Ticket #22057: VBoxHardening-1.log

File VBoxHardening-1.log, 298.2 KB (added by nobel, 9 months ago)

Line
1	5754.62fc: \SystemRoot\System32\ntdll.dll:
2	5754.62fc: CreationTime: 2024-04-25T21:50:52.933474100Z
3	5754.62fc: LastWriteTime: 2024-04-25T21:50:52.967360700Z
4	5754.62fc: ChangeTime: 2024-04-25T22:15:47.894551900Z
5	5754.62fc: FileAttributes: 0x20
6	5754.62fc: Size: 0x216008
7	5754.62fc: NT Headers: 0xe8
8	5754.62fc: Timestamp: 0x92b2df34
9	5754.62fc: Machine: 0x8664 - amd64
10	5754.62fc: Timestamp: 0x92b2df34
11	5754.62fc: Image Version: 10.0
12	5754.62fc: SizeOfImage: 0x217000 (2191360)
13	5754.62fc: Resource Dir: 0x1a0000 LB 0x759a8
14	5754.62fc: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
15	5754.62fc: [Raw version resource data: 0x1a00f0 LB 0x380, codepage 0x0 (reserved 0x0)]
16	5754.62fc: ProductName: Microsoft® Windows® Operating System
17	5754.62fc: ProductVersion: 10.0.22621.3527
18	5754.62fc: FileVersion: 10.0.22621.3527 (WinBuild.160101.0800)
19	5754.62fc: FileDescription: NT Layer DLL
20	5754.62fc: \SystemRoot\System32\kernel32.dll:
21	5754.62fc: CreationTime: 2024-04-25T21:50:52.649892600Z
22	5754.62fc: LastWriteTime: 2024-04-25T21:50:52.664841500Z
23	5754.62fc: ChangeTime: 2024-04-25T22:15:37.505042500Z
24	5754.62fc: FileAttributes: 0x20
25	5754.62fc: Size: 0xc7158
26	5754.62fc: NT Headers: 0xe8
27	5754.62fc: Timestamp: 0x6b8a5ea3
28	5754.62fc: Machine: 0x8664 - amd64
29	5754.62fc: Timestamp: 0x6b8a5ea3
30	5754.62fc: Image Version: 10.0
31	5754.62fc: SizeOfImage: 0xc4000 (802816)
32	5754.62fc: Resource Dir: 0xc2000 LB 0x520
33	5754.62fc: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
34	5754.62fc: [Raw version resource data: 0xc20b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
35	5754.62fc: ProductName: Microsoft® Windows® Operating System
36	5754.62fc: ProductVersion: 10.0.22621.3527
37	5754.62fc: FileVersion: 10.0.22621.3527 (WinBuild.160101.0800)
38	5754.62fc: FileDescription: Windows NT BASE API Client DLL
39	5754.62fc: \SystemRoot\System32\KernelBase.dll:
40	5754.62fc: CreationTime: 2024-04-25T21:50:53.507611100Z
41	5754.62fc: LastWriteTime: 2024-04-25T21:50:53.604794300Z
42	5754.62fc: ChangeTime: 2024-04-25T22:15:45.722906700Z
43	5754.62fc: FileAttributes: 0x20
44	5754.62fc: Size: 0x3ae908
45	5754.62fc: NT Headers: 0xf8
46	5754.62fc: Timestamp: 0x83efbeab
47	5754.62fc: Machine: 0x8664 - amd64
48	5754.62fc: Timestamp: 0x83efbeab
49	5754.62fc: Image Version: 10.0
50	5754.62fc: SizeOfImage: 0x3a7000 (3829760)
51	5754.62fc: Resource Dir: 0x376000 LB 0x548
52	5754.62fc: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
53	5754.62fc: [Raw version resource data: 0x3760b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
54	5754.62fc: ProductName: Microsoft® Windows® Operating System
55	5754.62fc: ProductVersion: 10.0.22621.3527
56	5754.62fc: FileVersion: 10.0.22621.3527 (WinBuild.160101.0800)
57	5754.62fc: FileDescription: Windows NT BASE API Client DLL
58	5754.62fc: \SystemRoot\System32\apisetschema.dll:
59	5754.62fc: CreationTime: 2024-04-25T21:50:27.205621000Z
60	5754.62fc: LastWriteTime: 2024-04-25T21:50:27.208610400Z
61	5754.62fc: ChangeTime: 2024-04-25T22:15:42.442010700Z
62	5754.62fc: FileAttributes: 0x20
63	5754.62fc: Size: 0x245e0
64	5754.62fc: NT Headers: 0xc8
65	5754.62fc: Timestamp: 0x2f79598b
66	5754.62fc: Machine: 0x8664 - amd64
67	5754.62fc: Timestamp: 0x2f79598b
68	5754.62fc: Image Version: 10.0
69	5754.62fc: SizeOfImage: 0x23000 (143360)
70	5754.62fc: Resource Dir: 0x22000 LB 0x408
71	5754.62fc: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
72	5754.62fc: [Raw version resource data: 0x22060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
73	5754.62fc: ProductName: Microsoft® Windows® Operating System
74	5754.62fc: ProductVersion: 10.0.22621.3527
75	5754.62fc: FileVersion: 10.0.22621.3527 (WinBuild.160101.0800)
76	5754.62fc: FileDescription: ApiSet Schema DLL
77	5754.62fc: NtOpenDirectoryObject failed on \Driver: 0xc0000022
78	5754.62fc: supR3HardenedWinFindAdversaries: 0x4
79	5754.62fc: \SystemRoot\System32\drivers\aswMonFlt.sys:
80	5754.62fc: CreationTime: 2022-11-24T10:33:09.488089900Z
81	5754.62fc: LastWriteTime: 2024-04-12T01:45:56.269304300Z
82	5754.62fc: ChangeTime: 2024-04-12T01:45:56.269304300Z
83	5754.62fc: FileAttributes: 0x20
84	5754.62fc: Size: 0x41a38
85	5754.62fc: NT Headers: 0xf0
86	5754.62fc: Timestamp: 0x660161d5
87	5754.62fc: Machine: 0x8664 - amd64
88	5754.62fc: Timestamp: 0x660161d5
89	5754.62fc: Image Version: 10.0
90	5754.62fc: SizeOfImage: 0x49000 (299008)
91	5754.62fc: Resource Dir: 0x47000 LB 0x3b0
92	5754.62fc: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
93	5754.62fc: [Raw version resource data: 0x47058 LB 0x358, codepage 0x0 (reserved 0x0)]
94	5754.62fc: ProductName: Antivirus
95	5754.62fc: ProductVersion: 24.3.683.0
96	5754.62fc: FileVersion: 24.3.683.0
97	5754.62fc: FileDescription: Gen File System Filter
98	5754.62fc: \SystemRoot\System32\drivers\aswRdr2.sys:
99	5754.62fc: CreationTime: 2022-11-24T10:33:09.486096500Z
100	5754.62fc: LastWriteTime: 2024-04-12T01:45:56.261304700Z
101	5754.62fc: ChangeTime: 2024-04-12T01:45:56.261304700Z
102	5754.62fc: FileAttributes: 0x20
103	5754.62fc: Size: 0x16e38
104	5754.62fc: NT Headers: 0xe8
105	5754.62fc: Timestamp: 0x660161d2
106	5754.62fc: Machine: 0x8664 - amd64
107	5754.62fc: Timestamp: 0x660161d2
108	5754.62fc: Image Version: 10.0
109	5754.62fc: SizeOfImage: 0x1b000 (110592)
110	5754.62fc: Resource Dir: 0x19000 LB 0x398
111	5754.62fc: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
112	5754.62fc: [Raw version resource data: 0x19058 LB 0x33c, codepage 0x0 (reserved 0x0)]
113	5754.62fc: ProductName: Antivirus
114	5754.62fc: ProductVersion: 24.3.683.0
115	5754.62fc: FileVersion: 24.3.683.0
116	5754.62fc: FileDescription: Gen Antivirus
117	5754.62fc: \SystemRoot\System32\drivers\aswRvrt.sys:
118	5754.62fc: CreationTime: 2022-11-24T10:33:09.489086600Z
119	5754.62fc: LastWriteTime: 2024-04-12T01:45:56.277304500Z
120	5754.62fc: ChangeTime: 2024-04-12T01:45:56.277304500Z
121	5754.62fc: FileAttributes: 0x20
122	5754.62fc: Size: 0x10e38
123	5754.62fc: NT Headers: 0xe0
124	5754.62fc: Timestamp: 0x660161cb
125	5754.62fc: Machine: 0x8664 - amd64
126	5754.62fc: Timestamp: 0x660161cb
127	5754.62fc: Image Version: 10.0
128	5754.62fc: SizeOfImage: 0x13000 (77824)
129	5754.62fc: Resource Dir: 0x11000 LB 0x390
130	5754.62fc: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
131	5754.62fc: [Raw version resource data: 0x11058 LB 0x338, codepage 0x0 (reserved 0x0)]
132	5754.62fc: ProductName: Antivirus
133	5754.62fc: ProductVersion: 24.3.683.0
134	5754.62fc: FileVersion: 24.3.683.0
135	5754.62fc: FileDescription: Gen Revert
136	5754.62fc: \SystemRoot\System32\drivers\aswSnx.sys:
137	5754.62fc: CreationTime: 2022-11-24T10:33:09.480116700Z
138	5754.62fc: LastWriteTime: 2024-04-12T01:45:53.466864800Z
139	5754.62fc: ChangeTime: 2024-04-12T01:45:53.466864800Z
140	5754.62fc: FileAttributes: 0x20
141	5754.62fc: Size: 0xe4838
142	5754.62fc: NT Headers: 0x100
143	5754.62fc: Timestamp: 0x660161ff
144	5754.62fc: Machine: 0x8664 - amd64
145	5754.62fc: Timestamp: 0x660161ff
146	5754.62fc: Image Version: 10.0
147	5754.62fc: SizeOfImage: 0xe9000 (954368)
148	5754.62fc: Resource Dir: 0xe6000 LB 0x3b0
149	5754.62fc: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
150	5754.62fc: [Raw version resource data: 0xe6058 LB 0x354, codepage 0x0 (reserved 0x0)]
151	5754.62fc: ProductName: Antivirus
152	5754.62fc: ProductVersion: 24.3.683.0
153	5754.62fc: FileVersion: 24.3.683.0
154	5754.62fc: FileDescription: Gen Virtualization Driver
155	5754.62fc: \SystemRoot\System32\drivers\aswsp.sys:
156	5754.62fc: CreationTime: 2022-11-24T10:33:09.490083300Z
157	5754.62fc: LastWriteTime: 2024-04-12T01:45:56.288304000Z
158	5754.62fc: ChangeTime: 2024-04-12T01:45:56.288304000Z
159	5754.62fc: FileAttributes: 0x20
160	5754.62fc: Size: 0xa9e38
161	5754.62fc: NT Headers: 0xe8
162	5754.62fc: Timestamp: 0x660161ed
163	5754.62fc: Machine: 0x8664 - amd64
164	5754.62fc: Timestamp: 0x660161ed
165	5754.62fc: Image Version: 10.0
166	5754.62fc: SizeOfImage: 0xb0000 (720896)
167	5754.62fc: Resource Dir: 0xad000 LB 0x398
168	5754.62fc: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
169	5754.62fc: [Raw version resource data: 0xad058 LB 0x340, codepage 0x0 (reserved 0x0)]
170	5754.62fc: ProductName: Antivirus
171	5754.62fc: ProductVersion: 24.3.683.0
172	5754.62fc: FileVersion: 24.3.683.0
173	5754.62fc: FileDescription: Gen Self Protection
174	5754.62fc: \SystemRoot\System32\drivers\aswStm.sys:
175	5754.62fc: CreationTime: 2024-04-12T01:45:58.391309500Z
176	5754.62fc: LastWriteTime: 2024-04-12T01:45:56.481310100Z
177	5754.62fc: ChangeTime: 2024-04-12T01:45:56.481310100Z
178	5754.62fc: FileAttributes: 0x20
179	5754.62fc: Size: 0x31438
180	5754.62fc: NT Headers: 0xf0
181	5754.62fc: Timestamp: 0x66016201
182	5754.62fc: Machine: 0x8664 - amd64
183	5754.62fc: Timestamp: 0x66016201
184	5754.62fc: Image Version: 10.0
185	5754.62fc: SizeOfImage: 0x36000 (221184)
186	5754.62fc: Resource Dir: 0x34000 LB 0x3a0
187	5754.62fc: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
188	5754.62fc: [Raw version resource data: 0x34058 LB 0x344, codepage 0x0 (reserved 0x0)]
189	5754.62fc: ProductName: Antivirus
190	5754.62fc: ProductVersion: 24.3.683.0
191	5754.62fc: FileVersion: 24.3.683.0
192	5754.62fc: FileDescription: Gen Stream Filter
193	5754.62fc: \SystemRoot\System32\drivers\aswVmm.sys:
194	5754.62fc: CreationTime: 2022-11-24T10:33:09.495066500Z
195	5754.62fc: LastWriteTime: 2024-04-12T01:45:56.819309900Z
196	5754.62fc: ChangeTime: 2024-04-12T01:45:56.819309900Z
197	5754.62fc: FileAttributes: 0x20
198	5754.62fc: Size: 0x4ac38
199	5754.62fc: NT Headers: 0xe8
200	5754.62fc: Timestamp: 0x660161d4
201	5754.62fc: Machine: 0x8664 - amd64
202	5754.62fc: Timestamp: 0x660161d4
203	5754.62fc: Image Version: 10.0
204	5754.62fc: SizeOfImage: 0x4d000 (315392)
205	5754.62fc: Resource Dir: 0x4b000 LB 0x398
206	5754.62fc: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
207	5754.62fc: [Raw version resource data: 0x4b058 LB 0x340, codepage 0x0 (reserved 0x0)]
208	5754.62fc: ProductName: Antivirus
209	5754.62fc: ProductVersion: 24.3.683.0
210	5754.62fc: FileVersion: 24.3.683.0
211	5754.62fc: FileDescription: Gen VM Monitor
212	5754.62fc: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
213	5754.62fc: Calling main()
214	5754.62fc: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
215	5754.62fc: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
216	5754.62fc: SUPR3HardenedMain: Respawn #1
217	5754.62fc: System32: \Device\HarddiskVolume3\Windows\System32
218	5754.62fc: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
219	5754.62fc: KnownDllPath: C:\WINDOWS\System32
220	5754.62fc: supR3HardenedWinInit: Performing a limited self purification...
221	5754.62fc: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION
222	5754.62fc: *0000000000000000-000000007ffdffff 0x0001/0x0000 0x0000000
223	5754.62fc: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
224	5754.62fc: 000000007ffe1000-000000007ffeefff 0x0001/0x0000 0x0000000
225	5754.62fc: *000000007ffef000-000000007ffeffff 0x0002/0x0002 0x0020000
226	5754.62fc: 000000007fff0000-000000baf9e0ffff 0x0001/0x0000 0x0000000
227	5754.62fc: *000000baf9e10000-000000baf9ec0fff 0x0000/0x0004 0x0020000
228	5754.62fc: 000000baf9ec1000-000000baf9ec3fff 0x0104/0x0004 0x0020000
229	5754.62fc: 000000baf9ec4000-000000baf9f0ffff 0x0004/0x0004 0x0020000
230	5754.62fc: 000000baf9f10000-000000baf9ffffff 0x0001/0x0000 0x0000000
231	5754.62fc: *000000bafa000000-000000bafa010fff 0x0000/0x0004 0x0020000
232	5754.62fc: 000000bafa011000-000000bafa013fff 0x0004/0x0004 0x0020000
233	5754.62fc: 000000bafa014000-000000bafa1fffff 0x0000/0x0004 0x0020000
234	5754.62fc: 000000bafa200000-00000224c5dbffff 0x0001/0x0000 0x0000000
235	5754.62fc: *00000224c5dc0000-00000224c5dcffff 0x0004/0x0004 0x0040000
236	5754.62fc: *00000224c5dd0000-00000224c5dd2fff 0x0002/0x0002 0x0040000
237	5754.62fc: 00000224c5dd3000-00000224c5ddffff 0x0001/0x0000 0x0000000
238	5754.62fc: *00000224c5de0000-00000224c5dfefff 0x0002/0x0002 0x0040000
239	5754.62fc: 00000224c5dff000-00000224c5dfffff 0x0001/0x0000 0x0000000
240	5754.62fc: *00000224c5e00000-00000224c5e00fff 0x0020/0x0020 0x0040000 !!
