_TRUST_FAILURE
32715b34.552c: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxC.dll: Signature #1/2: info status: 24202
32725b34.552c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
32735b34.552c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
32745b34.552c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.
32755b34.552c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140_1.dll'.
32765b34.552c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp140.dll'.
32775b34.552c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
32785b34.552c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'advapi32.dll'.
32795b34.552c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'ole32.dll'.
32805b34.552c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'oleaut32.dll'.
32815b34.552c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
32825b34.552c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxC.dll
32835b34.552c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
32845b34.552c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume5\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
32855b34.552c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\oleaut32.dll
32865b34.552c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
32875b34.552c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
32885b34.552c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ole32.dll
32895b34.552c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
32905b34.552c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
32915b34.552c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll
32925b34.552c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
32935b34.552c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
32945b34.552c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
32955b34.552c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
32965b34.552c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
32975b34.552c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
32985b34.552c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
32995b34.552c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
33005b34.552c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
33015b34.552c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxC.dll
33025b34.552c: supR3HardenedDllNotificationCallback: load 00007ffe6b870000 LB 0x003da000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
33035b34.552c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxC.dll
33045b34.552c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe6b870000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
33055b34.552c: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll: Signature #1/2: info status: 24202
33065b34.552c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
33075b34.552c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
33085b34.552c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.
33095b34.552c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
33105b34.552c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
33115b34.552c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'shlwapi.dll'.
33125b34.552c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'.
33135b34.552c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
33145b34.552c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
33155b34.552c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
33165b34.552c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
33175b34.552c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
33185b34.552c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
33195b34.552c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
33205b34.552c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume5\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
33215b34.552c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\oleaut32.dll
33225b34.552c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
33235b34.552c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
33245b34.552c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
33255b34.552c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume5\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
33265b34.552c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\shlwapi.dll
33275b34.552c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
33285b34.552c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
33295b34.552c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll
33305b34.552c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
33315b34.552c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
33325b34.552c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
33335b34.552c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
33345b34.552c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
33355b34.552c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
33365b34.552c: supR3HardenedDllNotificationCallback: load 00007ffec3e40000 LB 0x000db000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
33375b34.552c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
33385b34.552c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec3e40000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
33395b34.552c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\oleaut32.dll
33405b34.552c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
33415b34.552c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc7d0000 'C:\Windows\System32\oleaut32.dll'
33425b34.14c: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxVMM.dll: Signature #1/2: info status: 24202
33435b34.14c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
33445b34.14c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
33455b34.14c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.
33465b34.14c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140_1.dll'.
33475b34.14c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
33485b34.14c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
33495b34.14c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxVMM.dll
33505b34.14c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
33515b34.14c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
33525b34.14c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
33535b34.14c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
33545b34.14c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
33555b34.14c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
33565b34.14c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33575b34.14c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxVMM.dll
33585b34.14c: supR3HardenedDllNotificationCallback: load 00007ffe49e10000 LB 0x004d7000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
33595b34.14c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxVMM.dll
33605b34.14c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe49e10000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
33615b34.3c5c: '\Device\HarddiskVolume5\Windows\System32\tzres.dll' has no imports
33625b34.3c5c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\tzres.dll)
33635b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\tzres.dll
33645b34.3c5c: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000000abc (hFile=0000000000000ab4) with 0xc0000022 -> STATUS_TRUST_FAILURE
33655b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (22900) on \Device\HarddiskVolume5\Windows\System32\tzres.dll [avoiding WinVerifyTrust]
33665b34.3c5c: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000000ab4 (hFile=0000000000000abc) with 0xc0000022 -> STATUS_TRUST_FAILURE
33675b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ab8 pwszName=\Device\HarddiskVolume5\Windows\System32\tzres.dll
33685b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000028f0f17c890
33695b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000028f0f17c890
33705b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E31DC496D18BBBE27DD43F467BAE80F7D7C52B3B
33715b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
33725b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
33735b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package051420~31bf3856ad364e35~amd64~~10.0.22621.963.cat'; file='\Device\HarddiskVolume5\Windows\System32\tzres.dll'
33745b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
33755b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\tzres.dll'
33765b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ae0 pwszName=\Device\HarddiskVolume5\Windows\System32\DWrite.dll
33775b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000028f0f17c890
33785b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000028f0f17c890
33795b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=13FB92B56B737E58C3DD8B51112F161C2EC4F1EE
33805b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
33815b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
33825b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package051021~31bf3856ad364e35~amd64~~10.0.22621.963.cat'; file='\Device\HarddiskVolume5\Windows\System32\DWrite.dll'
33835b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
33845b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
33855b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
33865b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\DWrite.dll) WinVerifyTrust
33875b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\DWrite.dll
33885b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
33895b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
33905b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll
33915b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
33925b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
33935b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll
33945b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dwrite.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33955b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\DWrite.dll
33965b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffef7970000 LB 0x00267000 C:\WINDOWS\system32\dwrite.dll [fFlags=0x0]
33975b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\DWrite.dll
33985b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef7970000 'C:\WINDOWS\system32\dwrite.dll'
33995b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll
34005b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\gdi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
34015b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefdb50000 'C:\WINDOWS\system32\gdi32.dll'
34025b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
34035b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
34045b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
34055b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
34065b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'win32u.dll'.
34075b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
34085b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'dwmapi.dll'.
34095b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\d3d9.dll) WinVerifyTrust
34105b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\d3d9.dll
34115b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
34125b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume5\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
34135b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\dwmapi.dll
34145b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
34155b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
34165b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
34175b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume5\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
34185b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
34195b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
34205b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
34215b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
34225b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\d3d9.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
34235b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\d3d9.dll
34245b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffea3a60000 LB 0x001a9000 C:\WINDOWS\system32\d3d9.dll [fFlags=0x0]
34255b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\d3d9.dll
34265b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffea3a60000 'C:\WINDOWS\system32\d3d9.dll'
34275b34.3c5c: \Device\HarddiskVolume5\Windows\System32\DriverStore\FileRepository\u0386340.inf_amd64_0602655639c1eef7\B386338\aticfx64.dll: Signature #1/3: info status: 24202
34285b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
34295b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
34305b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
34315b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
34325b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
34335b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'version.dll'.