241	5754.62fc: 00000224c5e01000-00000224c5e0ffff 0x0001/0x0000 0x0000000
242	5754.62fc: *00000224c5e10000-00000224c5e13fff 0x0002/0x0002 0x0040000
243	5754.62fc: 00000224c5e14000-00000224c5e1ffff 0x0001/0x0000 0x0000000
244	5754.62fc: *00000224c5e20000-00000224c5e20fff 0x0002/0x0002 0x0040000
245	5754.62fc: 00000224c5e21000-00000224c5e2ffff 0x0001/0x0000 0x0000000
246	5754.62fc: *00000224c5e30000-00000224c5e31fff 0x0004/0x0004 0x0020000
247	5754.62fc: 00000224c5e32000-00000224c5e3ffff 0x0001/0x0000 0x0000000
248	5754.62fc: *00000224c5e40000-00000224c5e42fff 0x0002/0x0002 0x0040000
249	5754.62fc: 00000224c5e43000-00000224c5e4ffff 0x0001/0x0000 0x0000000
250	5754.62fc: *00000224c5e50000-00000224c5e51fff 0x0004/0x0004 0x0020000
251	5754.62fc: 00000224c5e52000-00000224c5f12fff 0x0000/0x0004 0x0020000
252	5754.62fc: 00000224c5f13000-00000224c5f5ffff 0x0001/0x0000 0x0000000
253	5754.62fc: *00000224c5f60000-00000224c5f6efff 0x0004/0x0004 0x0020000
254	5754.62fc: 00000224c5f6f000-00000224c5f6ffff 0x0000/0x0004 0x0020000
255	5754.62fc: 00000224c5f70000-00000224c5f9ffff 0x0001/0x0000 0x0000000
256	5754.62fc: *00000224c5fa0000-00000224c5faafff 0x0004/0x0004 0x0020000
257	5754.62fc: 00000224c5fab000-00000224c609ffff 0x0000/0x0004 0x0020000
258	5754.62fc: *00000224c60a0000-00000224c616dfff 0x0002/0x0002 0x0040000
259	5754.62fc: 00000224c616e000-00000224c616ffff 0x0001/0x0000 0x0000000
260	5754.62fc: *00000224c6170000-00000224c617dfff 0x0000/0x0004 0x0020000
261	5754.62fc: 00000224c617e000-00000224c6395fff 0x0004/0x0004 0x0020000
262	5754.62fc: 00000224c6396000-00000224c6396fff 0x0000/0x0004 0x0020000
263	5754.62fc: 00000224c6397000-00000224c639ffff 0x0001/0x0000 0x0000000
264	5754.62fc: *00000224c63a0000-00000224c63a1fff 0x0004/0x0004 0x0020000
265	5754.62fc: 00000224c63a2000-00000224c6462fff 0x0000/0x0004 0x0020000
266	5754.62fc: 00000224c6463000-00000224c646ffff 0x0001/0x0000 0x0000000
267	5754.62fc: *00000224c6470000-00000224c649dfff 0x0004/0x0004 0x0020000
268	5754.62fc: 00000224c649e000-00000224c656ffff 0x0000/0x0004 0x0020000
269	5754.62fc: 00000224c6570000-00007df4a14fffff 0x0001/0x0000 0x0000000
270	5754.62fc: *00007df4a1500000-00007df4a1504fff 0x0002/0x0002 0x0040000
271	5754.62fc: 00007df4a1505000-00007df4a15fffff 0x0000/0x0002 0x0040000
272	5754.62fc: *00007df4a1600000-00007df5a161ffff 0x0000/0x0004 0x0020000
273	5754.62fc: *00007df5a1620000-00007df5a361ffff 0x0000/0x0004 0x0020000
274	5754.62fc: 00007df5a3620000-00007df5a3620fff 0x0004/0x0004 0x0020000
275	5754.62fc: 00007df5a3621000-00007df5a362ffff 0x0001/0x0000 0x0000000
276	5754.62fc: *00007df5a3630000-00007df5a3630fff 0x0002/0x0002 0x0040000
277	5754.62fc: 00007df5a3631000-00007df5a363ffff 0x0001/0x0000 0x0000000
278	5754.62fc: *00007df5a3640000-00007df5a4bbdfff 0x0000/0x0001 0x0040000
279	5754.62fc: 00007df5a4bbe000-00007df5a4c2afff 0x0001/0x0001 0x0040000
280	5754.62fc: 00007df5a4c2b000-00007df5a5428fff 0x0000/0x0001 0x0040000
281	5754.62fc: 00007df5a5429000-00007df5a5429fff 0x0001/0x0001 0x0040000
282	5754.62fc: 00007df5a542a000-00007dfe367b7fff 0x0000/0x0001 0x0040000
283	5754.62fc: 00007dfe367b8000-00007dfe367b8fff 0x0002/0x0001 0x0040000
284	5754.62fc: 00007dfe367b9000-00007ff57ca50fff 0x0000/0x0001 0x0040000
285	5754.62fc: 00007ff57ca51000-00007ff57ca56fff 0x0002/0x0001 0x0040000
286	5754.62fc: 00007ff57ca57000-00007ff59283bfff 0x0000/0x0001 0x0040000
287	5754.62fc: 00007ff59283c000-00007ff5954bdfff 0x0001/0x0001 0x0040000
288	5754.62fc: 00007ff5954be000-00007ff5954befff 0x0002/0x0001 0x0040000
289	5754.62fc: 00007ff5954bf000-00007ff59577dfff 0x0001/0x0001 0x0040000
290	5754.62fc: 00007ff59577e000-00007ff59577ffff 0x0002/0x0001 0x0040000
291	5754.62fc: 00007ff595780000-00007ff596412fff 0x0001/0x0001 0x0040000
292	5754.62fc: 00007ff596413000-00007ff596422fff 0x0002/0x0001 0x0040000
293	5754.62fc: 00007ff596423000-00007ff59645efff 0x0001/0x0001 0x0040000
294	5754.62fc: 00007ff59645f000-00007ff596462fff 0x0002/0x0001 0x0040000
295	5754.62fc: 00007ff596463000-00007ff5964bbfff 0x0001/0x0001 0x0040000
296	5754.62fc: 00007ff5964bc000-00007ff5964c4fff 0x0002/0x0001 0x0040000
297	5754.62fc: 00007ff5964c5000-00007ff5a363ffff 0x0000/0x0001 0x0040000
298	5754.62fc: 00007ff5a3640000-00007ff65046ffff 0x0001/0x0000 0x0000000
299	5754.62fc: *00007ff650470000-00007ff650470fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
300	5754.62fc: 00007ff650471000-00007ff6504dafff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
301	5754.62fc: 00007ff6504db000-00007ff6504dbfff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
302	5754.62fc: 00007ff6504dc000-00007ff65052efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
303	5754.62fc: 00007ff65052f000-00007ff650531fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
304	5754.62fc: 00007ff650532000-00007ff650534fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
305	5754.62fc: 00007ff650535000-00007ff650537fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
306	5754.62fc: 00007ff650538000-00007ff650538fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
307	5754.62fc: 00007ff650539000-00007ff65053afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
308	5754.62fc: 00007ff65053b000-00007ff65053bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
309	5754.62fc: 00007ff65053c000-00007ff650583fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
310	5754.62fc: 00007ff650584000-00007ffc79f7ffff 0x0001/0x0000 0x0000000
311	5754.62fc: *00007ffc79f80000-00007ffc79f8ffff 0x0020/0x0040 0x0020000 !!
312	5754.62fc: 00007ffc79f90000-00007ffc84faffff 0x0001/0x0000 0x0000000
313	5754.62fc: *00007ffc84fb0000-00007ffc84fb0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswhook.dll
314	5754.62fc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffc84fb0000 LB 0x1000 (base 00007ffc84fb0000) - 'aswhook.dll'
315	5754.62fc: 00007ffc84fb1000-00007ffc84fbcfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswhook.dll
316	5754.62fc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffc84fb1000 LB 0xc000 (base 00007ffc84fb0000) - 'aswhook.dll'
317	5754.62fc: 00007ffc84fbd000-00007ffc84fbffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswhook.dll
318	5754.62fc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffc84fbd000 LB 0x3000 (base 00007ffc84fb0000) - 'aswhook.dll'
319	5754.62fc: 00007ffc84fc0000-00007ffc84fc1fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswhook.dll
320	5754.62fc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffc84fc0000 LB 0x2000 (base 00007ffc84fb0000) - 'aswhook.dll'
321	5754.62fc: 00007ffc84fc2000-00007ffc84fc5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswhook.dll
322	5754.62fc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffc84fc2000 LB 0x4000 (base 00007ffc84fb0000) - 'aswhook.dll'
323	5754.62fc: 00007ffc84fc6000-00007ffc84fc6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswhook.dll
324	5754.62fc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffc84fc6000 LB 0x1000 (base 00007ffc84fb0000) - 'aswhook.dll'
325	5754.62fc: 00007ffc84fc7000-00007ffc84fc8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswhook.dll
326	5754.62fc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffc84fc7000 LB 0x2000 (base 00007ffc84fb0000) - 'aswhook.dll'
327	5754.62fc: 00007ffc84fc9000-00007ffcb74dffff 0x0001/0x0000 0x0000000
328	5754.62fc: *00007ffcb74e0000-00007ffcb74e0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
329	5754.62fc: 00007ffcb74e1000-00007ffcb7670fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
330	5754.62fc: 00007ffcb7671000-00007ffcb7835fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
331	5754.62fc: 00007ffcb7836000-00007ffcb783afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
332	5754.62fc: 00007ffcb783b000-00007ffcb7886fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
333	5754.62fc: 00007ffcb7887000-00007ffcb87dffff 0x0001/0x0000 0x0000000
334	5754.62fc: *00007ffcb87e0000-00007ffcb87e0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
335	5754.62fc: 00007ffcb87e1000-00007ffcb8861fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
336	5754.62fc: 00007ffcb8862000-00007ffcb8898fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
337	5754.62fc: 00007ffcb8899000-00007ffcb8899fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
338	5754.62fc: 00007ffcb889a000-00007ffcb889afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
339	5754.62fc: 00007ffcb889b000-00007ffcb88a3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
340	5754.62fc: 00007ffcb88a4000-00007ffcb9f0ffff 0x0001/0x0000 0x0000000
341	5754.62fc: *00007ffcb9f10000-00007ffcb9f10fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
342	5754.62fc: 00007ffcb9f11000-00007ffcba041fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
343	5754.62fc: 00007ffcba042000-00007ffcba08ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
344	5754.62fc: 00007ffcba090000-00007ffcba090fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
345	5754.62fc: 00007ffcba091000-00007ffcba092fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
346	5754.62fc: 00007ffcba093000-00007ffcba09bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
347	5754.62fc: 00007ffcba09c000-00007ffcba126fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
348	5754.62fc: 00007ffcba127000-00007ffffffeffff 0x0001/0x0000 0x0000000
349	5754.62fc: kernel32.dll: timestamp 0x6b8a5ea3 (rc=VINF_SUCCESS)
350	5754.62fc: kernelbase.dll: timestamp 0x83efbeab (rc=VINF_SUCCESS)
351	5754.62fc: VirtualBoxVM.exe: timestamp 0x65a53a70 (rc=VINF_SUCCESS)
352	5754.62fc: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
353	5754.62fc: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
354	5754.62fc: VirtualBoxVM.exe: Differences in section #7 (.00cfg) between file and memory:
355	5754.62fc: 00007ff650543000 / 0x00d3000: 00 != f0
356	5754.62fc: 00007ff650543001 / 0x00d3001: 0d != eb
357	5754.62fc: 00007ff650543002 / 0x00d3002: 49 != f9
358	5754.62fc: 00007ff650543003 / 0x00d3003: 50 != b9
359	5754.62fc: 00007ff650543004 / 0x00d3004: f6 != fc
360	5754.62fc: 00007ff650543008 / 0x00d3008: 00 != f0
361	5754.62fc: 00007ff650543009 / 0x00d3009: 0d != eb
362	5754.62fc: 00007ff65054300a / 0x00d300a: 49 != f9
363	5754.62fc: 00007ff65054300b / 0x00d300b: 50 != b9
364	5754.62fc: 00007ff65054300c / 0x00d300c: f6 != fc
365	5754.62fc: 00007ff650543011 / 0x00d3011: aa != ed
366	5754.62fc: 00007ff650543012 / 0x00d3012: 4d != f9
367	5754.62fc: 00007ff650543013 / 0x00d3013: 50 != b9
368	5754.62fc: 00007ff650543014 / 0x00d3014: f6 != fc
369	5754.62fc: 00007ff650543018 / 0x00d3018: 50 != 30
370	5754.62fc: 00007ff650543019 / 0x00d3019: aa != ed
371	5754.62fc: 00007ff65054301a / 0x00d301a: 4d != f9
372	5754.62fc: 00007ff65054301b / 0x00d301b: 50 != b9
373	5754.62fc: 00007ff65054301c / 0x00d301c: f6 != fc
374	5754.62fc: 00007ff650543020 / 0x00d3020: 50 != 30
375	5754.62fc: 00007ff650543021 / 0x00d3021: aa != ed
376	5754.62fc: 00007ff650543022 / 0x00d3022: 4d != f9
377	5754.62fc: 00007ff650543023 / 0x00d3023: 50 != b9
378	5754.62fc: 00007ff650543024 / 0x00d3024: f6 != fc
379	5754.62fc: Restored 0x28 bytes of original file content at 00007ff650543000
380	5754.62fc: VirtualBoxVM.exe: Differences in section #8 (.rsrc) between file and memory:
381	5754.62fc: 00007ff6505825f4 / 0x01125f4: 00 != 50
382	5754.62fc: 00007ff6505825f5 / 0x01125f5: 00 != 41
383	5754.62fc: 00007ff6505825f6 / 0x01125f6: 00 != 44
384	5754.62fc: 00007ff6505825f7 / 0x01125f7: 00 != 44
385	5754.62fc: 00007ff6505825f8 / 0x01125f8: 00 != 49
386	5754.62fc: 00007ff6505825f9 / 0x01125f9: 00 != 4e
387	5754.62fc: 00007ff6505825fa / 0x01125fa: 00 != 47
388	5754.62fc: 00007ff6505825fb / 0x01125fb: 00 != 58
389	5754.62fc: 00007ff6505825fc / 0x01125fc: 00 != 58
390	5754.62fc: 00007ff6505825fd / 0x01125fd: 00 != 50
391	5754.62fc: 00007ff6505825fe / 0x01125fe: 00 != 41
392	5754.62fc: 00007ff6505825ff / 0x01125ff: 00 != 44
393	5754.62fc: Restored 0xa0c bytes of original file content at 00007ff6505825f4
394	5754.62fc: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
395	5754.62fc: ntdll.dll: Differences in section #1 (.text) between file and memory:
396	5754.62fc: 00007ffcb9f2e6f0 / 0x001e6f0: 48 != e9
397	5754.62fc: 00007ffcb9f2e6f1 / 0x001e6f1: 89 != 43
398	5754.62fc: 00007ffcb9f2e6f2 / 0x001e6f2: 5c != 1b
399	5754.62fc: 00007ffcb9f2e6f3 / 0x001e6f3: 24 != 05
400	5754.62fc: 00007ffcb9f2e6f4 / 0x001e6f4: 08 != c0
401	5754.62fc: 00007ffcb9f2e6f5 / 0x001e6f5: 48 != cc
402	5754.62fc: 00007ffcb9f2e6f6 / 0x001e6f6: 89 != cc
403	5754.62fc: 00007ffcb9f2e6f7 / 0x001e6f7: 74 != cc
404	5754.62fc: 00007ffcb9f2e6f8 / 0x001e6f8: 24 != cc
405	5754.62fc: 00007ffcb9f2e6f9 / 0x001e6f9: 20 != cc
406	5754.62fc: Restored 0x2000 bytes of original file content at 00007ffcb9f2d000
407	5754.62fc: ntdll.dll: Differences in section #1 (.text) between file and memory:
408	5754.62fc: 00007ffcb9f3a160 / 0x002a160: 48 != e9
409	5754.62fc: 00007ffcb9f3a161 / 0x002a161: 89 != 33
410	5754.62fc: 00007ffcb9f3a162 / 0x002a162: 5c != 61
411	5754.62fc: 00007ffcb9f3a163 / 0x002a163: 24 != 04
412	5754.62fc: 00007ffcb9f3a164 / 0x002a164: 10 != c0
413	5754.62fc: 00007ffcb9f3a165 / 0x002a165: 56 != cc
414	5754.62fc: Restored 0x2000 bytes of original file content at 00007ffcb9f39000
415	5754.62fc: ntdll.dll: Differences in section #1 (.text) between file and memory:
416	5754.62fc: 00007ffcb9f94500 / 0x0084500: 45 != e9
417	5754.62fc: 00007ffcb9f94501 / 0x0084501: 33 != 73
418	5754.62fc: 00007ffcb9f94502 / 0x0084502: c0 != bc
419	5754.62fc: 00007ffcb9f94503 / 0x0084503: e9 != fe
420	5754.62fc: 00007ffcb9f94504 / 0x0084504: 08 != bf
421	5754.62fc: 00007ffcb9f94505 / 0x0084505: 00 != cc
422	5754.62fc: 00007ffcb9f94506 / 0x0084506: 00 != cc
423	5754.62fc: 00007ffcb9f94507 / 0x0084507: 00 != cc
424	5754.62fc: Restored 0x2000 bytes of original file content at 00007ffcb9f93dce
425	5754.62fc: ntdll.dll: Differences in section #1 (.text) between file and memory:
426	5754.62fc: 00007ffcba011840 / 0x0101840: 48 != e9
427	5754.62fc: 00007ffcba011841 / 0x0101841: 89 != 93
428	5754.62fc: 00007ffcba011842 / 0x0101842: 5c != e9
429	5754.62fc: 00007ffcba011843 / 0x0101843: 24 != f6
430	5754.62fc: 00007ffcba011844 / 0x0101844: 08 != bf
431	5754.62fc: 00007ffcba011845 / 0x0101845: 48 != cc
432	5754.62fc: 00007ffcba011846 / 0x0101846: 89 != cc
433	5754.62fc: 00007ffcba011847 / 0x0101847: 74 != cc
434	5754.62fc: 00007ffcba011848 / 0x0101848: 24 != cc
435	5754.62fc: 00007ffcba011849 / 0x0101849: 10 != cc
436	5754.62fc: Restored 0x2000 bytes of original file content at 00007ffcba00f9ce
437	5754.62fc: ntdll.dll: Differences in section #9 (.00cfg) between file and memory:
438	5754.62fc: 00007ffcba0af000 / 0x019f000: 00 != 30
439	5754.62fc: 00007ffcba0af001 / 0x019f001: 36 != ed
440	5754.62fc: 00007ffcba0af002 / 0x019f002: fb != f9
441	5754.62fc: 00007ffcba0af008 / 0x019f008: e0 != f0
442	5754.62fc: 00007ffcba0af009 / 0x019f009: ea != eb
443	5754.62fc: 00007ffcba0af010 / 0x019f010: 20 != 30
444	5754.62fc: 00007ffcba0af011 / 0x019f011: 36 != ed
445	5754.62fc: 00007ffcba0af012 / 0x019f012: fb != f9
446	5754.62fc: 00007ffcba0af018 / 0x019f018: 20 != 30
447	5754.62fc: 00007ffcba0af019 / 0x019f019: 36 != ed
448	5754.62fc: 00007ffcba0af01a / 0x019f01a: fb != f9
449	5754.62fc: Restored 0x28 bytes of original file content at 00007ffcba0af000
450	5754.62fc: kernel32.dll: Differences in section #2 (.rdata) between file and memory:
451	5754.62fc: 00007ffcb88666c8 / 0x00866c8: 70 != f0
452	5754.62fc: 00007ffcb88666c9 / 0x00866c9: ff != eb
453	5754.62fc: 00007ffcb88666ca / 0x00866ca: 7f != f9
454	5754.62fc: 00007ffcb88666cb / 0x00866cb: b8 != b9
455	5754.62fc: 00007ffcb88666d0 / 0x00866d0: 90 != 30
456	5754.62fc: 00007ffcb88666d1 / 0x00866d1: 41 != ed
457	5754.62fc: 00007ffcb88666d2 / 0x00866d2: 80 != f9
458	5754.62fc: 00007ffcb88666d3 / 0x00866d3: b8 != b9
459	5754.62fc: 00007ffcb88666d8 / 0x00866d8: 70 != f0
460	5754.62fc: 00007ffcb88666d9 / 0x00866d9: ff != eb
461	5754.62fc: 00007ffcb88666da / 0x00866da: 7f != f9
462	5754.62fc: 00007ffcb88666db / 0x00866db: b8 != b9
463	5754.62fc: 00007ffcb88666e0 / 0x00866e0: b0 != 30
464	5754.62fc: 00007ffcb88666e1 / 0x00866e1: 41 != ed
465	5754.62fc: 00007ffcb88666e2 / 0x00866e2: 80 != f9
466	5754.62fc: 00007ffcb88666e3 / 0x00866e3: b8 != b9
467	5754.62fc: 00007ffcb88666e8 / 0x00866e8: b0 != 30
468	5754.62fc: 00007ffcb88666e9 / 0x00866e9: 41 != ed
469	5754.62fc: 00007ffcb88666ea / 0x00866ea: 80 != f9
470	5754.62fc: 00007ffcb88666eb / 0x00866eb: b8 != b9
471	5754.62fc: Restored 0x2000 bytes of original file content at 00007ffcb8866000
472	5754.62fc: kernelbase.dll: Differences in section #2 (.rdata) between file and memory:
473	5754.62fc: 00007ffcb7741878 / 0x0261878: 50 != f0
474	5754.62fc: 00007ffcb7741879 / 0x0261879: 4b != eb
475	5754.62fc: 00007ffcb774187a / 0x026187a: 5a != f9
476	5754.62fc: 00007ffcb774187b / 0x026187b: b7 != b9
477	5754.62fc: 00007ffcb7741880 / 0x0261880: 00 != 30
478	5754.62fc: 00007ffcb7741881 / 0x0261881: 4f != ed
479	5754.62fc: 00007ffcb7741882 / 0x0261882: 5a != f9
480	5754.62fc: 00007ffcb7741883 / 0x0261883: b7 != b9
481	5754.62fc: 00007ffcb7741888 / 0x0261888: 50 != f0
482	5754.62fc: 00007ffcb7741889 / 0x0261889: 4b != eb
483	5754.62fc: 00007ffcb774188a / 0x026188a: 5a != f9
484	5754.62fc: 00007ffcb774188b / 0x026188b: b7 != b9
485	5754.62fc: 00007ffcb7741890 / 0x0261890: 20 != 30
486	5754.62fc: 00007ffcb7741891 / 0x0261891: 4f != ed
487	5754.62fc: 00007ffcb7741892 / 0x0261892: 5a != f9
488	5754.62fc: 00007ffcb7741893 / 0x0261893: b7 != b9
489	5754.62fc: 00007ffcb7741898 / 0x0261898: 20 != 30
490	5754.62fc: 00007ffcb7741899 / 0x0261899: 4f != ed
491	5754.62fc: 00007ffcb774189a / 0x026189a: 5a != f9
492	5754.62fc: 00007ffcb774189b / 0x026189b: b7 != b9
493	5754.62fc: Restored 0x2000 bytes of original file content at 00007ffcb7741000
494	5754.62fc: supHardNtVpCheckHandles:
495	5754.62fc: supHardNtVpCheckHandles: Marked Mutant handle non-inheritable: 0000000000002aa4
496	5754.62fc: supR3HardenedWinInit: SUPHARDNTVPKIND_SELF_PURIFICATION_LIMITED -> VINF_SUCCESS, cFixes=10
497	5754.62fc: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
498	5754.62fc: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
499	5754.62fc: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
500	5754.62fc: supR3HardNtEnableThreadCreationEx:
501	5754.62fc: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffcb9f83dc0 pvNtTerminateThread=00007ffcb9fb03a0
502	5754.62fc: supR3HardenedWinDoReSpawn(1): New child 2968.6b30 [kernel32].
503	5754.62fc: supR3HardNtChildGatherData: PebBaseAddress=000000a3df71e000 cbPeb=0x388
504	5754.62fc: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffcb9f10000 uNtDllChildAddr=00007ffcb9f10000
505	5754.62fc: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffcb9f83dc0
506	5754.62fc: supR3HardenedWinSetupChildInit: Initial context:
507	rax=0000000000000000 rbx=0000000000000000 rcx=00007ff65047b7a0 rdx=000000a3df71e000
508	rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
509	r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
510	r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
511	rip=00007ffcb9f6aa20 rsp=000000a3df52ffd8 rbp=0000000000000000 ctxflags=0010001b
512	cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
513	P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
514	dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
515	dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
516	lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
517	5754.62fc: supR3HardenedWinSetupChildInit: Start child.
518	5754.62fc: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
519	5754.62fc: supR3HardNtChildPurify: Startup delay kludge #1/0: 525 ms, 34 sleeps
520	5754.62fc: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
521	5754.62fc: *0000000000000000-000000007ffdffff 0x0001/0x0000 0x0000000
522	5754.62fc: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
523	5754.62fc: 000000007ffe1000-000000007ffeefff 0x0001/0x0000 0x0000000
524	5754.62fc: *000000007ffef000-000000007ffeffff 0x0002/0x0002 0x0020000
525	5754.62fc: 000000007fff0000-000000a3df42ffff 0x0001/0x0000 0x0000000
526	5754.62fc: *000000a3df430000-000000a3df52afff 0x0000/0x0004 0x0020000
527	5754.62fc: 000000a3df52b000-000000a3df52dfff 0x0104/0x0004 0x0020000
528	5754.62fc: 000000a3df52e000-000000a3df52ffff 0x0004/0x0004 0x0020000
529	5754.62fc: 000000a3df530000-000000a3df5fffff 0x0001/0x0000 0x0000000
530	5754.62fc: *000000a3df600000-000000a3df71dfff 0x0000/0x0004 0x0020000
531	5754.62fc: 000000a3df71e000-000000a3df720fff 0x0004/0x0004 0x0020000
532	5754.62fc: 000000a3df721000-000000a3df7fffff 0x0000/0x0004 0x0020000
533	5754.62fc: 000000a3df800000-000001a8ffb4ffff 0x0001/0x0000 0x0000000
534	5754.62fc: *000001a8ffb50000-000001a8ffb6ffff 0x0004/0x0004 0x0020000
535	5754.62fc: *000001a8ffb70000-000001a8ffb8efff 0x0002/0x0002 0x0040000
536	5754.62fc: 000001a8ffb8f000-000001a8ffb8ffff 0x0001/0x0000 0x0000000
537	5754.62fc: *000001a8ffb90000-000001a8ffb90fff 0x0020/0x0020 0x0040000 !!
538	5754.62fc: supHardNtVpScanVirtualMemory: Unmapping exec mem at 000001a8ffb90000 (000001a8ffb90000/000001a8ffb90000 LB 0x1000)
539	5754.62fc: 000001a8ffb91000-000001a8ffb9ffff 0x0001/0x0000 0x0000000
540	5754.62fc: *000001a8ffba0000-000001a8ffba3fff 0x0002/0x0002 0x0040000
541	5754.62fc: 000001a8ffba4000-000001a8ffbaffff 0x0001/0x0000 0x0000000
542	5754.62fc: *000001a8ffbb0000-000001a8ffbb0fff 0x0002/0x0002 0x0040000
543	5754.62fc: 000001a8ffbb1000-000001a8ffbbffff 0x0001/0x0000 0x0000000
544	5754.62fc: *000001a8ffbc0000-000001a8ffbc1fff 0x0004/0x0004 0x0020000
545	5754.62fc: 000001a8ffbc2000-00007df5d32bffff 0x0001/0x0000 0x0000000
546	5754.62fc: *00007df5d32c0000-00007df5d32c0fff 0x0002/0x0002 0x0040000
547	5754.62fc: 00007df5d32c1000-00007df5d32cffff 0x0001/0x0000 0x0000000
548	5754.62fc: *00007df5d32d0000-00007df5d484dfff 0x0000/0x0001 0x0040000
549	5754.62fc: 00007df5d484e000-00007df5d48bafff 0x0001/0x0001 0x0040000
550	5754.62fc: 00007df5d48bb000-00007df5d50b8fff 0x0000/0x0001 0x0040000
551	5754.62fc: 00007df5d50b9000-00007df5d50b9fff 0x0001/0x0001 0x0040000
552	5754.62fc: 00007df5d50ba000-00007dfc772bdfff 0x0000/0x0001 0x0040000
553	5754.62fc: 00007dfc772be000-00007dfc772befff 0x0002/0x0001 0x0040000
554	5754.62fc: 00007dfc772bf000-00007ff5ac6e0fff 0x0000/0x0001 0x0040000
555	5754.62fc: 00007ff5ac6e1000-00007ff5ac6e6fff 0x0002/0x0001 0x0040000
556	5754.62fc: 00007ff5ac6e7000-00007ff5c24cbfff 0x0000/0x0001 0x0040000
557	5754.62fc: 00007ff5c24cc000-00007ff5c614bfff 0x0001/0x0001 0x0040000
558	5754.62fc: 00007ff5c614c000-00007ff5c6154fff 0x0002/0x0001 0x0040000
559	5754.62fc: 00007ff5c6155000-00007ff5d32cffff 0x0000/0x0001 0x0040000
560	5754.62fc: 00007ff5d32d0000-00007ff65046ffff 0x0001/0x0000 0x0000000
561	5754.62fc: *00007ff650470000-00007ff650470fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
562	5754.62fc: 00007ff650471000-00007ff6504dafff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
563	5754.62fc: 00007ff6504db000-00007ff6504dbfff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
564	5754.62fc: 00007ff6504dc000-00007ff65052efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
565	5754.62fc: 00007ff65052f000-00007ff65052ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
566	5754.62fc: 00007ff650530000-00007ff650530fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
567	5754.62fc: 00007ff650531000-00007ff650535fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
568	5754.62fc: 00007ff650536000-00007ff65053bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
569	5754.62fc: 00007ff65053c000-00007ff650583fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
570	5754.62fc: 00007ff650584000-00007ffcb9f0ffff 0x0001/0x0000 0x0000000
571	5754.62fc: *00007ffcb9f10000-00007ffcb9f10fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
572	5754.62fc: 00007ffcb9f11000-00007ffcba041fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
573	5754.62fc: 00007ffcba042000-00007ffcba08ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
574	5754.62fc: 00007ffcba090000-00007ffcba09bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
575	5754.62fc: 00007ffcba09c000-00007ffcba0aafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
576	5754.62fc: 00007ffcba0ab000-00007ffcba0abfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
577	5754.62fc: 00007ffcba0ac000-00007ffcba0aefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
578	5754.62fc: 00007ffcba0af000-00007ffcba126fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
579	5754.62fc: 00007ffcba127000-00007ffffffeffff 0x0001/0x0000 0x0000000
580	5754.62fc: VirtualBoxVM.exe: Differences in section #8 (.rsrc) between file and memory:
581	5754.62fc: 00007ff6505825f4 / 0x01125f4: 00 != 50
582	5754.62fc: 00007ff6505825f5 / 0x01125f5: 00 != 41
583	5754.62fc: 00007ff6505825f6 / 0x01125f6: 00 != 44
584	5754.62fc: 00007ff6505825f7 / 0x01125f7: 00 != 44
585	5754.62fc: 00007ff6505825f8 / 0x01125f8: 00 != 49
586	5754.62fc: 00007ff6505825f9 / 0x01125f9: 00 != 4e
587	5754.62fc: 00007ff6505825fa / 0x01125fa: 00 != 47
588	5754.62fc: 00007ff6505825fb / 0x01125fb: 00 != 58
589	5754.62fc: 00007ff6505825fc / 0x01125fc: 00 != 58
590	5754.62fc: 00007ff6505825fd / 0x01125fd: 00 != 50
591	5754.62fc: 00007ff6505825fe / 0x01125fe: 00 != 41
592	5754.62fc: 00007ff6505825ff / 0x01125ff: 00 != 44
593	5754.62fc: Restored 0xa0c bytes of original file content at 00007ff6505825f4
594	5754.62fc: supR3HardNtChildPurify: cFixes=2 g_fSupAdversaries=0x4
595	5754.62fc: supR3HardNtChildPurify: Startup delay kludge #1/1: 527 ms, 34 sleeps
596	5754.62fc: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
597	5754.62fc: *0000000000000000-000000007ffdffff 0x0001/0x0000 0x0000000
598	5754.62fc: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
599	5754.62fc: 000000007ffe1000-000000007ffeefff 0x0001/0x0000 0x0000000
600	5754.62fc: *000000007ffef000-000000007ffeffff 0x0002/0x0002 0x0020000
601	5754.62fc: 000000007fff0000-000000a3df42ffff 0x0001/0x0000 0x0000000
602	5754.62fc: *000000a3df430000-000000a3df52afff 0x0000/0x0004 0x0020000
603	5754.62fc: 000000a3df52b000-000000a3df52dfff 0x0104/0x0004 0x0020000
604	5754.62fc: 000000a3df52e000-000000a3df52ffff 0x0004/0x0004 0x0020000
605	5754.62fc: 000000a3df530000-000000a3df5fffff 0x0001/0x0000 0x0000000
606	5754.62fc: *000000a3df600000-000000a3df71dfff 0x0000/0x0004 0x0020000
607	5754.62fc: 000000a3df71e000-000000a3df720fff 0x0004/0x0004 0x0020000
608	5754.62fc: 000000a3df721000-000000a3df7fffff 0x0000/0x0004 0x0020000
609	5754.62fc: 000000a3df800000-000001a8ffb4ffff 0x0001/0x0000 0x0000000
610	5754.62fc: *000001a8ffb50000-000001a8ffb6ffff 0x0004/0x0004 0x0020000
611	5754.62fc: *000001a8ffb70000-000001a8ffb8efff 0x0002/0x0002 0x0040000
612	5754.62fc: 000001a8ffb8f000-000001a8ffb9ffff 0x0001/0x0000 0x0000000
613	5754.62fc: *000001a8ffba0000-000001a8ffba3fff 0x0002/0x0002 0x0040000
614	5754.62fc: 000001a8ffba4000-000001a8ffbaffff 0x0001/0x0000 0x0000000
615	5754.62fc: *000001a8ffbb0000-000001a8ffbb0fff 0x0002/0x0002 0x0040000
616	5754.62fc: 000001a8ffbb1000-000001a8ffbbffff 0x0001/0x0000 0x0000000
617	5754.62fc: *000001a8ffbc0000-000001a8ffbc1fff 0x0004/0x0004 0x0020000
618	5754.62fc: 000001a8ffbc2000-00007df5d32bffff 0x0001/0x0000 0x0000000
619	5754.62fc: *00007df5d32c0000-00007df5d32c0fff 0x0002/0x0002 0x0040000
620	5754.62fc: 00007df5d32c1000-00007df5d32cffff 0x0001/0x0000 0x0000000
621	5754.62fc: *00007df5d32d0000-00007df5d484dfff 0x0000/0x0001 0x0040000
622	5754.62fc: 00007df5d484e000-00007df5d48bafff 0x0001/0x0001 0x0040000
623	5754.62fc: 00007df5d48bb000-00007df5d50b8fff 0x0000/0x0001 0x0040000
624	5754.62fc: 00007df5d50b9000-00007df5d50b9fff 0x0001/0x0001 0x0040000
625	5754.62fc: 00007df5d50ba000-00007dfc772bdfff 0x0000/0x0001 0x0040000
626	5754.62fc: 00007dfc772be000-00007dfc772befff 0x0002/0x0001 0x0040000
627	5754.62fc: 00007dfc772bf000-00007ff5ac6e0fff 0x0000/0x0001 0x0040000
628	5754.62fc: 00007ff5ac6e1000-00007ff5ac6e6fff 0x0002/0x0001 0x0040000
629	5754.62fc: 00007ff5ac6e7000-00007ff5c24cbfff 0x0000/0x0001 0x0040000
630	5754.62fc: 00007ff5c24cc000-00007ff5c614bfff 0x0001/0x0001 0x0040000
631	5754.62fc: 00007ff5c614c000-00007ff5c6154fff 0x0002/0x0001 0x0040000
632	5754.62fc: 00007ff5c6155000-00007ff5d32cffff 0x0000/0x0001 0x0040000
633	5754.62fc: 00007ff5d32d0000-00007ff65046ffff 0x0001/0x0000 0x0000000
634	5754.62fc: *00007ff650470000-00007ff650470fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
635	5754.62fc: 00007ff650471000-00007ff6504dafff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
636	5754.62fc: 00007ff6504db000-00007ff6504dbfff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
637	5754.62fc: 00007ff6504dc000-00007ff65052efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
638	5754.62fc: 00007ff65052f000-00007ff65053bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
639	5754.62fc: 00007ff65053c000-00007ff650583fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
640	5754.62fc: 00007ff650584000-00007ffcb9f0ffff 0x0001/0x0000 0x0000000
641	5754.62fc: *00007ffcb9f10000-00007ffcb9f10fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
642	5754.62fc: 00007ffcb9f11000-00007ffcba041fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
643	5754.62fc: 00007ffcba042000-00007ffcba08ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
644	5754.62fc: 00007ffcba090000-00007ffcba093fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
645	5754.62fc: 00007ffcba094000-00007ffcba09bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
646	5754.62fc: 00007ffcba09c000-00007ffcba0aafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
647	5754.62fc: 00007ffcba0ab000-00007ffcba0abfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
648	5754.62fc: 00007ffcba0ac000-00007ffcba0aefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
649	5754.62fc: 00007ffcba0af000-00007ffcba126fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
650	5754.62fc: 00007ffcba127000-00007ffffffeffff 0x0001/0x0000 0x0000000
651	5754.62fc: supR3HardNtChildPurify: Done after 1063 ms and 2 fixes (loop #1).
652	2968.6b30: supR3HardenedVmProcessInit: uNtDllAddr=00007ffcb9f10000 g_uNtVerCombined=0xa0586700 (stack ~000000a3df52eda0)
653	2968.6b30: ntdll.dll: timestamp 0x92b2df34 (rc=VINF_SUCCESS)
654	2968.6b30: New simple heap: #1 000001a880000000 LB 0x800000 (for 2191360 allocation)
655	5754.62fc: supR3HardNtEnableThreadCreationEx:
656	2968.6b30: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
657	2968.6b30: System32: \Device\HarddiskVolume3\Windows\System32
658	2968.6b30: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
659	2968.6b30: KnownDllPath: C:\WINDOWS\System32
660	2968.6b30: supR3HardenedVmProcessInit: Opening vboxsup stub...
661	2968.6b30: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
662	2968.6b30: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
663	2968.6b30: Registered Dll notification callback with NTDLL.
664	2968.6b30: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
665	2968.6b30: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
666	2968.6b30: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
667	2968.6b30: supR3HardenedMonitor_KiUserApcDispatcher_C: pfnRoutine=000001a8ffb90088 enmState=3 -> supR3HardenedWinDummyApcRoutine
668	2968.6b30: supR3HardenedWinDummyApcRoutine: pvArg1=000001a8ffb90000 pvArg2=0000000000000000 pvArg3=0000000000000000
669	2968.6b30: supR3HardenedDllNotificationCallback: load 00007ffcb74e0000 LB 0x003a7000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
670	2968.6b30: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
671	2968.6b30: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
672	2968.6b30: supR3HardenedDllNotificationCallback: load 00007ffcb87e0000 LB 0x000c4000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
673	2968.6b30: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
674	2968.6b30: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb87e0000 'C:\WINDOWS\System32\KERNEL32.DLL'
675	2968.6b30: supR3HardenedDllNotificationCallback: load 00007ff650470000 LB 0x00114000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
676	2968.6b30: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
677	2968.6b30: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
678	2968.6b30: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
679	2968.6b30: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
680	2968.6b30: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffcb9f83dc0 pvNtTerminateThread=00007ffcb9fb03a0
681	5754.62fc: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 57 ms.