34345b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
34355b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\DriverStore\FileRepository\u0386340.inf_amd64_0602655639c1eef7\B386338\aticfx64.dll) WinVerifyTrust
34365b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\DriverStore\FileRepository\u0386340.inf_amd64_0602655639c1eef7\B386338\aticfx64.dll
34375b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
34385b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume5\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
34395b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\winmm.dll
34405b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
34415b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume5\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
34425b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\version.dll
34435b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
34445b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
34455b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll
34465b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
34475b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
34485b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\u0386340.inf_amd64_0602655639c1eef7\B386338\aticfx64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
34495b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\DriverStore\FileRepository\u0386340.inf_amd64_0602655639c1eef7\B386338\aticfx64.dll
34505b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffef2480000 LB 0x001bb000 C:\WINDOWS\System32\DriverStore\FileRepository\u0386340.inf_amd64_0602655639c1eef7\B386338\aticfx64.dll [fFlags=0x0]
34515b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\DriverStore\FileRepository\u0386340.inf_amd64_0602655639c1eef7\B386338\aticfx64.dll
34525b34.3c5c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
34535b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
34545b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc000000 'api-ms-win-core-synch-l1-2-0'
34555b34.3c5c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
34565b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
34575b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc000000 'api-ms-win-core-fibers-l1-1-1'
34585b34.3c5c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
34595b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
34605b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc000000 'api-ms-win-core-synch-l1-2-0'
34615b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kernel32.dll
34625b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
34635b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc680000 'C:\WINDOWS\System32\kernel32.dll'
34645b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef2480000 'C:\WINDOWS\System32\DriverStore\FileRepository\u0386340.inf_amd64_0602655639c1eef7\B386338\aticfx64.dll'
34655b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\dwmapi.dll
34665b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
34675b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef92a0000 'C:\WINDOWS\System32\dwmapi.dll'
34685b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
34695b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
34705b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
34715b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
34725b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
34735b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
34745b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'setupapi.dll'.
34755b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\DriverStore\FileRepository\u0386340.inf_amd64_0602655639c1eef7\B386338\amdxn64.dll) WinVerifyTrust
34765b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\DriverStore\FileRepository\u0386340.inf_amd64_0602655639c1eef7\B386338\amdxn64.dll
34775b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
34785b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume5\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
34795b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
34805b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
34815b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
34825b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\setupapi.dll) WinVerifyTrust
34835b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\setupapi.dll
34845b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
34855b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume5\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
34865b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\winmm.dll
34875b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
34885b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
34895b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll
34905b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
34915b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
34925b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
34935b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
34945b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
34955b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
34965b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\u0386340.inf_amd64_0602655639c1eef7\B386338\amdxn64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
34975b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\DriverStore\FileRepository\u0386340.inf_amd64_0602655639c1eef7\B386338\amdxn64.dll
34985b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffefdfc0000 LB 0x0047a000 C:\WINDOWS\System32\SETUPAPI.dll [fFlags=0x0]
34995b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\setupapi.dll
35005b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffe95190000 LB 0x01dcf000 C:\WINDOWS\System32\DriverStore\FileRepository\u0386340.inf_amd64_0602655639c1eef7\B386338\amdxn64.dll [fFlags=0x0]
35015b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\DriverStore\FileRepository\u0386340.inf_amd64_0602655639c1eef7\B386338\amdxn64.dll
35025b34.3c5c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
35035b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
35045b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc000000 'api-ms-win-core-synch-l1-2-0'
35055b34.3c5c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
35065b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
35075b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc000000 'api-ms-win-core-fibers-l1-1-1'
35085b34.3c5c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
35095b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
35105b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc000000 'api-ms-win-core-synch-l1-2-0'
35115b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kernel32.dll
35125b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
35135b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc680000 'C:\WINDOWS\System32\kernel32.dll'
35145b34.3c5c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
35155b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
35165b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc000000 'api-ms-win-core-string-l1-1-0'
35175b34.3c5c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
35185b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
35195b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc000000 'api-ms-win-core-localization-l1-2-1'
35205b34.3c5c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
35215b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
35225b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc000000 'api-ms-win-core-datetime-l1-1-1'
35235b34.3c5c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
35245b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
35255b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc000000 'api-ms-win-core-localization-obsolete-l1-2-0'
35265b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe95190000 'C:\WINDOWS\System32\DriverStore\FileRepository\u0386340.inf_amd64_0602655639c1eef7\B386338\amdxn64.dll'
35275b34.3c5c: \Device\HarddiskVolume5\Windows\System32\amdihk64.dll: Owner is administrators group.
35285b34.3c5c: \Device\HarddiskVolume5\Windows\System32\amdihk64.dll: Signature #1/3: info status: 24202
35295b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
35305b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
35315b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
35325b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'shlwapi.dll'.
35335b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
35345b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
35355b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\amdihk64.dll) WinVerifyTrust
35365b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\amdihk64.dll
35375b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
35385b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
35395b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
35405b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
35415b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
35425b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume5\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
35435b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\shlwapi.dll
35445b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\amdihk64.dll (Input=amdihk64.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
35455b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\amdihk64.dll
35465b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffef0250000 LB 0x00035000 C:\WINDOWS\System32\amdihk64.dll [fFlags=0x0]
35475b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\amdihk64.dll
35485b34.3c5c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
35495b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
35505b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc000000 'api-ms-win-core-synch-l1-2-0'
35515b34.3c5c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
35525b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
35535b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc000000 'api-ms-win-core-fibers-l1-1-1'
35545b34.3c5c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
35555b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
35565b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc000000 'api-ms-win-core-synch-l1-2-0'
35575b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kernel32.dll
35585b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
35595b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc680000 'C:\WINDOWS\System32\kernel32.dll'
35605b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef0250000 'C:\WINDOWS\System32\amdihk64.dll'
35615b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcp_win.dll'.