682	2968.6b30: \SystemRoot\System32\ntdll.dll:
683	2968.6b30: CreationTime: 2024-04-25T21:50:52.933474100Z
684	2968.6b30: LastWriteTime: 2024-04-25T21:50:52.967360700Z
685	2968.6b30: ChangeTime: 2024-04-25T22:15:47.894551900Z
686	2968.6b30: FileAttributes: 0x20
687	2968.6b30: Size: 0x216008
688	2968.6b30: NT Headers: 0xe8
689	2968.6b30: Timestamp: 0x92b2df34
690	2968.6b30: Machine: 0x8664 - amd64
691	2968.6b30: Timestamp: 0x92b2df34
692	2968.6b30: Image Version: 10.0
693	2968.6b30: SizeOfImage: 0x217000 (2191360)
694	2968.6b30: Resource Dir: 0x1a0000 LB 0x759a8
695	2968.6b30: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
696	2968.6b30: [Raw version resource data: 0x1a00f0 LB 0x380, codepage 0x0 (reserved 0x0)]
697	2968.6b30: ProductName: Microsoft® Windows® Operating System
698	2968.6b30: ProductVersion: 10.0.22621.3527
699	2968.6b30: FileVersion: 10.0.22621.3527 (WinBuild.160101.0800)
700	2968.6b30: FileDescription: NT Layer DLL
701	2968.6b30: \SystemRoot\System32\kernel32.dll:
702	2968.6b30: CreationTime: 2024-04-25T21:50:52.649892600Z
703	2968.6b30: LastWriteTime: 2024-04-25T21:50:52.664841500Z
704	2968.6b30: ChangeTime: 2024-04-25T22:15:37.505042500Z
705	2968.6b30: FileAttributes: 0x20
706	2968.6b30: Size: 0xc7158
707	2968.6b30: NT Headers: 0xe8
708	2968.6b30: Timestamp: 0x6b8a5ea3
709	2968.6b30: Machine: 0x8664 - amd64
710	2968.6b30: Timestamp: 0x6b8a5ea3
711	2968.6b30: Image Version: 10.0
712	2968.6b30: SizeOfImage: 0xc4000 (802816)
713	2968.6b30: Resource Dir: 0xc2000 LB 0x520
714	2968.6b30: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
715	2968.6b30: [Raw version resource data: 0xc20b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
716	2968.6b30: ProductName: Microsoft® Windows® Operating System
717	2968.6b30: ProductVersion: 10.0.22621.3527
718	2968.6b30: FileVersion: 10.0.22621.3527 (WinBuild.160101.0800)
719	2968.6b30: FileDescription: Windows NT BASE API Client DLL
720	2968.6b30: \SystemRoot\System32\KernelBase.dll:
721	2968.6b30: CreationTime: 2024-04-25T21:50:53.507611100Z
722	2968.6b30: LastWriteTime: 2024-04-25T21:50:53.604794300Z
723	2968.6b30: ChangeTime: 2024-04-25T22:15:45.722906700Z
724	2968.6b30: FileAttributes: 0x20
725	2968.6b30: Size: 0x3ae908
726	2968.6b30: NT Headers: 0xf8
727	2968.6b30: Timestamp: 0x83efbeab
728	2968.6b30: Machine: 0x8664 - amd64
729	2968.6b30: Timestamp: 0x83efbeab
730	2968.6b30: Image Version: 10.0
731	2968.6b30: SizeOfImage: 0x3a7000 (3829760)
732	2968.6b30: Resource Dir: 0x376000 LB 0x548
733	2968.6b30: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
734	2968.6b30: [Raw version resource data: 0x3760b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
735	2968.6b30: ProductName: Microsoft® Windows® Operating System
736	2968.6b30: ProductVersion: 10.0.22621.3527
737	2968.6b30: FileVersion: 10.0.22621.3527 (WinBuild.160101.0800)
738	2968.6b30: FileDescription: Windows NT BASE API Client DLL
739	2968.6b30: \SystemRoot\System32\apisetschema.dll:
740	2968.6b30: CreationTime: 2024-04-25T21:50:27.205621000Z
741	2968.6b30: LastWriteTime: 2024-04-25T21:50:27.208610400Z
742	2968.6b30: ChangeTime: 2024-04-25T22:15:42.442010700Z
743	2968.6b30: FileAttributes: 0x20
744	2968.6b30: Size: 0x245e0
745	2968.6b30: NT Headers: 0xc8
746	2968.6b30: Timestamp: 0x2f79598b
747	2968.6b30: Machine: 0x8664 - amd64
748	2968.6b30: Timestamp: 0x2f79598b
749	2968.6b30: Image Version: 10.0
750	2968.6b30: SizeOfImage: 0x23000 (143360)
751	2968.6b30: Resource Dir: 0x22000 LB 0x408
752	2968.6b30: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
753	2968.6b30: [Raw version resource data: 0x22060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
754	2968.6b30: ProductName: Microsoft® Windows® Operating System
755	2968.6b30: ProductVersion: 10.0.22621.3527
756	2968.6b30: FileVersion: 10.0.22621.3527 (WinBuild.160101.0800)
757	2968.6b30: FileDescription: ApiSet Schema DLL
758	2968.6b30: NtOpenDirectoryObject failed on \Driver: 0xc0000022
759	2968.6b30: supR3HardenedWinFindAdversaries: 0x4
760	2968.6b30: \SystemRoot\System32\drivers\aswMonFlt.sys:
761	2968.6b30: CreationTime: 2022-11-24T10:33:09.488089900Z
762	2968.6b30: LastWriteTime: 2024-04-12T01:45:56.269304300Z
763	2968.6b30: ChangeTime: 2024-04-12T01:45:56.269304300Z
764	2968.6b30: FileAttributes: 0x20
765	2968.6b30: Size: 0x41a38
766	2968.6b30: NT Headers: 0xf0
767	2968.6b30: Timestamp: 0x660161d5
768	2968.6b30: Machine: 0x8664 - amd64
769	2968.6b30: Timestamp: 0x660161d5
770	2968.6b30: Image Version: 10.0
771	2968.6b30: SizeOfImage: 0x49000 (299008)
772	2968.6b30: Resource Dir: 0x47000 LB 0x3b0
773	2968.6b30: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
774	2968.6b30: [Raw version resource data: 0x47058 LB 0x358, codepage 0x0 (reserved 0x0)]
775	2968.6b30: ProductName: Antivirus
776	2968.6b30: ProductVersion: 24.3.683.0
777	2968.6b30: FileVersion: 24.3.683.0
778	2968.6b30: FileDescription: Gen File System Filter
779	2968.6b30: \SystemRoot\System32\drivers\aswRdr2.sys:
780	2968.6b30: CreationTime: 2022-11-24T10:33:09.486096500Z
781	2968.6b30: LastWriteTime: 2024-04-12T01:45:56.261304700Z
782	2968.6b30: ChangeTime: 2024-04-12T01:45:56.261304700Z
783	2968.6b30: FileAttributes: 0x20
784	2968.6b30: Size: 0x16e38
785	2968.6b30: NT Headers: 0xe8
786	2968.6b30: Timestamp: 0x660161d2
787	2968.6b30: Machine: 0x8664 - amd64
788	2968.6b30: Timestamp: 0x660161d2
789	2968.6b30: Image Version: 10.0
790	2968.6b30: SizeOfImage: 0x1b000 (110592)
791	2968.6b30: Resource Dir: 0x19000 LB 0x398
792	2968.6b30: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
793	2968.6b30: [Raw version resource data: 0x19058 LB 0x33c, codepage 0x0 (reserved 0x0)]
794	2968.6b30: ProductName: Antivirus
795	2968.6b30: ProductVersion: 24.3.683.0
796	2968.6b30: FileVersion: 24.3.683.0
797	2968.6b30: FileDescription: Gen Antivirus
798	2968.6b30: \SystemRoot\System32\drivers\aswRvrt.sys:
799	2968.6b30: CreationTime: 2022-11-24T10:33:09.489086600Z
800	2968.6b30: LastWriteTime: 2024-04-12T01:45:56.277304500Z
801	2968.6b30: ChangeTime: 2024-04-12T01:45:56.277304500Z
802	2968.6b30: FileAttributes: 0x20
803	2968.6b30: Size: 0x10e38
804	2968.6b30: NT Headers: 0xe0
805	2968.6b30: Timestamp: 0x660161cb
806	2968.6b30: Machine: 0x8664 - amd64
807	2968.6b30: Timestamp: 0x660161cb
808	2968.6b30: Image Version: 10.0
809	2968.6b30: SizeOfImage: 0x13000 (77824)
810	2968.6b30: Resource Dir: 0x11000 LB 0x390
811	2968.6b30: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
812	2968.6b30: [Raw version resource data: 0x11058 LB 0x338, codepage 0x0 (reserved 0x0)]
813	2968.6b30: ProductName: Antivirus
814	2968.6b30: ProductVersion: 24.3.683.0
815	2968.6b30: FileVersion: 24.3.683.0
816	2968.6b30: FileDescription: Gen Revert
817	2968.6b30: \SystemRoot\System32\drivers\aswSnx.sys:
818	2968.6b30: CreationTime: 2022-11-24T10:33:09.480116700Z
819	2968.6b30: LastWriteTime: 2024-04-12T01:45:53.466864800Z
820	2968.6b30: ChangeTime: 2024-04-12T01:45:53.466864800Z
821	2968.6b30: FileAttributes: 0x20
822	2968.6b30: Size: 0xe4838
823	2968.6b30: NT Headers: 0x100
824	2968.6b30: Timestamp: 0x660161ff
825	2968.6b30: Machine: 0x8664 - amd64
826	2968.6b30: Timestamp: 0x660161ff
827	2968.6b30: Image Version: 10.0
828	2968.6b30: SizeOfImage: 0xe9000 (954368)
829	2968.6b30: Resource Dir: 0xe6000 LB 0x3b0
830	2968.6b30: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
831	2968.6b30: [Raw version resource data: 0xe6058 LB 0x354, codepage 0x0 (reserved 0x0)]
832	2968.6b30: ProductName: Antivirus
833	2968.6b30: ProductVersion: 24.3.683.0
834	2968.6b30: FileVersion: 24.3.683.0
835	2968.6b30: FileDescription: Gen Virtualization Driver
836	2968.6b30: \SystemRoot\System32\drivers\aswsp.sys:
837	2968.6b30: CreationTime: 2022-11-24T10:33:09.490083300Z
838	2968.6b30: LastWriteTime: 2024-04-12T01:45:56.288304000Z
839	2968.6b30: ChangeTime: 2024-04-12T01:45:56.288304000Z
840	2968.6b30: FileAttributes: 0x20
841	2968.6b30: Size: 0xa9e38
842	2968.6b30: NT Headers: 0xe8
843	2968.6b30: Timestamp: 0x660161ed
844	2968.6b30: Machine: 0x8664 - amd64
845	2968.6b30: Timestamp: 0x660161ed
846	2968.6b30: Image Version: 10.0
847	2968.6b30: SizeOfImage: 0xb0000 (720896)
848	2968.6b30: Resource Dir: 0xad000 LB 0x398
849	2968.6b30: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
850	2968.6b30: [Raw version resource data: 0xad058 LB 0x340, codepage 0x0 (reserved 0x0)]
851	2968.6b30: ProductName: Antivirus
852	2968.6b30: ProductVersion: 24.3.683.0
853	2968.6b30: FileVersion: 24.3.683.0
854	2968.6b30: FileDescription: Gen Self Protection
855	2968.6b30: \SystemRoot\System32\drivers\aswStm.sys:
856	2968.6b30: CreationTime: 2024-04-12T01:45:58.391309500Z
857	2968.6b30: LastWriteTime: 2024-04-12T01:45:56.481310100Z
858	2968.6b30: ChangeTime: 2024-04-12T01:45:56.481310100Z
859	2968.6b30: FileAttributes: 0x20
860	2968.6b30: Size: 0x31438
861	2968.6b30: NT Headers: 0xf0
862	2968.6b30: Timestamp: 0x66016201
863	2968.6b30: Machine: 0x8664 - amd64
864	2968.6b30: Timestamp: 0x66016201
865	2968.6b30: Image Version: 10.0
866	2968.6b30: SizeOfImage: 0x36000 (221184)
867	2968.6b30: Resource Dir: 0x34000 LB 0x3a0
868	2968.6b30: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
869	2968.6b30: [Raw version resource data: 0x34058 LB 0x344, codepage 0x0 (reserved 0x0)]
870	2968.6b30: ProductName: Antivirus
871	2968.6b30: ProductVersion: 24.3.683.0
872	2968.6b30: FileVersion: 24.3.683.0
873	2968.6b30: FileDescription: Gen Stream Filter
874	2968.6b30: \SystemRoot\System32\drivers\aswVmm.sys:
875	2968.6b30: CreationTime: 2022-11-24T10:33:09.495066500Z
876	2968.6b30: LastWriteTime: 2024-04-12T01:45:56.819309900Z
877	2968.6b30: ChangeTime: 2024-04-12T01:45:56.819309900Z
878	2968.6b30: FileAttributes: 0x20
879	2968.6b30: Size: 0x4ac38
880	2968.6b30: NT Headers: 0xe8
881	2968.6b30: Timestamp: 0x660161d4
882	2968.6b30: Machine: 0x8664 - amd64
883	2968.6b30: Timestamp: 0x660161d4
884	2968.6b30: Image Version: 10.0
885	2968.6b30: SizeOfImage: 0x4d000 (315392)
886	2968.6b30: Resource Dir: 0x4b000 LB 0x398
887	2968.6b30: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
888	2968.6b30: [Raw version resource data: 0x4b058 LB 0x340, codepage 0x0 (reserved 0x0)]
889	2968.6b30: ProductName: Antivirus
890	2968.6b30: ProductVersion: 24.3.683.0
891	2968.6b30: FileVersion: 24.3.683.0
892	2968.6b30: FileDescription: Gen VM Monitor
893	2968.6b30: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
894	2968.6b30: Calling main()
895	2968.6b30: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
896	2968.6b30: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
897	2968.6b30: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
898	2968.6b30: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
899	2968.6b30: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
900	2968.6b30: SUPR3HardenedMain: Respawn #2
901	2968.6b30: supR3HardNtEnableThreadCreationEx:
902	2968.6b30: supR3HardenedDllNotificationCallback: load 00007ffcb7890000 LB 0x00028000 C:\WINDOWS\System32\bcrypt.dll [fFlags=0x0]
903	2968.6b30: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcrypt.dll)
904	2968.6b30: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
905	2968.6b30: supR3HardenedDllNotificationCallback: load 00007ffcb8900000 LB 0x000a8000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
906	2968.6b30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'bcrypt.dll'.
907	2968.6b30: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\sechost.dll)
908	2968.6b30: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sechost.dll
909	2968.6b30: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
910	2968.6b30: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntdll.dll)
911	2968.6b30: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntdll.dll
912	2968.6b30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
913	2968.6b30: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
914	2968.6b30: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
915	2968.6b30: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
916	2968.6b30: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb9f10000 'C:\WINDOWS\System32\ntdll.dll'
917	2968.6b30: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\KernelBase.dll [lacks WinVerifyTrust]
918	2968.6b30: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KernelBase.dll (Input=KernelBase, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
919	2968.6b30: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb74e0000 'C:\WINDOWS\System32\KernelBase.dll'
920	2968.6b30: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffcb9f83dc0 pvNtTerminateThread=00007ffcb9fb03a0
921	2968.6b30: supR3HardenedWinDoReSpawn(2): New child 4ad4.60b4 [kernel32].
922	2968.6b30: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
923	2968.6b30: supR3HardNtChildGatherData: PebBaseAddress=000000c34e269000 cbPeb=0x388
924	2968.6b30: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffcb9f10000 uNtDllChildAddr=00007ffcb9f10000
925	2968.6b30: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffcb9f83dc0
926	2968.6b30: supR3HardenedWinSetupChildInit: Initial context:
927	rax=0000000000000000 rbx=0000000000000000 rcx=00007ff65047b7a0 rdx=000000c34e269000
928	rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
929	r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
930	r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
931	rip=00007ffcb9f6aa20 rsp=000000c34e1efcd8 rbp=0000000000000000 ctxflags=0010001b
932	cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
933	P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
934	dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
935	dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
936	lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
937	2968.6b30: kernel32.dll: timestamp 0x6b8a5ea3 (rc=VINF_SUCCESS)
938	2968.6b30: supR3HardenedWinSetupChildInit: Start child.
939	2968.6b30: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
940	2968.6b30: supR3HardNtChildPurify: Startup delay kludge #1/0: 524 ms, 33 sleeps
941	2968.6b30: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
942	2968.6b30: *0000000000000000-000000007ffdffff 0x0001/0x0000 0x0000000
943	2968.6b30: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
944	2968.6b30: 000000007ffe1000-000000007ffeefff 0x0001/0x0000 0x0000000
945	2968.6b30: *000000007ffef000-000000007ffeffff 0x0002/0x0002 0x0020000
946	2968.6b30: 000000007fff0000-000000c34e0effff 0x0001/0x0000 0x0000000
947	2968.6b30: *000000c34e0f0000-000000c34e1eafff 0x0000/0x0004 0x0020000
948	2968.6b30: 000000c34e1eb000-000000c34e1edfff 0x0104/0x0004 0x0020000
949	2968.6b30: 000000c34e1ee000-000000c34e1effff 0x0004/0x0004 0x0020000
950	2968.6b30: 000000c34e1f0000-000000c34e1fffff 0x0001/0x0000 0x0000000
951	2968.6b30: *000000c34e200000-000000c34e268fff 0x0000/0x0004 0x0020000
952	2968.6b30: 000000c34e269000-000000c34e26bfff 0x0004/0x0004 0x0020000
953	2968.6b30: 000000c34e26c000-000000c34e3fffff 0x0000/0x0004 0x0020000
954	2968.6b30: 000000c34e400000-0000029a0b78ffff 0x0001/0x0000 0x0000000
955	2968.6b30: *0000029a0b790000-0000029a0b7affff 0x0004/0x0004 0x0020000
956	2968.6b30: *0000029a0b7b0000-0000029a0b7cefff 0x0002/0x0002 0x0040000
957	2968.6b30: 0000029a0b7cf000-0000029a0b7cffff 0x0001/0x0000 0x0000000
958	2968.6b30: *0000029a0b7d0000-0000029a0b7d0fff 0x0020/0x0020 0x0040000 !!