35625b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\directxdatabasehelper.dll)
35635b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\directxdatabasehelper.dll
35645b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffef60a0000 LB 0x00049000 C:\WINDOWS\SYSTEM32\directxdatabasehelper.dll [fFlags=0x0]
35655b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\directxdatabasehelper.dll [avoiding WinVerifyTrust]
35665b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
35675b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
35685b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
35695b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
35705b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\directxdatabasehelper.dll'
35715b34.3c5c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-core-resourcepolicy-l1-1-0.dll) -> 0x0, fPresent=1
35725b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-core-resourcepolicy-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
35735b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
35745b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
35755b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\ResourcePolicyClient.dll)
35765b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\ResourcePolicyClient.dll
35775b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffef95e0000 LB 0x00015000 C:\WINDOWS\SYSTEM32\resourcepolicyclient.dll [fFlags=0x0]
35785b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ResourcePolicyClient.dll [avoiding WinVerifyTrust]
35795b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef95e0000 'ext-ms-win-core-resourcepolicy-l1-1-0.dll'
35805b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
35815b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
35825b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
35835b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
35845b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
35855b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
35865b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\ResourcePolicyClient.dll'
35875b34.3c5c: supR3HardenedDllNotificationCallback: Unload 00007ffef95e0000 LB 0x00015000 C:\WINDOWS\SYSTEM32\resourcepolicyclient.dll [flags=0x0]
35885b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefdb50000 'C:\WINDOWS\System32\gdi32.dll'
35895b34.3c5c: supR3HardenedDllNotificationCallback: Unload 00007ffef0250000 LB 0x00035000 C:\WINDOWS\System32\amdihk64.dll [flags=0x0]
35905b34.3c5c: supR3HardenedDllNotificationCallback: Unload 00007ffe95190000 LB 0x01dcf000 C:\WINDOWS\System32\DriverStore\FileRepository\u0386340.inf_amd64_0602655639c1eef7\B386338\amdxn64.dll [flags=0x0]
35915b34.3c5c: supR3HardenedDllNotificationCallback: Unload 00007ffefdfc0000 LB 0x0047a000 C:\WINDOWS\System32\SETUPAPI.dll [flags=0x0]
35925b34.3c5c: supR3HardenedDllNotificationCallback: Unload 00007ffef2480000 LB 0x001bb000 C:\WINDOWS\System32\DriverStore\FileRepository\u0386340.inf_amd64_0602655639c1eef7\B386338\aticfx64.dll [flags=0x0]
35935b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffefd030000 LB 0x0011e000 C:\WINDOWS\System32\MSCTF.dll [fFlags=0x0]
35945b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
35955b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\msctf.dll)
35965b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\msctf.dll
35975b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
35985b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
35995b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
36005b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
36015b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\msctf.dll'
36025b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b5c pwszName=\Device\HarddiskVolume5\Windows\System32\DataExchange.dll
36035b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000028f0f17c890
36045b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000028f0f17c890
36055b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CD74172D15559A8393DD6375D3980EF0BC7F4896
36065b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
36075b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
36085b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package051020~31bf3856ad364e35~amd64~~10.0.22621.963.cat'; file='\Device\HarddiskVolume5\Windows\System32\DataExchange.dll'
36095b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
36105b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'msvcp_win.dll'.
36115b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\DataExchange.dll) WinVerifyTrust
36125b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\DataExchange.dll
36135b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
36145b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
36155b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
36165b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\DataExchange.dll
36175b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffebd440000 LB 0x0005e000 C:\WINDOWS\system32\dataexchange.dll [fFlags=0x0]
36185b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\DataExchange.dll
36195b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebd440000 'C:\WINDOWS\system32\dataexchange.dll'
36205b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'combase.dll'.
36215b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #41 'msvcp_win.dll'.
36225b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\twinapi.appcore.dll)
36235b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\twinapi.appcore.dll
36245b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffef2eb0000 LB 0x0026a000 C:\WINDOWS\system32\twinapi.appcore.dll [fFlags=0x0]
36255b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust]
36265b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
36275b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
36285b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
36295b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume5\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
36305b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\combase.dll
36315b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
36325b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
36335b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\twinapi.appcore.dll'
36345b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\SHCore.dll
36355b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Shcore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
36365b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe440000 'C:\WINDOWS\system32\Shcore.dll'
36375b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
36385b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
36395b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
36405b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\TextInputFramework.dll)
36415b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\TextInputFramework.dll
36425b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffeef0e0000 LB 0x0012d000 C:\WINDOWS\SYSTEM32\textinputframework.dll [fFlags=0x0]
36435b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\TextInputFramework.dll [avoiding WinVerifyTrust]
36445b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
36455b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
36465b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
36475b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume5\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
36485b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\oleaut32.dll
36495b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
36505b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
36515b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
36525b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
36535b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\TextInputFramework.dll'
36545b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefce80000 'C:\WINDOWS\System32\ole32.dll'
36555b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\oleaut32.dll
36565b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
36575b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc7d0000 'C:\WINDOWS\System32\OLEAUT32.dll'
36585b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bd0 pwszName=\Device\HarddiskVolume5\Windows\System32\wbem\wbemprox.dll
36595b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000028f0f17c890
36605b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000028f0f17c890
36615b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=79FFC2BD644B57D7CA8615216116CAFF7BB202DF
36625b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
36635b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
36645b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.22621.963.cat'; file='\Device\HarddiskVolume5\Windows\System32\wbem\wbemprox.dll'
36655b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
36665b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
36675b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'wbemcomn.dll'.
36685b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
36695b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\wbem\wbemprox.dll
36705b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
36715b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume5\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
36725b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000be8 pwszName=\Device\HarddiskVolume5\Windows\System32\wbemcomn.dll
36735b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000028f0f17c890
36745b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000028f0f17c890
36755b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E3C24DA357936B83C408A2C99BB0510A23847A80
36765b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
36775b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
36785b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.22621.963.cat'; file='\Device\HarddiskVolume5\Windows\System32\wbemcomn.dll'
36795b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
36805b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
36815b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\wbemcomn.dll) WinVerifyTrust
36825b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\wbemcomn.dll
36835b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
36845b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
36855b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
36865b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
36875b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
36885b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wbem\wbemprox.dll
36895b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wbemcomn.dll
36905b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffee9c80000 LB 0x00080000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [fFlags=0x0]
36915b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wbemcomn.dll
36925b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffee68f0000 LB 0x00010000 C:\WINDOWS\system32\wbem\wbemprox.dll [fFlags=0x0]
36935b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wbem\wbemprox.dll
36945b34.3c5c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(API-MS-Win-Core-LocalRegistry-L1-1-0.dll) -> 0x0, fPresent=1
36955b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
36965b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc000000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
36975b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffee68f0000 'C:\WINDOWS\system32\wbem\wbemprox.dll'
36985b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bec pwszName=\Device\HarddiskVolume5\Windows\System32\wbem\wbemsvc.dll
36995b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000028f0f17c890
37005b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000028f0f17c890
37015b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=66D41A3156780ABDF91F20104ADE7523819524FC
37025b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
37035b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
37045b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.22621.963.cat'; file='\Device\HarddiskVolume5\Windows\System32\wbem\wbemsvc.dll'
37055b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
37065b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
37075b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
37085b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
37095b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\wbem\wbemsvc.dll
37105b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
37115b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
37125b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
37135b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
37145b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
37155b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wbem\wbemsvc.dll
37165b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffee8e30000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [fFlags=0x0]
37175b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wbem\wbemsvc.dll
37185b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffee8e30000 'C:\WINDOWS\system32\wbem\wbemsvc.dll'
37195b34.3c5c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-0.dll) -> 0x0, fPresent=1
37205b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
37215b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc000000 'api-ms-win-core-localization-l1-2-0.dll'
37225b34.3c5c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-1-0.dll) -> 0x0, fPresent=1
37235b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
37245b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc000000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
37255b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c14 pwszName=\Device\HarddiskVolume5\Windows\System32\wbem\fastprox.dll
37265b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000028f0f17c890
37275b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000028f0f17c890
37285b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=45A53B64D62558384F329921CF2731D0FA6A5EC5
37295b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
37305b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
37315b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.22621.963.cat'; file='\Device\HarddiskVolume5\Windows\System32\wbem\fastprox.dll'
37325b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
37335b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
37345b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'wbemcomn.dll'.
37355b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
37365b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\wbem\fastprox.dll
37375b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
37385b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume5\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
37395b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wbemcomn.dll
37405b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
37415b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
37425b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
37435b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wbem\fastprox.dll
37445b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffee8f20000 LB 0x000f8000 C:\WINDOWS\system32\wbem\fastprox.dll [fFlags=0x0]
37455b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wbem\fastprox.dll
37465b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffee8f20000 'C:\WINDOWS\system32\wbem\fastprox.dll'
37475b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c24 pwszName=\Device\HarddiskVolume5\Windows\System32\amsi.dll
37485b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000028f0f17c890
37495b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000028f0f17c890
37505b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=47FCE31AAF860A9E41EB3F3CBC4C21B1C3487C05
37515b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
37525b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
37535b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05~31bf3856ad364e35~amd64~~10.0.22621.963.cat'; file='\Device\HarddiskVolume5\Windows\System32\amsi.dll'
37545b34.3c5c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
37555b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
37565b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
37575b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\amsi.dll) WinVerifyTrust
37585b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\amsi.dll
37595b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
37605b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
37615b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
37625b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
37635b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\amsi.dll (Input=amsi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