959	2968.6b30: supHardNtVpScanVirtualMemory: Unmapping exec mem at 0000029a0b7d0000 (0000029a0b7d0000/0000029a0b7d0000 LB 0x1000)
960	2968.6b30: 0000029a0b7d1000-0000029a0b7dffff 0x0001/0x0000 0x0000000
961	2968.6b30: *0000029a0b7e0000-0000029a0b7e3fff 0x0002/0x0002 0x0040000
962	2968.6b30: 0000029a0b7e4000-0000029a0b7effff 0x0001/0x0000 0x0000000
963	2968.6b30: *0000029a0b7f0000-0000029a0b7f0fff 0x0002/0x0002 0x0040000
964	2968.6b30: 0000029a0b7f1000-0000029a0b7fffff 0x0001/0x0000 0x0000000
965	2968.6b30: *0000029a0b800000-0000029a0b801fff 0x0004/0x0004 0x0020000
966	2968.6b30: 0000029a0b802000-00007df5452dffff 0x0001/0x0000 0x0000000
967	2968.6b30: *00007df5452e0000-00007df5452e0fff 0x0002/0x0002 0x0040000
968	2968.6b30: 00007df5452e1000-00007df5452effff 0x0001/0x0000 0x0000000
969	2968.6b30: *00007df5452f0000-00007df54686dfff 0x0000/0x0001 0x0040000
970	2968.6b30: 00007df54686e000-00007df5468dafff 0x0001/0x0001 0x0040000
971	2968.6b30: 00007df5468db000-00007df5470d8fff 0x0000/0x0001 0x0040000
972	2968.6b30: 00007df5470d9000-00007df5470d9fff 0x0001/0x0001 0x0040000
973	2968.6b30: 00007df5470da000-00007dffad5cefff 0x0000/0x0001 0x0040000
974	2968.6b30: 00007dffad5cf000-00007dffad5cffff 0x0002/0x0001 0x0040000
975	2968.6b30: 00007dffad5d0000-00007ff51e700fff 0x0000/0x0001 0x0040000
976	2968.6b30: 00007ff51e701000-00007ff51e706fff 0x0002/0x0001 0x0040000
977	2968.6b30: 00007ff51e707000-00007ff5344ebfff 0x0000/0x0001 0x0040000
978	2968.6b30: 00007ff5344ec000-00007ff53816bfff 0x0001/0x0001 0x0040000
979	2968.6b30: 00007ff53816c000-00007ff538174fff 0x0002/0x0001 0x0040000
980	2968.6b30: 00007ff538175000-00007ff5452effff 0x0000/0x0001 0x0040000
981	2968.6b30: 00007ff5452f0000-00007ff65046ffff 0x0001/0x0000 0x0000000
982	2968.6b30: *00007ff650470000-00007ff650470fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
983	2968.6b30: 00007ff650471000-00007ff6504dafff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
984	2968.6b30: 00007ff6504db000-00007ff6504dbfff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
985	2968.6b30: 00007ff6504dc000-00007ff65052efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
986	2968.6b30: 00007ff65052f000-00007ff65052ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
987	2968.6b30: 00007ff650530000-00007ff650530fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
988	2968.6b30: 00007ff650531000-00007ff650535fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
989	2968.6b30: 00007ff650536000-00007ff65053bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
990	2968.6b30: 00007ff65053c000-00007ff650583fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
991	2968.6b30: 00007ff650584000-00007ffcb9f0ffff 0x0001/0x0000 0x0000000
992	2968.6b30: *00007ffcb9f10000-00007ffcb9f10fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
993	2968.6b30: 00007ffcb9f11000-00007ffcba041fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
994	2968.6b30: 00007ffcba042000-00007ffcba08ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
995	2968.6b30: 00007ffcba090000-00007ffcba09bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
996	2968.6b30: 00007ffcba09c000-00007ffcba0aafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
997	2968.6b30: 00007ffcba0ab000-00007ffcba0abfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
998	2968.6b30: 00007ffcba0ac000-00007ffcba0aefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
999	2968.6b30: 00007ffcba0af000-00007ffcba126fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1000	2968.6b30: 00007ffcba127000-00007ffffffeffff 0x0001/0x0000 0x0000000
1001	2968.6b30: VirtualBoxVM.exe: timestamp 0x65a53a70 (rc=VINF_SUCCESS)
1002	2968.6b30: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
1003	2968.6b30: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
1004	2968.6b30: VirtualBoxVM.exe: Differences in section #8 (.rsrc) between file and memory:
1005	2968.6b30: 00007ff6505825f4 / 0x01125f4: 00 != 50
1006	2968.6b30: 00007ff6505825f5 / 0x01125f5: 00 != 41
1007	2968.6b30: 00007ff6505825f6 / 0x01125f6: 00 != 44
1008	2968.6b30: 00007ff6505825f7 / 0x01125f7: 00 != 44
1009	2968.6b30: 00007ff6505825f8 / 0x01125f8: 00 != 49
1010	2968.6b30: 00007ff6505825f9 / 0x01125f9: 00 != 4e
1011	2968.6b30: 00007ff6505825fa / 0x01125fa: 00 != 47
1012	2968.6b30: 00007ff6505825fb / 0x01125fb: 00 != 58
1013	2968.6b30: 00007ff6505825fc / 0x01125fc: 00 != 58
1014	2968.6b30: 00007ff6505825fd / 0x01125fd: 00 != 50
1015	2968.6b30: 00007ff6505825fe / 0x01125fe: 00 != 41
1016	2968.6b30: 00007ff6505825ff / 0x01125ff: 00 != 44
1017	2968.6b30: Restored 0xa0c bytes of original file content at 00007ff6505825f4
1018	2968.6b30: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
1019	2968.6b30: supR3HardNtChildPurify: cFixes=2 g_fSupAdversaries=0x4
1020	2968.6b30: supR3HardNtChildPurify: Startup delay kludge #1/1: 520 ms, 33 sleeps
1021	2968.6b30: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
1022	2968.6b30: *0000000000000000-000000007ffdffff 0x0001/0x0000 0x0000000
1023	2968.6b30: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
1024	2968.6b30: 000000007ffe1000-000000007ffeefff 0x0001/0x0000 0x0000000
1025	2968.6b30: *000000007ffef000-000000007ffeffff 0x0002/0x0002 0x0020000
1026	2968.6b30: 000000007fff0000-000000c34e0effff 0x0001/0x0000 0x0000000
1027	2968.6b30: *000000c34e0f0000-000000c34e1eafff 0x0000/0x0004 0x0020000
1028	2968.6b30: 000000c34e1eb000-000000c34e1edfff 0x0104/0x0004 0x0020000
1029	2968.6b30: 000000c34e1ee000-000000c34e1effff 0x0004/0x0004 0x0020000
1030	2968.6b30: 000000c34e1f0000-000000c34e1fffff 0x0001/0x0000 0x0000000
1031	2968.6b30: *000000c34e200000-000000c34e268fff 0x0000/0x0004 0x0020000
1032	2968.6b30: 000000c34e269000-000000c34e26bfff 0x0004/0x0004 0x0020000
1033	2968.6b30: 000000c34e26c000-000000c34e3fffff 0x0000/0x0004 0x0020000
1034	2968.6b30: 000000c34e400000-0000029a0b78ffff 0x0001/0x0000 0x0000000
1035	2968.6b30: *0000029a0b790000-0000029a0b7affff 0x0004/0x0004 0x0020000
1036	2968.6b30: *0000029a0b7b0000-0000029a0b7cefff 0x0002/0x0002 0x0040000
1037	2968.6b30: 0000029a0b7cf000-0000029a0b7dffff 0x0001/0x0000 0x0000000
1038	2968.6b30: *0000029a0b7e0000-0000029a0b7e3fff 0x0002/0x0002 0x0040000
1039	2968.6b30: 0000029a0b7e4000-0000029a0b7effff 0x0001/0x0000 0x0000000
1040	2968.6b30: *0000029a0b7f0000-0000029a0b7f0fff 0x0002/0x0002 0x0040000
1041	2968.6b30: 0000029a0b7f1000-0000029a0b7fffff 0x0001/0x0000 0x0000000
1042	2968.6b30: *0000029a0b800000-0000029a0b801fff 0x0004/0x0004 0x0020000
1043	2968.6b30: 0000029a0b802000-00007df5452dffff 0x0001/0x0000 0x0000000
1044	2968.6b30: *00007df5452e0000-00007df5452e0fff 0x0002/0x0002 0x0040000
1045	2968.6b30: 00007df5452e1000-00007df5452effff 0x0001/0x0000 0x0000000
1046	2968.6b30: *00007df5452f0000-00007df54686dfff 0x0000/0x0001 0x0040000
1047	2968.6b30: 00007df54686e000-00007df5468dafff 0x0001/0x0001 0x0040000
1048	2968.6b30: 00007df5468db000-00007df5470d8fff 0x0000/0x0001 0x0040000
1049	2968.6b30: 00007df5470d9000-00007df5470d9fff 0x0001/0x0001 0x0040000
1050	2968.6b30: 00007df5470da000-00007dffad5cefff 0x0000/0x0001 0x0040000
1051	2968.6b30: 00007dffad5cf000-00007dffad5cffff 0x0002/0x0001 0x0040000
1052	2968.6b30: 00007dffad5d0000-00007ff51e700fff 0x0000/0x0001 0x0040000
1053	2968.6b30: 00007ff51e701000-00007ff51e706fff 0x0002/0x0001 0x0040000
1054	2968.6b30: 00007ff51e707000-00007ff5344ebfff 0x0000/0x0001 0x0040000
1055	2968.6b30: 00007ff5344ec000-00007ff53816bfff 0x0001/0x0001 0x0040000
1056	2968.6b30: 00007ff53816c000-00007ff538174fff 0x0002/0x0001 0x0040000
1057	2968.6b30: 00007ff538175000-00007ff5452effff 0x0000/0x0001 0x0040000
1058	2968.6b30: 00007ff5452f0000-00007ff65046ffff 0x0001/0x0000 0x0000000
1059	2968.6b30: *00007ff650470000-00007ff650470fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1060	2968.6b30: 00007ff650471000-00007ff6504dafff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1061	2968.6b30: 00007ff6504db000-00007ff6504dbfff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1062	2968.6b30: 00007ff6504dc000-00007ff65052efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1063	2968.6b30: 00007ff65052f000-00007ff65053bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1064	2968.6b30: 00007ff65053c000-00007ff650583fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1065	2968.6b30: 00007ff650584000-00007ffcb9f0ffff 0x0001/0x0000 0x0000000
1066	2968.6b30: *00007ffcb9f10000-00007ffcb9f10fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1067	2968.6b30: 00007ffcb9f11000-00007ffcba041fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1068	2968.6b30: 00007ffcba042000-00007ffcba08ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1069	2968.6b30: 00007ffcba090000-00007ffcba093fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1070	2968.6b30: 00007ffcba094000-00007ffcba09bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1071	2968.6b30: 00007ffcba09c000-00007ffcba0aafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1072	2968.6b30: 00007ffcba0ab000-00007ffcba0abfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1073	2968.6b30: 00007ffcba0ac000-00007ffcba0aefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1074	2968.6b30: 00007ffcba0af000-00007ffcba126fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1075	2968.6b30: 00007ffcba127000-00007ffffffeffff 0x0001/0x0000 0x0000000
1076	2968.6b30: supR3HardNtChildPurify: Done after 1083 ms and 2 fixes (loop #1).
1077	4ad4.60b4: supR3HardenedVmProcessInit: uNtDllAddr=00007ffcb9f10000 g_uNtVerCombined=0xa0586700 (stack ~000000c34e1eeaa0)
1078	2968.6b30: supR3HardenedEarlyCompact: Removed heap 1 (0x0001a880000000 LB 0x800000)
1079	4ad4.60b4: ntdll.dll: timestamp 0x92b2df34 (rc=VINF_SUCCESS)
1080	4ad4.60b4: New simple heap: #1 0000029a0b910000 LB 0x800000 (for 2191360 allocation)
1081	2968.6b30: supR3HardNtEnableThreadCreationEx:
1082	4ad4.60b4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
1083	4ad4.60b4: System32: \Device\HarddiskVolume3\Windows\System32
1084	4ad4.60b4: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
1085	4ad4.60b4: KnownDllPath: C:\WINDOWS\System32
1086	4ad4.60b4: supR3HardenedVmProcessInit: Opening vboxsup...
1087	4ad4.60b4: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
1088	4ad4.60b4: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
1089	4ad4.60b4: Registered Dll notification callback with NTDLL.
1090	4ad4.60b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
1091	4ad4.60b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
1092	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
1093	4ad4.60b4: supR3HardenedMonitor_KiUserApcDispatcher_C: pfnRoutine=0000029a0b7d0088 enmState=4 -> supR3HardenedWinDummyApcRoutine
1094	4ad4.60b4: supR3HardenedWinDummyApcRoutine: pvArg1=0000029a0b7d0000 pvArg2=0000000000000000 pvArg3=0000000000000000
1095	4ad4.60b4: supR3HardenedDllNotificationCallback: load 00007ffcb74e0000 LB 0x003a7000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
1096	4ad4.60b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
1097	4ad4.60b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
1098	4ad4.60b4: supR3HardenedDllNotificationCallback: load 00007ffcb87e0000 LB 0x000c4000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
1099	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
1100	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb87e0000 'C:\WINDOWS\System32\KERNEL32.DLL'
1101	4ad4.60b4: supR3HardenedDllNotificationCallback: load 00007ff650470000 LB 0x00114000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
1102	4ad4.60b4: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
1103	4ad4.60b4: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
1104	4ad4.60b4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
1105	4ad4.60b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1106	4ad4.60b4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffcb9f83dc0 pvNtTerminateThread=00007ffcb9fb03a0
1107	2968.6b30: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 76 ms.
1108	4ad4.60b4: \SystemRoot\System32\ntdll.dll:
1109	4ad4.60b4: CreationTime: 2024-04-25T21:50:52.933474100Z
1110	4ad4.60b4: LastWriteTime: 2024-04-25T21:50:52.967360700Z
1111	4ad4.60b4: ChangeTime: 2024-04-25T22:15:47.894551900Z
1112	4ad4.60b4: FileAttributes: 0x20
1113	4ad4.60b4: Size: 0x216008
1114	4ad4.60b4: NT Headers: 0xe8
1115	4ad4.60b4: Timestamp: 0x92b2df34
1116	4ad4.60b4: Machine: 0x8664 - amd64
1117	4ad4.60b4: Timestamp: 0x92b2df34
1118	4ad4.60b4: Image Version: 10.0
1119	4ad4.60b4: SizeOfImage: 0x217000 (2191360)
1120	4ad4.60b4: Resource Dir: 0x1a0000 LB 0x759a8
1121	4ad4.60b4: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
1122	4ad4.60b4: [Raw version resource data: 0x1a00f0 LB 0x380, codepage 0x0 (reserved 0x0)]
1123	4ad4.60b4: ProductName: Microsoft® Windows® Operating System
1124	4ad4.60b4: ProductVersion: 10.0.22621.3527
1125	4ad4.60b4: FileVersion: 10.0.22621.3527 (WinBuild.160101.0800)
1126	4ad4.60b4: FileDescription: NT Layer DLL
1127	4ad4.60b4: \SystemRoot\System32\kernel32.dll:
1128	4ad4.60b4: CreationTime: 2024-04-25T21:50:52.649892600Z
1129	4ad4.60b4: LastWriteTime: 2024-04-25T21:50:52.664841500Z
1130	4ad4.60b4: ChangeTime: 2024-04-25T22:15:37.505042500Z
1131	4ad4.60b4: FileAttributes: 0x20
1132	4ad4.60b4: Size: 0xc7158
1133	4ad4.60b4: NT Headers: 0xe8
1134	4ad4.60b4: Timestamp: 0x6b8a5ea3
1135	4ad4.60b4: Machine: 0x8664 - amd64
1136	4ad4.60b4: Timestamp: 0x6b8a5ea3
1137	4ad4.60b4: Image Version: 10.0
1138	4ad4.60b4: SizeOfImage: 0xc4000 (802816)
1139	4ad4.60b4: Resource Dir: 0xc2000 LB 0x520
1140	4ad4.60b4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
1141	4ad4.60b4: [Raw version resource data: 0xc20b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
1142	4ad4.60b4: ProductName: Microsoft® Windows® Operating System
1143	4ad4.60b4: ProductVersion: 10.0.22621.3527
1144	4ad4.60b4: FileVersion: 10.0.22621.3527 (WinBuild.160101.0800)
1145	4ad4.60b4: FileDescription: Windows NT BASE API Client DLL
1146	4ad4.60b4: \SystemRoot\System32\KernelBase.dll:
1147	4ad4.60b4: CreationTime: 2024-04-25T21:50:53.507611100Z
1148	4ad4.60b4: LastWriteTime: 2024-04-25T21:50:53.604794300Z
1149	4ad4.60b4: ChangeTime: 2024-04-25T22:15:45.722906700Z
1150	4ad4.60b4: FileAttributes: 0x20
1151	4ad4.60b4: Size: 0x3ae908
1152	4ad4.60b4: NT Headers: 0xf8
1153	4ad4.60b4: Timestamp: 0x83efbeab
1154	4ad4.60b4: Machine: 0x8664 - amd64
1155	4ad4.60b4: Timestamp: 0x83efbeab
1156	4ad4.60b4: Image Version: 10.0
1157	4ad4.60b4: SizeOfImage: 0x3a7000 (3829760)
1158	4ad4.60b4: Resource Dir: 0x376000 LB 0x548
1159	4ad4.60b4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
1160	4ad4.60b4: [Raw version resource data: 0x3760b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
1161	4ad4.60b4: ProductName: Microsoft® Windows® Operating System
1162	4ad4.60b4: ProductVersion: 10.0.22621.3527
1163	4ad4.60b4: FileVersion: 10.0.22621.3527 (WinBuild.160101.0800)
1164	4ad4.60b4: FileDescription: Windows NT BASE API Client DLL
1165	4ad4.60b4: \SystemRoot\System32\apisetschema.dll:
1166	4ad4.60b4: CreationTime: 2024-04-25T21:50:27.205621000Z
1167	4ad4.60b4: LastWriteTime: 2024-04-25T21:50:27.208610400Z
1168	4ad4.60b4: ChangeTime: 2024-04-25T22:15:42.442010700Z
1169	4ad4.60b4: FileAttributes: 0x20
1170	4ad4.60b4: Size: 0x245e0
1171	4ad4.60b4: NT Headers: 0xc8
1172	4ad4.60b4: Timestamp: 0x2f79598b
1173	4ad4.60b4: Machine: 0x8664 - amd64
1174	4ad4.60b4: Timestamp: 0x2f79598b
1175	4ad4.60b4: Image Version: 10.0
1176	4ad4.60b4: SizeOfImage: 0x23000 (143360)
1177	4ad4.60b4: Resource Dir: 0x22000 LB 0x408
1178	4ad4.60b4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1179	4ad4.60b4: [Raw version resource data: 0x22060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
1180	4ad4.60b4: ProductName: Microsoft® Windows® Operating System
1181	4ad4.60b4: ProductVersion: 10.0.22621.3527
1182	4ad4.60b4: FileVersion: 10.0.22621.3527 (WinBuild.160101.0800)
1183	4ad4.60b4: FileDescription: ApiSet Schema DLL
1184	4ad4.60b4: NtOpenDirectoryObject failed on \Driver: 0xc0000022
1185	4ad4.60b4: supR3HardenedWinFindAdversaries: 0x4
1186	4ad4.60b4: \SystemRoot\System32\drivers\aswMonFlt.sys:
1187	4ad4.60b4: CreationTime: 2022-11-24T10:33:09.488089900Z
1188	4ad4.60b4: LastWriteTime: 2024-04-12T01:45:56.269304300Z
1189	4ad4.60b4: ChangeTime: 2024-04-12T01:45:56.269304300Z
1190	4ad4.60b4: FileAttributes: 0x20
1191	4ad4.60b4: Size: 0x41a38
1192	4ad4.60b4: NT Headers: 0xf0
1193	4ad4.60b4: Timestamp: 0x660161d5
1194	4ad4.60b4: Machine: 0x8664 - amd64
1195	4ad4.60b4: Timestamp: 0x660161d5
1196	4ad4.60b4: Image Version: 10.0
1197	4ad4.60b4: SizeOfImage: 0x49000 (299008)
1198	4ad4.60b4: Resource Dir: 0x47000 LB 0x3b0
1199	4ad4.60b4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1200	4ad4.60b4: [Raw version resource data: 0x47058 LB 0x358, codepage 0x0 (reserved 0x0)]
1201	4ad4.60b4: ProductName: Antivirus
1202	4ad4.60b4: ProductVersion: 24.3.683.0
1203	4ad4.60b4: FileVersion: 24.3.683.0
1204	4ad4.60b4: FileDescription: Gen File System Filter
1205	4ad4.60b4: \SystemRoot\System32\drivers\aswRdr2.sys:
1206	4ad4.60b4: CreationTime: 2022-11-24T10:33:09.486096500Z
1207	4ad4.60b4: LastWriteTime: 2024-04-12T01:45:56.261304700Z
1208	4ad4.60b4: ChangeTime: 2024-04-12T01:45:56.261304700Z
1209	4ad4.60b4: FileAttributes: 0x20
1210	4ad4.60b4: Size: 0x16e38
1211	4ad4.60b4: NT Headers: 0xe8
1212	4ad4.60b4: Timestamp: 0x660161d2
1213	4ad4.60b4: Machine: 0x8664 - amd64
1214	4ad4.60b4: Timestamp: 0x660161d2
1215	4ad4.60b4: Image Version: 10.0
1216	4ad4.60b4: SizeOfImage: 0x1b000 (110592)
1217	4ad4.60b4: Resource Dir: 0x19000 LB 0x398
1218	4ad4.60b4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1219	4ad4.60b4: [Raw version resource data: 0x19058 LB 0x33c, codepage 0x0 (reserved 0x0)]
1220	4ad4.60b4: ProductName: Antivirus
1221	4ad4.60b4: ProductVersion: 24.3.683.0
1222	4ad4.60b4: FileVersion: 24.3.683.0
1223	4ad4.60b4: FileDescription: Gen Antivirus
1224	4ad4.60b4: \SystemRoot\System32\drivers\aswRvrt.sys:
1225	4ad4.60b4: CreationTime: 2022-11-24T10:33:09.489086600Z
1226	4ad4.60b4: LastWriteTime: 2024-04-12T01:45:56.277304500Z
1227	4ad4.60b4: ChangeTime: 2024-04-12T01:45:56.277304500Z
1228	4ad4.60b4: FileAttributes: 0x20
1229	4ad4.60b4: Size: 0x10e38
1230	4ad4.60b4: NT Headers: 0xe0
1231	4ad4.60b4: Timestamp: 0x660161cb
1232	4ad4.60b4: Machine: 0x8664 - amd64
1233	4ad4.60b4: Timestamp: 0x660161cb
1234	4ad4.60b4: Image Version: 10.0
1235	4ad4.60b4: SizeOfImage: 0x13000 (77824)
1236	4ad4.60b4: Resource Dir: 0x11000 LB 0x390
1237	4ad4.60b4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1238	4ad4.60b4: [Raw version resource data: 0x11058 LB 0x338, codepage 0x0 (reserved 0x0)]
1239	4ad4.60b4: ProductName: Antivirus
1240	4ad4.60b4: ProductVersion: 24.3.683.0
1241	4ad4.60b4: FileVersion: 24.3.683.0
1242	4ad4.60b4: FileDescription: Gen Revert
1243	4ad4.60b4: \SystemRoot\System32\drivers\aswSnx.sys:
1244	4ad4.60b4: CreationTime: 2022-11-24T10:33:09.480116700Z
1245	4ad4.60b4: LastWriteTime: 2024-04-12T01:45:53.466864800Z
1246	4ad4.60b4: ChangeTime: 2024-04-12T01:45:53.466864800Z
1247	4ad4.60b4: FileAttributes: 0x20
1248	4ad4.60b4: Size: 0xe4838
1249	4ad4.60b4: NT Headers: 0x100
1250	4ad4.60b4: Timestamp: 0x660161ff
1251	4ad4.60b4: Machine: 0x8664 - amd64
1252	4ad4.60b4: Timestamp: 0x660161ff
1253	4ad4.60b4: Image Version: 10.0
1254	4ad4.60b4: SizeOfImage: 0xe9000 (954368)
1255	4ad4.60b4: Resource Dir: 0xe6000 LB 0x3b0
1256	4ad4.60b4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1257	4ad4.60b4: [Raw version resource data: 0xe6058 LB 0x354, codepage 0x0 (reserved 0x0)]
1258	4ad4.60b4: ProductName: Antivirus
1259	4ad4.60b4: ProductVersion: 24.3.683.0
1260	4ad4.60b4: FileVersion: 24.3.683.0
1261	4ad4.60b4: FileDescription: Gen Virtualization Driver
1262	4ad4.60b4: \SystemRoot\System32\drivers\aswsp.sys:
1263	4ad4.60b4: CreationTime: 2022-11-24T10:33:09.490083300Z
1264	4ad4.60b4: LastWriteTime: 2024-04-12T01:45:56.288304000Z
1265	4ad4.60b4: ChangeTime: 2024-04-12T01:45:56.288304000Z
1266	4ad4.60b4: FileAttributes: 0x20
1267	4ad4.60b4: Size: 0xa9e38
1268	4ad4.60b4: NT Headers: 0xe8
1269	4ad4.60b4: Timestamp: 0x660161ed
1270	4ad4.60b4: Machine: 0x8664 - amd64
1271	4ad4.60b4: Timestamp: 0x660161ed
1272	4ad4.60b4: Image Version: 10.0
1273	4ad4.60b4: SizeOfImage: 0xb0000 (720896)
1274	4ad4.60b4: Resource Dir: 0xad000 LB 0x398
1275	4ad4.60b4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1276	4ad4.60b4: [Raw version resource data: 0xad058 LB 0x340, codepage 0x0 (reserved 0x0)]
1277	4ad4.60b4: ProductName: Antivirus
1278	4ad4.60b4: ProductVersion: 24.3.683.0
1279	4ad4.60b4: FileVersion: 24.3.683.0
1280	4ad4.60b4: FileDescription: Gen Self Protection
1281	4ad4.60b4: \SystemRoot\System32\drivers\aswStm.sys:
1282	4ad4.60b4: CreationTime: 2024-04-12T01:45:58.391309500Z
1283	4ad4.60b4: LastWriteTime: 2024-04-12T01:45:56.481310100Z
1284	4ad4.60b4: ChangeTime: 2024-04-12T01:45:56.481310100Z
1285	4ad4.60b4: FileAttributes: 0x20
1286	4ad4.60b4: Size: 0x31438
1287	4ad4.60b4: NT Headers: 0xf0
1288	4ad4.60b4: Timestamp: 0x66016201
1289	4ad4.60b4: Machine: 0x8664 - amd64
1290	4ad4.60b4: Timestamp: 0x66016201
1291	4ad4.60b4: Image Version: 10.0
1292	4ad4.60b4: SizeOfImage: 0x36000 (221184)
1293	4ad4.60b4: Resource Dir: 0x34000 LB 0x3a0
1294	4ad4.60b4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1295	4ad4.60b4: [Raw version resource data: 0x34058 LB 0x344, codepage 0x0 (reserved 0x0)]
1296	4ad4.60b4: ProductName: Antivirus
1297	4ad4.60b4: ProductVersion: 24.3.683.0
1298	4ad4.60b4: FileVersion: 24.3.683.0
1299	4ad4.60b4: FileDescription: Gen Stream Filter
1300	4ad4.60b4: \SystemRoot\System32\drivers\aswVmm.sys:
1301	4ad4.60b4: CreationTime: 2022-11-24T10:33:09.495066500Z
1302	4ad4.60b4: LastWriteTime: 2024-04-12T01:45:56.819309900Z
1303	4ad4.60b4: ChangeTime: 2024-04-12T01:45:56.819309900Z
1304	4ad4.60b4: FileAttributes: 0x20
1305	4ad4.60b4: Size: 0x4ac38
1306	4ad4.60b4: NT Headers: 0xe8
1307	4ad4.60b4: Timestamp: 0x660161d4
1308	4ad4.60b4: Machine: 0x8664 - amd64
1309	4ad4.60b4: Timestamp: 0x660161d4
1310	4ad4.60b4: Image Version: 10.0
1311	4ad4.60b4: SizeOfImage: 0x4d000 (315392)
1312	4ad4.60b4: Resource Dir: 0x4b000 LB 0x398
1313	4ad4.60b4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1314	4ad4.60b4: [Raw version resource data: 0x4b058 LB 0x340, codepage 0x0 (reserved 0x0)]
1315	4ad4.60b4: ProductName: Antivirus
1316	4ad4.60b4: ProductVersion: 24.3.683.0
1317	4ad4.60b4: FileVersion: 24.3.683.0
1318	4ad4.60b4: FileDescription: Gen VM Monitor
1319	4ad4.60b4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
1320	4ad4.60b4: Calling main()
1321	4ad4.60b4: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
1322	4ad4.60b4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
1323	4ad4.60b4: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
1324	4ad4.60b4: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
1325	4ad4.60b4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
1326	4ad4.60b4: SUPR3HardenedMain: Final process, opening VBoxDrv...
1327	4ad4.60b4: supR3HardenedEarlyCompact: Removed heap 1 (0x00029a0b910000 LB 0x800000)
1328	4ad4.60b4: supR3HardNtEnableThreadCreationEx:
1329	4ad4.60b4: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll: Signature #1/2: info status: 24202
1330	4ad4.60b4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
1331	4ad4.60b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
1332	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1333	4ad4.60b4: supR3HardenedScreenImage/NtCreateSection: cache hit (24202) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
1334	4ad4.60b4: supR3HardenedDllNotificationCallback: load 00007ffcb0d90000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
1335	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (24202) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
1336	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (24202) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
1337	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1338	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb0d90000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
1339	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (24202) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
1340	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1341	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb0d90000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
1342	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb0d90000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
1343	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1344	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'rpcrt4.dll'.
1345	4ad4.60b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wintrust.dll)
1346	4ad4.60b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wintrust.dll
1347	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1348	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1349	4ad4.60b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll)
1350	4ad4.60b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
1351	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1352	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1353	4ad4.60b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcrt.dll)
1354	4ad4.60b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
1355	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1356	4ad4.60b4: supR3HardenedDllNotificationCallback: load 00007ffcb7d00000 LB 0x000a7000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0]
1357	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1358	4ad4.60b4: supR3HardenedDllNotificationCallback: load 00007ffcb8a00000 LB 0x00115000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
1359	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1360	4ad4.60b4: supR3HardenedDllNotificationCallback: load 00007ffcb73a0000 LB 0x0006b000 C:\WINDOWS\System32\Wintrust.dll [fFlags=0x0]
1361	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
1362	4ad4.60b4: supR3HardenedDllNotificationCallback: load 00007ffcb78c0000 LB 0x00111000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0]
1363	4ad4.60b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ucrtbase.dll)
1364	4ad4.60b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ucrtbase.dll
1365	4ad4.60b4: supR3HardenedDllNotificationCallback: load 00007ffcb7230000 LB 0x00167000 C:\WINDOWS\System32\CRYPT32.dll [fFlags=0x0]
1366	4ad4.60b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\crypt32.dll)
1367	4ad4.60b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\crypt32.dll
1368	4ad4.60b4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
1369	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1370	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb74e0000 'api-ms-win-core-synch-l1-2-0'
1371	4ad4.60b4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
1372	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1373	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb74e0000 'api-ms-win-core-fibers-l1-1-1'
1374	4ad4.60b4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
1375	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1376	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb74e0000 'api-ms-win-core-synch-l1-2-0'
1377	4ad4.60b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msasn1.dll)
1378	4ad4.60b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msasn1.dll
1379	4ad4.60b4: supR3HardenedDllNotificationCallback: load 00007ffcb6ec0000 LB 0x00012000 C:\WINDOWS\SYSTEM32\MSASN1.dll [fFlags=0x0]
1380	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
1381	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb73a0000 'C:\WINDOWS\system32\Wintrust.dll'
1382	4ad4.60b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcrypt.dll)
1383	4ad4.60b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
1384	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1385	4ad4.60b4: supR3HardenedDllNotificationCallback: load 00007ffcb7890000 LB 0x00028000 C:\WINDOWS\System32\bcrypt.dll [fFlags=0x0]
1386	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
1387	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7890000 'C:\WINDOWS\system32\bcrypt.dll'
1388	4ad4.60b4: bcrypt.dll loaded at 00007ffcb7890000, BCryptOpenAlgorithmProvider at 00007ffcb7894520, preloading providers:
1389	4ad4.60b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll)
1390	4ad4.60b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
1391	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1392	4ad4.60b4: supR3HardenedDllNotificationCallback: load 00007ffcb7bc0000 LB 0x00079000 C:\WINDOWS\System32\bcryptprimitives.dll [fFlags=0x0]
1393	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
1394	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7bc0000 'C:\WINDOWS\system32\bcryptprimitives.dll'
1395	4ad4.60b4: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=0000029a0c201400)
1396	4ad4.60b4: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=0000029a0c2033b0)
1397	4ad4.60b4: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=0000029a0c203700)
1398	4ad4.60b4: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000029a0c203a50)
1399	4ad4.60b4: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000029a0c203da0)
1400	4ad4.60b4: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000029a0c2040f0)
1401	4ad4.60b4: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000029a0c204440)
1402	4ad4.60b4: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000029a0c204790)
1403	4ad4.60b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptsp.dll)
1404	4ad4.60b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptsp.dll
1405	4ad4.60b4: supR3HardenedDllNotificationCallback: load 00007ffcb6a10000 LB 0x0001b000 C:\WINDOWS\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
1406	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
1407	4ad4.60b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rsaenh.dll)
1408	4ad4.60b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
1409	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1410	4ad4.60b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1411	4ad4.60b4: supR3HardenedDllNotificationCallback: load 00007ffcb62a0000 LB 0x00035000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
1412	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1413	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb62a0000 'C:\WINDOWS\system32\rsaenh.dll'
1414	4ad4.60b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptbase.dll)
1415	4ad4.60b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptbase.dll
1416	4ad4.60b4: supR3HardenedDllNotificationCallback: load 00007ffcb6a30000 LB 0x0000c000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
1417	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
1418	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
1419	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1420	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb87e0000 'C:\WINDOWS\System32\kernel32.dll'
1421	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
1422	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1423	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb73a0000 'C:\WINDOWS\System32\WINTRUST.DLL'
1424	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
1425	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
1426	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7230000 'C:\WINDOWS\System32\CRYPT32.dll'
1427	4ad4.60b4: supR3HardenedDllNotificationCallback: load 00007ffcb8c10000 LB 0x0001f000 C:\WINDOWS\System32\imagehlp.dll [fFlags=0x0]
1428	4ad4.60b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\imagehlp.dll)
1429	4ad4.60b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imagehlp.dll
1430	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1431	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1432	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb62a0000 'C:\WINDOWS\system32\rsaenh.dll'
1433	4ad4.60b4: supR3HardenedDllNotificationCallback: load 00007ffcb8900000 LB 0x000a8000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
1434	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'bcrypt.dll'.
1435	4ad4.60b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\sechost.dll)
1436	4ad4.60b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sechost.dll
1437	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1438	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
1439	4ad4.60b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gpapi.dll)
1440	4ad4.60b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gpapi.dll
1441	4ad4.60b4: supR3HardenedDllNotificationCallback: load 00007ffcb6840000 LB 0x00026000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0]
1442	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
1443	4ad4.60b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\profapi.dll)
1444	4ad4.60b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\profapi.dll
1445	4ad4.60b4: supR3HardenedDllNotificationCallback: load 00007ffcb7160000 LB 0x00021000 C:\WINDOWS\SYSTEM32\profapi.dll [fFlags=0x0]
1446	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\profapi.dll [lacks WinVerifyTrust]
1447	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1448	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
1449	4ad4.60b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptnet.dll)
1450	4ad4.60b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptnet.dll
1451	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
1452	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
1453	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
1454	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1455	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1456	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1457	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1458	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1459	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1460	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1461	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1462	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1463	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
1464	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
1465	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
1466	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1467	4ad4.60b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1468	4ad4.60b4: supR3HardenedDllNotificationCallback: load 00007ffcb14a0000 LB 0x00032000 C:\WINDOWS\System32\cryptnet.dll [fFlags=0x0]
1469	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1470	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1471	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
1472	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb14a0000 'C:\WINDOWS\System32\cryptnet.dll'
1473	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1474	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
1475	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb14a0000 'C:\WINDOWS\System32\cryptnet.dll'
1476	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1477	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
1478	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb14a0000 'C:\WINDOWS\System32\cryptnet.dll'
1479	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1480	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
1481	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb14a0000 'C:\WINDOWS\System32\cryptnet.dll'
1482	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1483	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
1484	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb14a0000 'C:\WINDOWS\System32\cryptnet.dll'
1485	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1486	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
1487	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb14a0000 'C:\WINDOWS\System32\cryptnet.dll'
1488	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1489	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb14a0000 'C:\WINDOWS\System32\cryptnet.dll'
1490	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1491	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb14a0000 'C:\WINDOWS\System32\cryptnet.dll'
1492	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1493	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb14a0000 'C:\WINDOWS\System32\cryptnet.dll'
1494	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1495	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb14a0000 'C:\WINDOWS\System32\cryptnet.dll'
1496	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1497	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb14a0000 'C:\WINDOWS\System32\cryptnet.dll'
1498	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb14a0000 'C:\WINDOWS\System32\cryptnet.dll'
1499	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1500	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb14a0000 'C:\Windows\System32\cryptnet.dll'
1501	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
1502	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1503	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7230000 'C:\WINDOWS\System32\crypt32.dll'
1504	4ad4.60b4: supR3HardenedDllNotificationCallback: load 00007ffcb86c0000 LB 0x000b2000 C:\WINDOWS\System32\advapi32.dll [fFlags=0x0]
1505	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1506	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.
1507	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'rpcrt4.dll'.