37645b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\amsi.dll
37655b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffee7d50000 LB 0x0001d000 C:\WINDOWS\System32\amsi.dll [fFlags=0x0]
37665b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\amsi.dll
37675b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffee7d50000 'C:\WINDOWS\System32\amsi.dll'
37685b34.3c5c: supHardenedWinVerifyImageByHandle: -> -621 (\Device\HarddiskVolume5\Program Files\Avast Software\Avast\aswAMSI.dll)
37695b34.3c5c: Error (rc=0):
37705b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: rc=-621 fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume5\Program Files\Avast Software\Avast\aswAMSI.dll: Cert at 0x2930 LB 0x2950: Bad header length value: 0x0
37715b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Avast Software\Avast\aswAMSI.dll
37725b34.3c5c: Error (rc=0):
37735b34.3c5c: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\Avast Software\Avast\aswAMSI.dll' (C:\Program Files\Avast Software\Avast\aswAMSI.dll): rcNt=0xc0000190
37745b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\Avast Software\Avast\aswAMSI.dll'
37755b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (-621) on \Device\HarddiskVolume5\Program Files\Avast Software\Avast\aswAMSI.dll [lacks WinVerifyTrust]
37765b34.3c5c: Error (rc=0):
37775b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cached rc=-621 fImage=1 fProtect=0x0 fAccess=0x0 cHits=1 \Device\HarddiskVolume5\Program Files\Avast Software\Avast\aswAMSI.dll
37785b34.3c5c: Error (rc=0):
37795b34.3c5c: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\Avast Software\Avast\aswAMSI.dll' (C:\Program Files\Avast Software\Avast\aswAMSI.dll): rcNt=0xc0000190
37805b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\Avast Software\Avast\aswAMSI.dll'
37815b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (-621) on \Device\HarddiskVolume5\Program Files\Avast Software\Avast\aswAMSI.dll [lacks WinVerifyTrust]
37825b34.3c5c: Error (rc=0):
37835b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cached rc=-621 fImage=1 fProtect=0x0 fAccess=0x0 cHits=2 \Device\HarddiskVolume5\Program Files\Avast Software\Avast\aswAMSI.dll
37845b34.3c5c: Error (rc=0):
37855b34.3c5c: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\Avast Software\Avast\aswAMSI.dll' (C:\Program Files\Avast Software\Avast\aswAMSI.dll): rcNt=0xc0000190
37865b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\Avast Software\Avast\aswAMSI.dll'
37875b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (-621) on \Device\HarddiskVolume5\Program Files\Avast Software\Avast\aswAMSI.dll [lacks WinVerifyTrust]
37885b34.3c5c: Error (rc=0):
37895b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cached rc=-621 fImage=1 fProtect=0x0 fAccess=0x0 cHits=3 \Device\HarddiskVolume5\Program Files\Avast Software\Avast\aswAMSI.dll
37905b34.3c5c: Error (rc=0):
37915b34.3c5c: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\Avast Software\Avast\aswAMSI.dll' (C:\Program Files\Avast Software\Avast\aswAMSI.dll): rcNt=0xc0000190
37925b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\Avast Software\Avast\aswAMSI.dll'
37935b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (-621) on \Device\HarddiskVolume5\Program Files\Avast Software\Avast\aswAMSI.dll [lacks WinVerifyTrust]
37945b34.3c5c: Error (rc=0):
37955b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cached rc=-621 fImage=1 fProtect=0x0 fAccess=0x0 cHits=4 \Device\HarddiskVolume5\Program Files\Avast Software\Avast\aswAMSI.dll
37965b34.3c5c: Error (rc=0):
37975b34.3c5c: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\Avast Software\Avast\aswAMSI.dll' (C:\Program Files\Avast Software\Avast\aswAMSI.dll): rcNt=0xc0000190
37985b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\Avast Software\Avast\aswAMSI.dll'
37995b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (-621) on \Device\HarddiskVolume5\Program Files\Avast Software\Avast\aswAMSI.dll [lacks WinVerifyTrust]
38005b34.3c5c: Error (rc=0):
38015b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cached rc=-621 fImage=1 fProtect=0x0 fAccess=0x0 cHits=5 \Device\HarddiskVolume5\Program Files\Avast Software\Avast\aswAMSI.dll
38025b34.3c5c: Error (rc=0):
38035b34.3c5c: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\Avast Software\Avast\aswAMSI.dll' (C:\Program Files\Avast Software\Avast\aswAMSI.dll): rcNt=0xc0000190
38045b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\Avast Software\Avast\aswAMSI.dll'
38055b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefdb80000 'C:\WINDOWS\System32\ADVAPI32.dll'
38065b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefce80000 'C:\WINDOWS\system32\ole32.dll'
38075b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
38085b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
38095b34.5ff4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000010e4 pwszName=\Device\HarddiskVolume5\Windows\System32\NetSetupShim.dll
38105b34.5ff4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000028f0f17c890
38115b34.5ff4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000028f0f17c890
38125b34.5ff4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D905C68C5870D95364F15D4C9A38827EC80CDD75
38135b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
38145b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
38155b34.5ff4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05111~31bf3856ad364e35~amd64~~10.0.22621.900.cat'; file='\Device\HarddiskVolume5\Windows\System32\NetSetupShim.dll'
38165b34.5ff4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
38175b34.5ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
38185b34.5ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'rpcrt4.dll'.
38195b34.5ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'oleaut32.dll'.
38205b34.5ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'ws2_32.dll'.
38215b34.5ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'netsetupapi.dll'.
38225b34.5ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'setupapi.dll'.
38235b34.5ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'devrtl.dll'.
38245b34.5ff4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\NetSetupShim.dll) WinVerifyTrust
38255b34.5ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\NetSetupShim.dll
38265b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devrtl.dll'...
38275b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'devrtl.dll' -> '\Device\HarddiskVolume5\Windows\System32\devrtl.dll' [rcNtRedir=0xc0150008]
38285b34.5ff4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000012f8 pwszName=\Device\HarddiskVolume5\Windows\System32\devrtl.dll
38295b34.5ff4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000028f0f17c890
38305b34.5ff4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000028f0f17c890
38315b34.5ff4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2337E1E106C9DD265E7E574236C7277C6E078413
38325b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
38335b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
38345b34.5ff4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05142030~31bf3856ad364e35~amd64~~10.0.22621.963.cat'; file='\Device\HarddiskVolume5\Windows\System32\devrtl.dll'
38355b34.5ff4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
38365b34.5ff4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\devrtl.dll) WinVerifyTrust
38375b34.5ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\devrtl.dll
38385b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
38395b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume5\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
38405b34.5ff4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\setupapi.dll
38415b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netsetupapi.dll'...