1508	4ad4.60b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\advapi32.dll)
1509	4ad4.60b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\advapi32.dll
1510	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1511	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1512	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1513	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1514	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
1515	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume3\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
1516	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\sechost.dll [lacks WinVerifyTrust]
1517	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1518	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1519	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1520	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1521	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb62a0000 'C:\WINDOWS\system32\rsaenh.dll'
1522	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
1523	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1524	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7230000 'C:\WINDOWS\System32\crypt32.dll'
1525	4ad4.60b4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
1526	4ad4.60b4: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000029a0c2d5010
1527	4ad4.60b4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000029a0c2d5010
1528	4ad4.60b4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B75D042783ED0B6507B52A83F7110A7FC32B1632
1529	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1530	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1531	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb8a00000 'C:\WINDOWS\System32\rpcrt4.dll'
1532	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1533	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1534	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb62a0000 'C:\WINDOWS\system32\rsaenh.dll'
1535	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
1536	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1537	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7230000 'C:\WINDOWS\System32\crypt32.dll'
1538	4ad4.60b4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package051420~31bf3856ad364e35~amd64~~10.0.22621.3527.cat'; file='\SystemRoot\System32\ntdll.dll'
1539	4ad4.60b4: g_pfnWinVerifyTrust=00007ffcb73b2480
1540	4ad4.60b4: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
1541	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1542	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1543	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb62a0000 'C:\WINDOWS\system32\rsaenh.dll'
1544	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
1545	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1546	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7230000 'C:\WINDOWS\System32\crypt32.dll'
1547	4ad4.60b4: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\crypt32.dll'
1548	4ad4.60b4: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
1549	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1550	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1551	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb62a0000 'C:\WINDOWS\system32\rsaenh.dll'
1552	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
1553	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1554	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7230000 'C:\WINDOWS\System32\crypt32.dll'
1555	4ad4.60b4: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\wintrust.dll'
1556	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1557	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1558	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb62a0000 'C:\WINDOWS\system32\rsaenh.dll'
1559	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7230000 'C:\WINDOWS\System32\crypt32.dll'
1560	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\advapi32.dll'
1561	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1562	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb62a0000 'C:\WINDOWS\system32\rsaenh.dll'
1563	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7230000 'C:\WINDOWS\System32\crypt32.dll'
1564	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptnet.dll'
1565	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1566	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb62a0000 'C:\WINDOWS\system32\rsaenh.dll'
1567	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7230000 'C:\WINDOWS\System32\crypt32.dll'
1568	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\profapi.dll'
1569	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1570	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb62a0000 'C:\WINDOWS\system32\rsaenh.dll'
1571	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7230000 'C:\WINDOWS\System32\crypt32.dll'
1572	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gpapi.dll'
1573	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1574	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb62a0000 'C:\WINDOWS\system32\rsaenh.dll'
1575	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7230000 'C:\WINDOWS\System32\crypt32.dll'
1576	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\sechost.dll'
1577	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1578	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb62a0000 'C:\WINDOWS\system32\rsaenh.dll'
1579	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7230000 'C:\WINDOWS\System32\crypt32.dll'
1580	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imagehlp.dll'
1581	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1582	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb62a0000 'C:\WINDOWS\system32\rsaenh.dll'
1583	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7230000 'C:\WINDOWS\System32\crypt32.dll'
1584	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptbase.dll'
1585	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1586	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb62a0000 'C:\WINDOWS\system32\rsaenh.dll'
1587	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
1588	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1589	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7230000 'C:\WINDOWS\System32\crypt32.dll'
1590	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rsaenh.dll'
1591	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
1592	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1593	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb62a0000 'C:\WINDOWS\system32\rsaenh.dll'
1594	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7230000 'C:\WINDOWS\System32\crypt32.dll'
1595	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptsp.dll'
1596	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb62a0000 'C:\WINDOWS\system32\rsaenh.dll'
1597	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7230000 'C:\WINDOWS\System32\crypt32.dll'
1598	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll'
1599	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb62a0000 'C:\WINDOWS\system32\rsaenh.dll'
1600	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7230000 'C:\WINDOWS\System32\crypt32.dll'
1601	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll'
1602	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb62a0000 'C:\WINDOWS\system32\rsaenh.dll'
1603	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7230000 'C:\WINDOWS\System32\crypt32.dll'
1604	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msasn1.dll'
1605	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb62a0000 'C:\WINDOWS\system32\rsaenh.dll'
1606	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7230000 'C:\WINDOWS\System32\crypt32.dll'
1607	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ucrtbase.dll'
1608	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb62a0000 'C:\WINDOWS\system32\rsaenh.dll'
1609	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7230000 'C:\WINDOWS\System32\crypt32.dll'
1610	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll'
1611	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb62a0000 'C:\WINDOWS\system32\rsaenh.dll'
1612	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7230000 'C:\WINDOWS\System32\crypt32.dll'
1613	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll'
1614	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb62a0000 'C:\WINDOWS\system32\rsaenh.dll'
1615	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7230000 'C:\WINDOWS\System32\crypt32.dll'
1616	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
1617	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb62a0000 'C:\WINDOWS\system32\rsaenh.dll'
1618	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7230000 'C:\WINDOWS\System32\crypt32.dll'
1619	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe'
1620	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb62a0000 'C:\WINDOWS\system32\rsaenh.dll'
1621	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7230000 'C:\WINDOWS\System32\crypt32.dll'
1622	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\KernelBase.dll'
1623	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb62a0000 'C:\WINDOWS\system32\rsaenh.dll'
1624	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7230000 'C:\WINDOWS\System32\crypt32.dll'
1625	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\kernel32.dll'
1626	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7230000 'C:\WINDOWS\system32\crypt32.dll'
1627	4ad4.60b4: supR3HardenedWinIsDesiredRootCA: Adding 0x100089abfea8e300 C=DE, ST=Bavaria, L=Munich, O=Oracle Deutschland B.V. & Co. KG, CN=VirtualBox for Legacy Windows Only Timestamp CA
1628	4ad4.60b4: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
1629	4ad4.60b4: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
1630	4ad4.60b4: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
1631	4ad4.60b4: supR3HardenedWinIsDesiredRootCA: Adding 0x643799522ed7cc00 C=EG, ST=Egypt, L=Cairo, O=esmartsoft_ca Company LTD, OU=esmartsoft_ca Certificate Authority, [email protected]
1632	4ad4.60b4: supR3HardenedWinIsDesiredRootCA: Adding 0x5056e83790a8b200 CN=Nobel
1633	4ad4.60b4: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
1634	4ad4.60b4: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
1635	4ad4.60b4: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
1636	4ad4.60b4: supR3HardenedWinIsDesiredRootCA: Adding 0xd78dd5ba4b84b000 C=EG, ST=Egypt, L=Cairo, O=esmartsoft_local_CA Company LTD, OU=esmartsoft_local_CA Certificate Authority, [email protected]
1637	4ad4.60b4: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
1638	4ad4.60b4: supR3HardenedWinIsDesiredRootCA: Adding 0xf3bb4d7e894b420 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC TS Root Certificate Authority 2018
1639	4ad4.60b4: supR3HardenedWinIsDesiredRootCA: Adding 0x9eb576fc9835d500 OU=generated by Avast Antivirus for SSL/TLS scanning, O=Avast Web/Mail Shield, CN=Avast Web/Mail Shield Root
1640	4ad4.60b4: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
1641	4ad4.60b4: supR3HardenedWinIsDesiredRootCA: Adding 0x19d9a25f1933ae00 C=EG, ST=Egypt, L=Cairo, O=local-mill-CA Company LTD, OU=local-mill-CA Certificate Authority, [email protected]
1642	4ad4.60b4: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
1643	4ad4.60b4: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018
1644	4ad4.60b4: supR3HardenedWinIsDesiredRootCA: Adding 0xca58a05dd401ae00 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Time Stamp Root Certificate Authority 2014
1645	4ad4.60b4: supR3HardenedWinIsDesiredRootCA: Adding 0x670683072a91b300 C=US, O=Microsoft Corporation, CN=Microsoft Identity Verification Root Certificate Authority 2020
1646	4ad4.60b4: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
1647	4ad4.60b4: supR3HardenedWinIsDesiredRootCA: Adding 0x3d993fde1950a700 C=US, O=IdenTrust, CN=IdenTrust Commercial Root CA 1
1648	4ad4.60b4: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
1649	4ad4.60b4: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
1650	4ad4.60b4: supR3HardenedWinIsDesiredRootCA: Adding 0xbbde687390e6bf00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Trusted Root G4
1651	4ad4.60b4: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
1652	4ad4.60b4: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
1653	4ad4.60b4: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
1654	4ad4.60b4: supR3HardenedWinIsDesiredRootCA: Adding 0xeae16ef49d40be00 C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
1655	4ad4.60b4: supR3HardenedWinIsDesiredRootCA: Adding 0xc6536f24d57ae723 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust ECC Certification Authority
1656	4ad4.60b4: supR3HardenedWinIsDesiredRootCA: Adding 0x3714f47324e8ad00 C=US, O=Internet Security Research Group, CN=ISRG Root X1
1657	4ad4.60b4: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
1658	4ad4.60b4: supR3HardenedWinIsDesiredRootCA: Adding 0xcb7d2ba3dd0ff900 C=US, ST=Texas, L=Houston, O=SSL Corporation, CN=SSL.com Root Certification Authority RSA
1659	4ad4.60b4: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
1660	4ad4.60b4: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
1661	4ad4.60b4: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
1662	4ad4.60b4: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
1663	4ad4.60b4: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
1664	4ad4.60b4: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
1665	4ad4.60b4: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
1666	4ad4.60b4: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
1667	4ad4.60b4: supR3HardenedWinIsDesiredRootCA: Adding 0xbebef0d2217f0bfb C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G3
1668	4ad4.60b4: supR3HardenedWinIsDesiredRootCA: Adding 0x4dd6e14065368f00 C=US, ST=Texas, L=Houston, O=SSL Corporation, CN=SSL.com EV Root Certification Authority RSA R2
1669	4ad4.60b4: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
1670	4ad4.60b4: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
1671	4ad4.60b4: supR3HardenedWinIsDesiredRootCA: Adding 0xb352b1523915d000 C=JP, O=SECOM Trust Systems CO.,LTD., OU=Security Communication RootCA2
1672	4ad4.60b4: supR3HardenedWinIsDesiredRootCA: Adding 0x73e85f1bda5faa00 C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 2
1673	4ad4.60b4: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
1674	4ad4.60b4: supR3HardenedWinIsDesiredRootCA: Adding 0xe87add30c52db600 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Code Signing Root R45
1675	4ad4.60b4: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
1676	4ad4.60b4: supR3HardenedWinIsDesiredRootCA: Adding 0xd407c1f75ec7d700 C=NO, O=Buypass AS-983163327, CN=Buypass Class 2 Root CA
1677	4ad4.60b4: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
1678	4ad4.60b4: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
1679	4ad4.60b4: supR3HardenedWinIsDesiredRootCA: Adding 0xb16dd37ffeb3b300 C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1
1680	4ad4.60b4: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
1681	4ad4.60b4: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
1682	4ad4.60b4: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
1683	4ad4.60b4: supR3HardenedWinIsDesiredRootCA: Adding 0xb9ff821d139e9bf OU=GlobalSign ECC Root CA - R5, O=GlobalSign, CN=GlobalSign
1684	4ad4.60b4: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
1685	4ad4.60b4: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
1686	4ad4.60b4: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
1687	4ad4.60b4: supR3HardenedWinIsDesiredRootCA: Adding 0x3714f47324e8ad00 C=US, O=Internet Security Research Group, CN=ISRG Root X1
1688	4ad4.60b4: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=61
1689	4ad4.60b4: SUPR3HardenedMain: Load Runtime...
1690	4ad4.60b4: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll: Signature #1/2: info status: 24202
1691	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb62a0000 'C:\WINDOWS\system32\rsaenh.dll'
1692	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7230000 'C:\WINDOWS\System32\crypt32.dll'
1693	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.
1694	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140_1.dll'.
1695	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp140.dll'.
1696	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
1697	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'ws2_32.dll'.
1698	4ad4.60b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
1699	4ad4.60b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1700	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1701	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1702	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb62a0000 'C:\WINDOWS\system32\rsaenh.dll'
1703	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7230000 'C:\WINDOWS\System32\crypt32.dll'
1704	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
1705	4ad4.60b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ws2_32.dll) WinVerifyTrust
1706	4ad4.60b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
1707	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1708	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1709	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
1710	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
1711	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
1712	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1713	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1714	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
1715	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb62a0000 'C:\WINDOWS\system32\rsaenh.dll'
1716	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7230000 'C:\WINDOWS\System32\crypt32.dll'
1717	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.
1718	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140_1.dll'.
1719	4ad4.60b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcp140.dll) WinVerifyTrust
1720	4ad4.60b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcp140.dll
1721	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
1722	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
1723	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
1724	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
1725	4ad4.60b4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
1726	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vcruntime140.dll'.
1727	4ad4.60b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll)
1728	4ad4.60b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll
1729	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
1730	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
1731	4ad4.60b4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140.dll'.
1732	4ad4.60b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\vcruntime140.dll)
1733	4ad4.60b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\vcruntime140.dll
1734	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
1735	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
1736	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vcruntime140.dll [lacks WinVerifyTrust]
1737	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb62a0000 'C:\WINDOWS\system32\rsaenh.dll'
1738	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
1739	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1740	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7230000 'C:\WINDOWS\System32\crypt32.dll'
1741	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vcruntime140.dll'.
1742	4ad4.60b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll) WinVerifyTrust
1743	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
1744	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
1745	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vcruntime140.dll [redoing WinVerifyTrust]
1746	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
1747	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
1748	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vcruntime140.dll [lacks WinVerifyTrust]
1749	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb62a0000 'C:\WINDOWS\system32\rsaenh.dll'
1750	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7230000 'C:\WINDOWS\System32\crypt32.dll'
1751	4ad4.60b4: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140.dll'
1752	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
1753	4ad4.60b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1754	4ad4.60b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vcruntime140.dll
1755	4ad4.60b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll [avoiding WinVerifyTrust]
1756	4ad4.60b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp140.dll
1757	4ad4.60b4: supR3HardenedDllNotificationCallback: load 00007ffca1880000 LB 0x0001d000 C:\WINDOWS\SYSTEM32\VCRUNTIME140.dll [fFlags=0x0]
1758	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vcruntime140.dll
1759	4ad4.60b4: supR3HardenedDllNotificationCallback: load 00007ffca1870000 LB 0x0000c000 C:\WINDOWS\SYSTEM32\VCRUNTIME140_1.dll [fFlags=0x0]
1760	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll [avoiding WinVerifyTrust]
1761	4ad4.60b4: supR3HardenedDllNotificationCallback: load 00007ffca1ed0000 LB 0x0008d000 C:\WINDOWS\SYSTEM32\MSVCP140.dll [fFlags=0x0]
1762	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp140.dll
1763	4ad4.60b4: supR3HardenedDllNotificationCallback: load 00007ffcb8de0000 LB 0x00071000 C:\WINDOWS\System32\WS2_32.dll [fFlags=0x0]
1764	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
1765	4ad4.60b4: supR3HardenedDllNotificationCallback: load 00007ffc453f0000 LB 0x006f7000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
1766	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1767	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
1768	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
1769	4ad4.60b4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
1770	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1771	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb74e0000 'api-ms-win-core-synch-l1-2-0'
1772	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
1773	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
1774	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
1775	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
1776	4ad4.60b4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
1777	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1778	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb74e0000 'api-ms-win-core-fibers-l1-1-1'
1779	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
1780	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
1781	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
1782	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
1783	4ad4.60b4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
1784	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1785	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb74e0000 'api-ms-win-core-synch-l1-2-0'
1786	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
1787	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
1788	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
1789	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
1790	4ad4.60b4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
1791	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1792	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb74e0000 'api-ms-win-core-fibers-l1-1-1'
1793	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
1794	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
1795	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
1796	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
1797	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
1798	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1799	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb87e0000 'C:\WINDOWS\System32\kernel32.dll'
1800	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
1801	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
1802	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
1803	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
1804	4ad4.60b4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
1805	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1806	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb74e0000 'api-ms-win-core-string-l1-1-0'
1807	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
1808	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
1809	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
1810	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
1811	4ad4.60b4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
1812	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1813	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb74e0000 'api-ms-win-core-localization-l1-2-1'
1814	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
1815	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
1816	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
1817	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
1818	4ad4.60b4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
1819	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1820	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb74e0000 'api-ms-win-core-datetime-l1-1-1'
1821	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
1822	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
1823	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
1824	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
1825	4ad4.60b4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
1826	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1827	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb74e0000 'api-ms-win-core-localization-obsolete-l1-2-0'
1828	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
1829	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
1830	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
1831	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
1832	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1833	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1834	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc453f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1835	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
1836	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
1837	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
1838	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
1839	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1840	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1841	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc453f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1842	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
1843	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
1844	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
1845	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
1846	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1847	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1848	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc453f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1849	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
1850	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
1851	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
1852	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
1853	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1854	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1855	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc453f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1856	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
1857	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
1858	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
1859	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
1860	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1861	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1862	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc453f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1863	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
1864	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
1865	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
1866	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
1867	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1868	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1869	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc453f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1870	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
1871	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
1872	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
1873	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
1874	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc453f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1875	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
1876	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
1877	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
1878	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
1879	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc453f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1880	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
1881	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
1882	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
1883	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
1884	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc453f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1885	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
1886	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
1887	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
1888	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
1889	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc453f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1890	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
1891	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
1892	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
1893	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
1894	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc453f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1895	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
1896	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
1897	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
1898	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
1899	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc453f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1900	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
1901	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
1902	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
1903	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
1904	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc453f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1905	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
1906	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
1907	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
1908	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
1909	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1910	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1911	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc453f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1912	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
1913	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
1914	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
1915	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
1916	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc453f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1917	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
1918	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
1919	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
1920	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
1921	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc453f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1922	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
1923	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
1924	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
1925	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
1926	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc453f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1927	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
1928	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
1929	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
1930	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
1931	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc453f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1932	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
1933	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
1934	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
1935	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
1936	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc453f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1937	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
1938	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
1939	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
1940	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
1941	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc453f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1942	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
1943	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
1944	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
1945	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
1946	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc453f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1947	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
1948	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
1949	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
1950	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
1951	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc453f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1952	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
1953	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
1954	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
1955	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
1956	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc453f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1957	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
1958	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
1959	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
1960	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
1961	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc453f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1962	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
1963	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
1964	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
1965	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
1966	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc453f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1967	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
1968	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
1969	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
1970	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
1971	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc453f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1972	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
1973	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
1974	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
1975	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
1976	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc453f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1977	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
1978	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
1979	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
1980	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
1981	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc453f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1982	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
1983	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
1984	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
1985	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
1986	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc453f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1987	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
1988	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
1989	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
1990	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
1991	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1992	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1993	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc453f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1994	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
1995	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
1996	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
1997	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
1998	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc453f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1999	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
2000	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
2001	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
2002	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
2003	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc453f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
2004	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
2005	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
2006	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc453f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
2007	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
2008	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2009	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb62a0000 'C:\WINDOWS\system32\rsaenh.dll'
2010	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7230000 'C:\WINDOWS\System32\crypt32.dll'
2011	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'
2012	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll
2013	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
2014	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb73a0000 'C:\WINDOWS\system32\Wintrust.dll'
2015	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb62a0000 'C:\WINDOWS\system32\rsaenh.dll'
2016	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7230000 'C:\WINDOWS\System32\crypt32.dll'
2017	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb62a0000 'C:\WINDOWS\system32\rsaenh.dll'
2018	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7230000 'C:\WINDOWS\System32\crypt32.dll'
2019	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7230000 'C:\WINDOWS\system32\crypt32.dll'
2020	4ad4.60b4: SUPR3HardenedMain: Load TrustedMain...
2021	4ad4.6aa0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-appmodel-runtime-l1-1-2) -> 0x0, fPresent=1
2022	4ad4.6aa0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-appmodel-runtime-l1-1-2 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
2023	4ad4.6aa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcrt.dll'.
2024	4ad4.6aa0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll)
2025	4ad4.6aa0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll
2026	4ad4.6aa0: supR3HardenedDllNotificationCallback: load 00007ffcb62e0000 LB 0x00018000 C:\WINDOWS\SYSTEM32\kernel.appcore.dll [fFlags=0x0]
2027	4ad4.6aa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll [avoiding WinVerifyTrust]
2028	4ad4.6aa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb62e0000 'api-ms-win-appmodel-runtime-l1-1-2'
2029	4ad4.6aa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2030	4ad4.6aa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2031	4ad4.6aa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
2032	4ad4.6aa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb62a0000 'C:\WINDOWS\system32\rsaenh.dll'
2033	4ad4.6aa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7230000 'C:\WINDOWS\System32\crypt32.dll'
2034	4ad4.6aa0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'
2035	4ad4.60b4: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll: Signature #1/2: info status: 24202
2036	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb62a0000 'C:\WINDOWS\system32\rsaenh.dll'
2037	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7230000 'C:\WINDOWS\System32\crypt32.dll'
2038	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'uicommon.dll'.
2039	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2040	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vcruntime140.dll'.
2041	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vcruntime140_1.dll'.
2042	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
2043	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5guivbox.dll'.
2044	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5widgetsvbox.dll'.
2045	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
2046	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'advapi32.dll'.
2047	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'ole32.dll'.
2048	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'oleaut32.dll'.
2049	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'winmm.dll'.
2050	4ad4.60b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll) WinVerifyTrust
2051	4ad4.60b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
2052	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
2053	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
2054	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb62a0000 'C:\WINDOWS\system32\rsaenh.dll'
2055	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7230000 'C:\WINDOWS\System32\crypt32.dll'
2056	4ad4.60b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winmm.dll) WinVerifyTrust
2057	4ad4.60b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winmm.dll
2058	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2059	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2060	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb62a0000 'C:\WINDOWS\system32\rsaenh.dll'
2061	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7230000 'C:\WINDOWS\System32\crypt32.dll'
2062	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
2063	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
2064	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
2065	4ad4.60b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\oleaut32.dll) WinVerifyTrust
2066	4ad4.60b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
2067	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2068	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2069	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2070	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2071	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
2072	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
2073	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
2074	4ad4.60b4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
2075	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
2076	4ad4.60b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\combase.dll)
2077	4ad4.60b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\combase.dll
2078	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
2079	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
2080	4ad4.60b4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
2081	4ad4.60b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll)
2082	4ad4.60b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
2083	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2084	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2085	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
2086	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb62a0000 'C:\WINDOWS\system32\rsaenh.dll'
2087	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7230000 'C:\WINDOWS\System32\crypt32.dll'
2088	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
2089	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'gdi32.dll'.
2090	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'user32.dll'.
2091	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #46 'combase.dll'.
2092	4ad4.60b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ole32.dll) WinVerifyTrust
2093	4ad4.60b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ole32.dll
2094	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2095	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2096	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
2097	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2098	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2099	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
2100	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
2101	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [lacks WinVerifyTrust]
2102	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2103	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2104	4ad4.60b4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
2105	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
2106	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'gdi32.dll'.
2107	4ad4.60b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\user32.dll)
2108	4ad4.60b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\user32.dll
2109	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2110	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2111	4ad4.60b4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
2112	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'win32u.dll'.
2113	4ad4.60b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32.dll)
2114	4ad4.60b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32.dll
2115	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
2116	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
2117	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust]
2118	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
2119	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
2120	4ad4.60b4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
2121	4ad4.60b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\win32u.dll)
2122	4ad4.60b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\win32u.dll
2123	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2124	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2125	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
2126	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
2127	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
2128	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
2129	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb62a0000 'C:\WINDOWS\system32\rsaenh.dll'
2130	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7230000 'C:\WINDOWS\System32\crypt32.dll'
2131	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
2132	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'gdi32.dll'.
2133	4ad4.60b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\user32.dll) WinVerifyTrust
2134	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
2135	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
2136	4ad4.60b4: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll: Signature #1/2: info status: 24202
2137	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2138	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2139	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
2140	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
2141	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
2142	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
2143	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb62a0000 'C:\WINDOWS\system32\rsaenh.dll'
2144	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7230000 'C:\WINDOWS\System32\crypt32.dll'
2145	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5guivbox.dll'.
2146	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5corevbox.dll'.
2147	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'uxtheme.dll'.
2148	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'dwmapi.dll'.
2149	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
2150	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
2151	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
2152	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
2153	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcp140.dll'.
2154	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'msvcp140_1.dll'.
2155	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'vcruntime140.dll'.
2156	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'vcruntime140_1.dll'.