38425b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'netsetupapi.dll' -> '\Device\HarddiskVolume5\Windows\System32\netsetupapi.dll' [rcNtRedir=0xc0150008]
38435b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
38445b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
38455b34.5ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
38465b34.5ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
38475b34.5ff4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\NetSetupApi.dll) WinVerifyTrust
38485b34.5ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\NetSetupApi.dll
38495b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
38505b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
38515b34.5ff4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ws2_32.dll
38525b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
38535b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume5\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
38545b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
38555b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
38565b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
38575b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
38585b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
38595b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
38605b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
38615b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
38625b34.5ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\NetSetupShim.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
38635b34.5ff4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\NetSetupShim.dll
38645b34.5ff4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\cfgmgr32.dll)
38655b34.5ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\cfgmgr32.dll
38665b34.5ff4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\NetSetupApi.dll
38675b34.5ff4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\devrtl.dll
38685b34.5ff4: supR3HardenedDllNotificationCallback: load 00007ffefb720000 LB 0x0004e000 C:\WINDOWS\SYSTEM32\cfgmgr32.dll [fFlags=0x0]
38695b34.5ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\cfgmgr32.dll [avoiding WinVerifyTrust]
38705b34.5ff4: supR3HardenedDllNotificationCallback: load 00007ffee3d30000 LB 0x00029000 C:\Windows\System32\NetSetupApi.dll [fFlags=0x0]
38715b34.5ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\NetSetupApi.dll
38725b34.5ff4: supR3HardenedDllNotificationCallback: load 00007ffefdfc0000 LB 0x0047a000 C:\WINDOWS\System32\SETUPAPI.dll [fFlags=0x0]
38735b34.5ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\setupapi.dll
38745b34.5ff4: supR3HardenedDllNotificationCallback: load 00007ffeee670000 LB 0x00014000 C:\Windows\System32\DEVRTL.dll [fFlags=0x0]
38755b34.5ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\devrtl.dll
38765b34.5ff4: supR3HardenedDllNotificationCallback: load 00007ffee3b00000 LB 0x0007b000 C:\Windows\System32\NetSetupShim.dll [fFlags=0x0]
38775b34.5ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\NetSetupShim.dll
38785b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffee3b00000 'C:\Windows\System32\NetSetupShim.dll'
38795b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
38805b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
38815b34.5ff4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\cfgmgr32.dll'
38825b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
38835b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
38845b34.5ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
38855b34.5ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'.
38865b34.5ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'nsi.dll'.
38875b34.5ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'winnsi.dll'.
38885b34.5ff4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\NetSetupEngine.dll) WinVerifyTrust
38895b34.5ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\NetSetupEngine.dll
38905b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
38915b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume5\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
38925b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
38935b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
38945b34.5ff4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\winnsi.dll) WinVerifyTrust
38955b34.5ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\winnsi.dll
38965b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
38975b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume5\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
38985b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
38995b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
39005b34.5ff4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\nsi.dll) WinVerifyTrust
39015b34.5ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\nsi.dll
39025b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
39035b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
39045b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
39055b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
39065b34.5ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\NetSetupEngine.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
39075b34.5ff4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\NetSetupEngine.dll
39085b34.5ff4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\winnsi.dll
39095b34.5ff4: supR3HardenedDllNotificationCallback: load 00007ffefd020000 LB 0x00009000 C:\WINDOWS\System32\NSI.dll [fFlags=0x0]
39105b34.5ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\nsi.dll
39115b34.5ff4: supR3HardenedDllNotificationCallback: load 00007ffef9000000 LB 0x0000d000 C:\WINDOWS\SYSTEM32\WINNSI.DLL [fFlags=0x0]
39125b34.5ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\winnsi.dll
39135b34.5ff4: supR3HardenedDllNotificationCallback: load 00007ffec3ce0000 LB 0x000df000 C:\Windows\System32\NetSetupEngine.dll [fFlags=0x0]
39145b34.5ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\NetSetupEngine.dll
39155b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec3ce0000 'C:\Windows\System32\NetSetupEngine.dll'
39165b34.5ff4: supR3HardenedDllNotificationCallback: Unload 00007ffec3ce0000 LB 0x000df000 C:\Windows\System32\NetSetupEngine.dll [flags=0x0]
39175b34.5ff4: supR3HardenedDllNotificationCallback: Unload 00007ffefd020000 LB 0x00009000 C:\WINDOWS\System32\NSI.dll [flags=0x0]
39185b34.5ff4: supR3HardenedDllNotificationCallback: Unload 00007ffef9000000 LB 0x0000d000 C:\WINDOWS\SYSTEM32\WINNSI.DLL [flags=0x0]
39195b34.1588: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll: Signature #1/2: info status: 24202
39205b34.1588: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
39215b34.1588: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
39225b34.1588: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.
39235b34.1588: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140_1.dll'.
39245b34.1588: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp140.dll'.
39255b34.1588: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
39265b34.1588: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
39275b34.1588: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
39285b34.1588: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
39295b34.1588: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
39305b34.1588: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
39315b34.1588: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
39325b34.1588: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
39335b34.1588: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
39345b34.1588: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
39355b34.1588: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
39365b34.1588: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
39375b34.1588: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
39385b34.1588: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
39395b34.1588: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
39405b34.1588: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
39415b34.1588: supR3HardenedDllNotificationCallback: load 00007ffef70f0000 LB 0x00010000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
39425b34.1588: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
39435b34.1588: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef70f0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
39445b34.2338: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll: Signature #1/2: info status: 24202
39455b34.2338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
39465b34.2338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
39475b34.2338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.
39485b34.2338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140_1.dll'.
39495b34.2338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp140.dll'.
39505b34.2338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
39515b34.2338: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
39525b34.2338: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
39535b34.2338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
39545b34.2338: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
39555b34.2338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
39565b34.2338: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
39575b34.2338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
39585b34.2338: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
39595b34.2338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
39605b34.2338: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
39615b34.2338: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
39625b34.2338: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
39635b34.2338: supR3HardenedDllNotificationCallback: load 00007ffef70e0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
39645b34.2338: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
39655b34.2338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef70e0000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
39665b34.5ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\shell32.dll
39675b34.5ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
39685b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefd240000 'C:\WINDOWS\system32\Shell32.dll'
39695b34.5ff4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000012ac pwszName=\Device\HarddiskVolume5\Windows\System32\WinHvPlatform.dll
39705b34.5ff4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000028f0f17c890
39715b34.5ff4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000028f0f17c890
39725b34.5ff4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A1127A13D7B78150717ED61134DCB565FEBCA2A3
39735b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
39745b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
39755b34.5ff4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.22621.963.cat'; file='\Device\HarddiskVolume5\Windows\System32\WinHvPlatform.dll'
39765b34.5ff4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
39775b34.5ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'vid.dll'.
39785b34.5ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'devobj.dll'.
39795b34.5ff4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\WinHvPlatform.dll) WinVerifyTrust
39805b34.5ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\WinHvPlatform.dll
39815b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
39825b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume5\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
39835b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
39845b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
39855b34.5ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'cfgmgr32.dll'.
39865b34.5ff4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\devobj.dll) WinVerifyTrust
39875b34.5ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\devobj.dll
39885b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vid.dll'...
39895b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vid.dll' -> '\Device\HarddiskVolume5\Windows\System32\vid.dll' [rcNtRedir=0xc0150008]
39905b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
39915b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume5\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
39925b34.5ff4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\cfgmgr32.dll
39935b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
39945b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
39955b34.5ff4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\vid.dll) WinVerifyTrust
39965b34.5ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\vid.dll
39975b34.5ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\WinHvPlatform.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
39985b34.5ff4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\WinHvPlatform.dll
39995b34.5ff4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\vid.dll
40005b34.5ff4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\devobj.dll
40015b34.5ff4: supR3HardenedDllNotificationCallback: load 00007ffecdb30000 LB 0x0003e000 C:\WINDOWS\SYSTEM32\vid.dll [fFlags=0x0]
40025b34.5ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\vid.dll
40035b34.5ff4: supR3HardenedDllNotificationCallback: load 00007ffefb770000 LB 0x00033000 C:\WINDOWS\SYSTEM32\DEVOBJ.dll [fFlags=0x0]
40045b34.5ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\devobj.dll
40055b34.5ff4: supR3HardenedDllNotificationCallback: load 00007ffecf4d0000 LB 0x00047000 C:\WINDOWS\system32\WinHvPlatform.dll [fFlags=0x0]
40065b34.5ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\WinHvPlatform.dll
40075b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecf4d0000 'C:\WINDOWS\system32\WinHvPlatform.dll'
40085b34.5ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\vid.dll
40095b34.5ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\vid.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
40105b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecdb30000 'C:\WINDOWS\system32\vid.dll'
40115b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
40125b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
40135b34.5ff4: '\Device\HarddiskVolume5\Windows\System32\ntdll.dll' has no imports
40145b34.5ff4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\ntdll.dll) WinVerifyTrust
40155b34.5ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\ntdll.dll
40165b34.5ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\NTDLL.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
40175b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefe630000 'C:\WINDOWS\system32\NTDLL.DLL'
40185b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
40195b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
40205b34.5ff4: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDD.dll: Signature #1/2: info status: 24202
40215b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
40225b34.5ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll
40235b34.5ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
40245b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
40255b34.5ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.
40265b34.5ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140_1.dll'.
40275b34.5ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
40285b34.5ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
40295b34.5ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
40305b34.5ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
40315b34.5ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
40325b34.5ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
40335b34.5ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
40345b34.5ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
40355b34.5ff4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
40365b34.5ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDD.dll
40375b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
40385b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume5\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
40395b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
40405b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
40415b34.5ff4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
40425b34.5ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\IPHLPAPI.DLL
40435b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
40445b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
40455b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
40465b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
40475b34.5ff4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ws2_32.dll
40485b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
40495b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume5\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
40505b34.5ff4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\setupapi.dll
40515b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
40525b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
40535b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
40545b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
40555b34.5ff4: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDD2.dll: Signature #1/2: info status: 24202
40565b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
40575b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
40585b34.5ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
40595b34.5ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vcruntime140.dll'.
40605b34.5ff4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
40615b34.5ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDD2.dll
40625b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
40635b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
40645b34.5ff4: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDDU.dll: Signature #1/2: info status: 24202
40655b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
40665b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
40675b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
40685b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
40695b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
40705b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
40715b34.5ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.
40725b34.5ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
40735b34.5ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
40745b34.5ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
40755b34.5ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
40765b34.5ff4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
40775b34.5ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDDU.dll
40785b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
40795b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
40805b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
40815b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
40825b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
40835b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
40845b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
40855b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
40865b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
40875b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume5\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
40885b34.5ff4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\setupapi.dll
40895b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
40905b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
40915b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
40925b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
40935b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
40945b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
40955b34.5ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
40965b34.5ff4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDD.dll
40975b34.5ff4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDDU.dll
40985b34.5ff4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDD2.dll
40995b34.5ff4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\IPHLPAPI.DLL
41005b34.5ff4: supR3HardenedDllNotificationCallback: load 00007ffec3dc0000 LB 0x00071000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
41015b34.5ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDDU.dll
41025b34.5ff4: supR3HardenedDllNotificationCallback: load 00007ffe48a10000 LB 0x0085d000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
41035b34.5ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDD2.dll
41045b34.5ff4: supR3HardenedDllNotificationCallback: load 00007ffefa560000 LB 0x0002d000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
41055b34.5ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\IPHLPAPI.DLL
41065b34.5ff4: supR3HardenedDllNotificationCallback: load 00007ffe49270000 LB 0x00b97000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
41075b34.5ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDD.dll
41085b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe49270000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
41095b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
41105b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
41115b34.5ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxC.dll
41125b34.5ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
41135b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe6b870000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
41145b34.5ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll
41155b34.5ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
41165b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
41175b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
41185b34.5ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDD2.dll
41195b34.5ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
41205b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe48a10000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
41215b34.5618: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll: Signature #1/2: info status: 24202
41225b34.5618: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
41235b34.5618: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
41245b34.5618: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.
41255b34.5618: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
41265b34.5618: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
41275b34.5618: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
41285b34.5618: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
41295b34.5618: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
41305b34.5618: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
41315b34.5618: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
41325b34.5618: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
41335b34.5618: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
41345b34.5618: supR3HardenedDllNotificationCallback: load 00007ffef4840000 LB 0x00014000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
41355b34.5618: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
41365b34.5618: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef4840000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
41375b34.6560: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll: Signature #1/2: info status: 24202
41385b34.6560: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
41395b34.6560: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
41405b34.6560: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.
41415b34.6560: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140_1.dll'.