2157	4ad4.60b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust
2158	4ad4.60b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
2159	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
2160	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
2161	4ad4.60b4: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll: Signature #1/2: info status: 24202
2162	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
2163	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
2164	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll
2165	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
2166	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
2167	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vcruntime140.dll
2168	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140_1.dll'...
2169	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140_1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp140_1.dll' [rcNtRedir=0xc0150008]
2170	4ad4.60b4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp140_1.dll'.
2171	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp140.dll'.
2172	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140.dll'.
2173	4ad4.60b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcp140_1.dll)
2174	4ad4.60b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcp140_1.dll
2175	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
2176	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
2177	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp140.dll
2178	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2179	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2180	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
2181	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2182	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2183	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
2184	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2185	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2186	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
2187	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
2188	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
2189	4ad4.60b4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
2190	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
2191	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #72 'user32.dll'.
2192	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #74 'gdi32.dll'.
2193	4ad4.60b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shell32.dll)
2194	4ad4.60b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shell32.dll
2195	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
2196	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
2197	4ad4.60b4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\dwmapi.dll'.
2198	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'win32u.dll'.
2199	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
2200	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'gdi32.dll'.
2201	4ad4.60b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dwmapi.dll)
2202	4ad4.60b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dwmapi.dll
2203	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uxtheme.dll'...
2204	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'uxtheme.dll' -> '\Device\HarddiskVolume3\Windows\System32\uxtheme.dll' [rcNtRedir=0xc0150008]
2205	4ad4.60b4: Detected WinVerifyTrust recursion: rc=22900 '\Device\HarddiskVolume3\Windows\System32\uxtheme.dll'.
2206	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'gdi32.dll'.
2207	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'user32.dll'.
2208	4ad4.60b4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\uxtheme.dll)
2209	4ad4.60b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
2210	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
2211	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
2212	4ad4.60b4: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll: Signature #1/2: info status: 24202
2213	4ad4.60b4: Detected WinVerifyTrust recursion: rc=24202 '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'.
2214	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'mpr.dll'.
2215	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'userenv.dll'.
2216	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'version.dll'.
2217	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'netapi32.dll'.
2218	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
2219	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
2220	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ole32.dll'.
2221	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'shell32.dll'.
2222	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'user32.dll'.
2223	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'winmm.dll'.
2224	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp140.dll'.
2225	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcp140_1.dll'.
2226	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'vcruntime140.dll'.
2227	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'vcruntime140_1.dll'.
2228	4ad4.60b4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll)
2229	4ad4.60b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
2230	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
2231	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
2232	4ad4.60b4: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll: Signature #1/2: info status: 24202
2233	4ad4.60b4: Detected WinVerifyTrust recursion: rc=24202 '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'.
2234	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'd3d11.dll'.
2235	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'dxgi.dll'.
2236	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
2237	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
2238	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'opengl32.dll'.
2239	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
2240	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
2241	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp140.dll'.
2242	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'vcruntime140.dll'.
2243	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'vcruntime140_1.dll'.
2244	4ad4.60b4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll)
2245	4ad4.60b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
2246	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
2247	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
2248	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll
2249	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
2250	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
2251	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vcruntime140.dll
2252	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
2253	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
2254	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp140.dll
2255	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2256	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2257	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
2258	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2259	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2260	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
2261	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
2262	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
2263	4ad4.60b4: Detected WinVerifyTrust recursion: rc=22900 '\Device\HarddiskVolume3\Windows\System32\opengl32.dll'.
2264	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2265	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
2266	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2267	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
2268	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'glu32.dll'.
2269	4ad4.60b4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\opengl32.dll)
2270	4ad4.60b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\opengl32.dll
2271	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2272	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2273	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
2274	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
2275	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
2276	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (24202) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
2277	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
2278	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume3\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
2279	4ad4.60b4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\dxgi.dll'.
2280	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
2281	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'win32u.dll'.
2282	4ad4.60b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dxgi.dll)
2283	4ad4.60b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dxgi.dll
2284	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
2285	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume3\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
2286	4ad4.60b4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\d3d11.dll'.
2287	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
2288	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'dxgi.dll'.
2289	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'win32u.dll'.
2290	4ad4.60b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\d3d11.dll)
2291	4ad4.60b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\d3d11.dll
2292	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
2293	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
2294	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll
2295	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
2296	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
2297	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vcruntime140.dll
2298	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140_1.dll'...
2299	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140_1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp140_1.dll' [rcNtRedir=0xc0150008]
2300	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp140_1.dll [lacks WinVerifyTrust]
2301	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
2302	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
2303	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp140.dll
2304	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
2305	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
2306	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
2307	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2308	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2309	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
2310	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
2311	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
2312	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [lacks WinVerifyTrust]
2313	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2314	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2315	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
2316	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2317	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2318	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
2319	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2320	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2321	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
2322	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netapi32.dll'...
2323	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'netapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\netapi32.dll' [rcNtRedir=0xc0150008]
2324	4ad4.60b4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\netapi32.dll'.
2325	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2326	4ad4.60b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\netapi32.dll)
2327	4ad4.60b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\netapi32.dll
2328	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
2329	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume3\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
2330	4ad4.60b4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\version.dll'.
2331	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2332	4ad4.60b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\version.dll)
2333	4ad4.60b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\version.dll
2334	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'...
2335	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume3\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008]
2336	4ad4.60b4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\userenv.dll'.
2337	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'rpcrt4.dll'.
2338	4ad4.60b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\userenv.dll)
2339	4ad4.60b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\userenv.dll
2340	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
2341	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
2342	4ad4.60b4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
2343	4ad4.60b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\mpr.dll)
2344	4ad4.60b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\mpr.dll
2345	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2346	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2347	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
2348	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2349	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2350	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
2351	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2352	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2353	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
2354	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2355	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2356	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
2357	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
2358	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
2359	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
2360	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2361	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2362	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
2363	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2364	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2365	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
2366	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
2367	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
2368	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust]
2369	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
2370	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
2371	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
2372	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
2373	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp140.dll
2374	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2375	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2376	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2377	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2378	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
2379	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2380	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2381	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
2382	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
2383	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
2384	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
2385	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
2386	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume3\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
2387	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dxgi.dll [lacks WinVerifyTrust]
2388	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
2389	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
2390	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust]
2391	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
2392	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
2393	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
2394	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
2395	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
2396	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust]
2397	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
2398	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
2399	4ad4.60b4: Detected WinVerifyTrust recursion: rc=22900 '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
2400	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2401	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
2402	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'opengl32.dll'.
2403	4ad4.60b4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\glu32.dll)
2404	4ad4.60b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\glu32.dll
2405	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2406	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2407	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
2408	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2409	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2410	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
2411	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2412	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2413	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
2414	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2415	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2416	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
2417	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
2418	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
2419	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (22900) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
2420	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2421	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2422	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
2423	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2424	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2425	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb62a0000 'C:\WINDOWS\system32\rsaenh.dll'
2426	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7230000 'C:\WINDOWS\System32\crypt32.dll'
2427	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'd3d11.dll'.
2428	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'dxgi.dll'.
2429	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
2430	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
2431	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'opengl32.dll'.
2432	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
2433	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
2434	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp140.dll'.
2435	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'vcruntime140.dll'.
2436	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'vcruntime140_1.dll'.
2437	4ad4.60b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll) WinVerifyTrust
2438	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
2439	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
2440	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (24202) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust]
2441	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
2442	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
2443	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll
2444	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
2445	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
2446	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
2447	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
2448	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp140.dll
2449	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2450	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2451	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
2452	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2453	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2454	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
2455	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
2456	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
2457	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (22900) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
2458	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2459	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2460	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
2461	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
2462	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
2463	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (24202) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
2464	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
2465	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume3\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
2466	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dxgi.dll [lacks WinVerifyTrust]
2467	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
2468	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume3\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
2469	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d11.dll [lacks WinVerifyTrust]
2470	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb62a0000 'C:\WINDOWS\system32\rsaenh.dll'
2471	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7230000 'C:\WINDOWS\System32\crypt32.dll'
2472	4ad4.60b4: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'
2473	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
2474	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
2475	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll
2476	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
2477	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
2478	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2479	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2480	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uicommon.dll'...
2481	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'uicommon.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\uicommon.dll' [rcNtRedir=0xc0150008]
2482	4ad4.60b4: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\UICommon.dll: Signature #1/2: info status: 24202
2483	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb62a0000 'C:\WINDOWS\system32\rsaenh.dll'
2484	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7230000 'C:\WINDOWS\System32\crypt32.dll'
2485	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
2486	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140.dll'.
2487	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vcruntime140_1.dll'.
2488	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
2489	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5guivbox.dll'.
2490	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5widgetsvbox.dll'.
2491	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5helpvbox.dll'.
2492	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'user32.dll'.
2493	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'advapi32.dll'.
2494	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'ole32.dll'.
2495	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'oleaut32.dll'.
2496	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
2497	4ad4.60b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\UICommon.dll) WinVerifyTrust
2498	4ad4.60b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\UICommon.dll
2499	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2500	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2501	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2502	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2503	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
2504	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2505	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2506	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
2507	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2508	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2509	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
2510	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2511	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2512	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [redoing WinVerifyTrust]
2513	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb62a0000 'C:\WINDOWS\system32\rsaenh.dll'
2514	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7230000 'C:\WINDOWS\System32\crypt32.dll'
2515	4ad4.60b4: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\user32.dll'
2516	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5helpvbox.dll'...
2517	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5helpvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5helpvbox.dll' [rcNtRedir=0xc0150008]
2518	4ad4.60b4: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5HelpVBox.dll: Signature #1/2: info status: 24202
2519	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb62a0000 'C:\WINDOWS\system32\rsaenh.dll'
2520	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7230000 'C:\WINDOWS\System32\crypt32.dll'
2521	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
2522	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
2523	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5sqlvbox.dll'.
2524	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
2525	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'vcruntime140.dll'.
2526	4ad4.60b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5HelpVBox.dll) WinVerifyTrust
2527	4ad4.60b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5HelpVBox.dll
2528	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
2529	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
2530	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
2531	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
2532	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
2533	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (24202) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust]
2534	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
2535	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
2536	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
2537	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
2538	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
2539	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5sqlvbox.dll'...
2540	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5sqlvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5sqlvbox.dll' [rcNtRedir=0xc0150008]
2541	4ad4.60b4: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll: Signature #1/2: info status: 24202
2542	4ad4.60b4: Detected WinVerifyTrust recursion: rc=24202 '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll'.
2543	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5corevbox.dll'.
2544	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vcruntime140.dll'.
2545	4ad4.60b4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll)
2546	4ad4.60b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll
2547	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
2548	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
2549	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (24202) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
2550	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
2551	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
2552	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
2553	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
2554	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
2555	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
2556	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
2557	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
2558	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb62a0000 'C:\WINDOWS\system32\rsaenh.dll'
2559	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7230000 'C:\WINDOWS\System32\crypt32.dll'
2560	4ad4.60b4: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'
2561	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
2562	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
2563	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
2564	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
2565	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
2566	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll
2567	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
2568	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
2569	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2570	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2571	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
2572	4ad4.60b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
2573	4ad4.60b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\UICommon.dll
2574	4ad4.60b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
2575	4ad4.60b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
2576	4ad4.60b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
2577	4ad4.60b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
2578	4ad4.60b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5HelpVBox.dll
2579	4ad4.60b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
2580	4ad4.60b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll [avoiding WinVerifyTrust]
2581	4ad4.60b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\version.dll [avoiding WinVerifyTrust]
2582	4ad4.60b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\netapi32.dll [avoiding WinVerifyTrust]
2583	4ad4.60b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp140_1.dll [avoiding WinVerifyTrust]
2584	4ad4.60b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d11.dll [avoiding WinVerifyTrust]
2585	4ad4.60b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
2586	4ad4.60b4: supR3HardenedScreenImage/NtCreateSection: cache hit (22900) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll [avoiding WinVerifyTrust]
2587	4ad4.60b4: supR3HardenedScreenImage/NtCreateSection: cache hit (22900) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll [avoiding WinVerifyTrust]
2588	4ad4.60b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
2589	4ad4.60b4: supR3HardenedScreenImage/NtCreateSection: cache hit (24202) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll [avoiding WinVerifyTrust]
2590	4ad4.60b4: supR3HardenedScreenImage/NtCreateSection: cache hit (22900) on \Device\HarddiskVolume3\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
2591	4ad4.60b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\netutils.dll)
2592	4ad4.60b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\netutils.dll
2593	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
2594	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'win32u.dll'.
2595	4ad4.60b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\DXCore.dll)
2596	4ad4.60b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\DXCore.dll
2597	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
2598	4ad4.60b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\srvcli.dll)
2599	4ad4.60b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\srvcli.dll
2600	4ad4.60b4: supR3HardenedDllNotificationCallback: load 00007ffca7d40000 LB 0x0001e000 C:\WINDOWS\SYSTEM32\MPR.dll [fFlags=0x0]
2601	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
2602	4ad4.60b4: supR3HardenedDllNotificationCallback: load 00007ffcb68b0000 LB 0x00028000 C:\WINDOWS\SYSTEM32\USERENV.dll [fFlags=0x0]
2603	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll [avoiding WinVerifyTrust]
2604	4ad4.60b4: supR3HardenedDllNotificationCallback: load 00007ffcb14e0000 LB 0x0000a000 C:\WINDOWS\SYSTEM32\VERSION.dll [fFlags=0x0]
2605	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\version.dll [avoiding WinVerifyTrust]
2606	4ad4.60b4: supR3HardenedDllNotificationCallback: load 00007ffcaa490000 LB 0x00019000 C:\WINDOWS\SYSTEM32\NETAPI32.dll [fFlags=0x0]
2607	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\netapi32.dll [avoiding WinVerifyTrust]
2608	4ad4.60b4: supR3HardenedDllNotificationCallback: load 00007ffcb7410000 LB 0x0009a000 C:\WINDOWS\System32\msvcp_win.dll [fFlags=0x0]
2609	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [avoiding WinVerifyTrust]
2610	4ad4.60b4: supR3HardenedDllNotificationCallback: load 00007ffcb74b0000 LB 0x00026000 C:\WINDOWS\System32\win32u.dll [fFlags=0x0]
2611	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [avoiding WinVerifyTrust]
2612	4ad4.60b4: supR3HardenedDllNotificationCallback: load 00007ffcb8c30000 LB 0x001ae000 C:\WINDOWS\System32\USER32.dll [fFlags=0x0]
2613	4ad4.60b4: supR3HardenedDllNotificationCallback: load 00007ffcb7aa0000 LB 0x00119000 C:\WINDOWS\System32\gdi32full.dll [fFlags=0x0]
2614	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
2615	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'gdi32.dll'.
2616	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'user32.dll'.
2617	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'win32u.dll'.
2618	4ad4.60b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32full.dll)
2619	4ad4.60b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32full.dll
2620	4ad4.60b4: supR3HardenedDllNotificationCallback: load 00007ffcb7db0000 LB 0x00029000 C:\WINDOWS\System32\GDI32.dll [fFlags=0x0]
2621	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [avoiding WinVerifyTrust]
2622	4ad4.60b4: supR3HardenedDllNotificationCallback: load 00007ffcb9850000 LB 0x00388000 C:\WINDOWS\System32\combase.dll [fFlags=0x0]
2623	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [avoiding WinVerifyTrust]
2624	4ad4.60b4: supR3HardenedDllNotificationCallback: load 00007ffcb9d20000 LB 0x001a5000 C:\WINDOWS\System32\ole32.dll [fFlags=0x0]
2625	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
2626	4ad4.60b4: supR3HardenedDllNotificationCallback: load 00007ffcb8e60000 LB 0x0085c000 C:\WINDOWS\System32\SHELL32.dll [fFlags=0x0]
2627	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [avoiding WinVerifyTrust]
2628	4ad4.60b4: supR3HardenedDllNotificationCallback: load 00007ffcadda0000 LB 0x00034000 C:\WINDOWS\SYSTEM32\WINMM.dll [fFlags=0x0]
2629	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
2630	4ad4.60b4: supR3HardenedDllNotificationCallback: load 00007ffcb0f90000 LB 0x00009000 C:\WINDOWS\SYSTEM32\MSVCP140_1.dll [fFlags=0x0]
2631	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp140_1.dll [avoiding WinVerifyTrust]
2632	4ad4.60b4: supR3HardenedDllNotificationCallback: load 00007ffcb5d40000 LB 0x0000c000 C:\WINDOWS\SYSTEM32\NETUTILS.DLL [fFlags=0x0]
2633	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\netutils.dll [avoiding WinVerifyTrust]
2634	4ad4.60b4: supR3HardenedDllNotificationCallback: load 00007ffcaa460000 LB 0x00028000 C:\WINDOWS\SYSTEM32\SRVCLI.DLL [fFlags=0x0]
2635	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\srvcli.dll [avoiding WinVerifyTrust]
2636	4ad4.60b4: supR3HardenedDllNotificationCallback: load 00007ffc5e390000 LB 0x005c6000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
2637	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
2638	4ad4.60b4: supR3HardenedDllNotificationCallback: load 00007ffcb49c0000 LB 0x000f7000 C:\WINDOWS\SYSTEM32\dxgi.dll [fFlags=0x0]
2639	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
2640	4ad4.60b4: supR3HardenedDllNotificationCallback: load 00007ffcb25d0000 LB 0x00257000 C:\WINDOWS\SYSTEM32\d3d11.dll [fFlags=0x0]
2641	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d11.dll [avoiding WinVerifyTrust]
2642	4ad4.60b4: supR3HardenedDllNotificationCallback: load 00007ffcb4890000 LB 0x00039000 C:\WINDOWS\SYSTEM32\dxcore.dll [fFlags=0x0]
2643	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DXCore.dll [avoiding WinVerifyTrust]
2644	4ad4.60b4: supR3HardenedDllNotificationCallback: load 00007ffc570b0000 LB 0x0002d000 C:\WINDOWS\SYSTEM32\GLU32.dll [fFlags=0x0]
2645	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (22900) on \Device\HarddiskVolume3\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
2646	4ad4.60b4: supR3HardenedDllNotificationCallback: load 00007ffc3a3b0000 LB 0x00100000 C:\WINDOWS\SYSTEM32\OPENGL32.dll [fFlags=0x0]
2647	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (22900) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll [avoiding WinVerifyTrust]
2648	4ad4.60b4: supR3HardenedDllNotificationCallback: load 00007ffc5dd10000 LB 0x0067c000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
2649	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
2650	4ad4.60b4: supR3HardenedDllNotificationCallback: load 00007ffcb47b0000 LB 0x000ab000 C:\WINDOWS\SYSTEM32\UxTheme.dll [fFlags=0x0]
2651	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (22900) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll [avoiding WinVerifyTrust]
2652	4ad4.60b4: supR3HardenedDllNotificationCallback: load 00007ffcb4bc0000 LB 0x0002b000 C:\WINDOWS\SYSTEM32\dwmapi.dll [fFlags=0x0]
2653	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
2654	4ad4.60b4: supR3HardenedDllNotificationCallback: load 00007ffc5d400000 LB 0x00541000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
2655	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
2656	4ad4.60b4: supR3HardenedDllNotificationCallback: load 00007ffc958b0000 LB 0x00036000 C:\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll [fFlags=0x0]
2657	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (24202) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll [avoiding WinVerifyTrust]
2658	4ad4.60b4: supR3HardenedDllNotificationCallback: load 00007ffc69c00000 LB 0x0006a000 C:\Program Files\Oracle\VirtualBox\Qt5HelpVBox.dll [fFlags=0x0]
2659	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5HelpVBox.dll
2660	4ad4.60b4: supR3HardenedDllNotificationCallback: load 00007ffcb9be