41425b34.6560: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp140.dll'.
41435b34.6560: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
41445b34.6560: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
41455b34.6560: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
41465b34.6560: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
41475b34.6560: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
41485b34.6560: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
41495b34.6560: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
41505b34.6560: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
41515b34.6560: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
41525b34.6560: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll
41535b34.6560: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
41545b34.6560: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
41555b34.6560: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
41565b34.6560: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
41575b34.6560: supR3HardenedDllNotificationCallback: load 00007ffef6fd0000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
41585b34.6560: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
41595b34.6560: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef6fd0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
41605b34.6a70: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll: Signature #1/2: info status: 24202
41615b34.6a70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
41625b34.6a70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
41635b34.6a70: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.
41645b34.6a70: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140_1.dll'.
41655b34.6a70: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp140.dll'.
41665b34.6a70: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
41675b34.6a70: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
41685b34.6a70: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
41695b34.6a70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
41705b34.6a70: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
41715b34.6a70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
41725b34.6a70: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
41735b34.6a70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
41745b34.6a70: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
41755b34.6a70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
41765b34.6a70: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
41775b34.6a70: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
41785b34.6a70: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
41795b34.6a70: supR3HardenedDllNotificationCallback: load 00007ffeec8d0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
41805b34.6a70: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
41815b34.6a70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeec8d0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
41825b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
41835b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
41845b34.5ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
41855b34.5ff4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\MMDevAPI.dll) WinVerifyTrust
41865b34.5ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\MMDevAPI.dll
41875b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
41885b34.5ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
41895b34.5ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
41905b34.5ff4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\MMDevAPI.dll
41915b34.5ff4: supR3HardenedDllNotificationCallback: load 00007ffeee380000 LB 0x0009d000 C:\WINDOWS\System32\MMDevApi.dll [fFlags=0x0]
41925b34.5ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\MMDevAPI.dll
41935b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeee380000 'C:\WINDOWS\System32\MMDevApi.dll'
41945b34.5ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\MMDevAPI.dll
41955b34.5ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
41965b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeee380000 'C:\WINDOWS\System32\MMDEVAPI.DLL'
41975b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msctf.dll
41985b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
41995b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefd030000 'C:\WINDOWS\System32\MSCTF.dll'
42005b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'msvcp_win.dll'.
42015b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\CoreMessaging.dll)
42025b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\CoreMessaging.dll
42035b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffef8aa0000 LB 0x00133000 C:\WINDOWS\SYSTEM32\CoreMessaging.dll [fFlags=0x0]
42045b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\CoreMessaging.dll [avoiding WinVerifyTrust]
42055b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
42065b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
42075b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcp_win.dll
42085b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
42095b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll
42105b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
42115b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbe70000 'C:\WINDOWS\System32\WINTRUST.DLL'
42125b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\CRYPT32.dll'
42135b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
42145b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\CoreMessaging.dll'
42155b34.3c5c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-security-sddl-l1-1-0.dll) -> 0x0, fPresent=1
42165b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-security-sddl-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
42175b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc8b0000 'api-ms-win-security-sddl-l1-1-0.dll'
42185b34.3c5c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll) -> 0x0, fPresent=1
42195b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
42205b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc440000 'ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll'
42215b34.3c5c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll) -> 0x0, fPresent=1
42225b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
42235b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefc440000 'ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll'
42245b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
42255b34.3c5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'coremessaging.dll'.
42265b34.3c5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\CoreUIComponents.dll)
42275b34.3c5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\CoreUIComponents.dll
42285b34.3c5c: supR3HardenedDllNotificationCallback: load 00007ffef5840000 LB 0x0036c000 C:\WINDOWS\SYSTEM32\CoreUIComponents.dll [fFlags=0x0]
42295b34.3c5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\CoreUIComponents.dll [avoiding WinVerifyTrust]
42305b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
42315b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume5\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
42325b34.3c5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\CoreMessaging.dll
42335b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
42345b34.3c5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
42355b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa9f0000 'C:\WINDOWS\system32\rsaenh.dll'
42365b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefbd00000 'C:\WINDOWS\System32\crypt32.dll'
42375b34.3c5c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\CoreUIComponents.dll'
42385b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefcbd0000 'C:\WINDOWS\System32\RPCRT4.dll'
42395b34.3c5c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-security-systemfunctions-l1-1-0) -> 0x0, fPresent=1
42405b34.3c5c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-security-systemfunctions-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
42415b34.3c5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefdb80000 'api-ms-win-security-systemfunctions-l1-1-0'
42425b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\imageres.dll
42435b34.3c5c: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 00000000000017e0 (hFile=0000000000001424) with 0xc0000022 -> STATUS_TRUST_FAILURE
42445b34.3c5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\imageres.dll
42455b34.3c5c: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 00000000000017d0 (hFile=0000000000001568) with 0xc0000022 -> STATUS_TRUST_FAILURE
42465b34.5ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\NetSetupEngine.dll
42475b34.5ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\NetSetupEngine.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
42485b34.5ff4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\NetSetupEngine.dll
42495b34.5ff4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\winnsi.dll
42505b34.5ff4: supR3HardenedDllNotificationCallback: load 00007ffefd020000 LB 0x00009000 C:\WINDOWS\System32\NSI.dll [fFlags=0x0]
42515b34.5ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\nsi.dll
42525b34.5ff4: supR3HardenedDllNotificationCallback: load 00007ffef9000000 LB 0x0000d000 C:\WINDOWS\SYSTEM32\WINNSI.DLL [fFlags=0x0]
42535b34.5ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\winnsi.dll
42545b34.5ff4: supR3HardenedDllNotificationCallback: load 00007ffec3ce0000 LB 0x000df000 C:\Windows\System32\NetSetupEngine.dll [fFlags=0x0]
42555b34.5ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\NetSetupEngine.dll
42565b34.5ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec3ce0000 'C:\Windows\System32\NetSetupEngine.dll'

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy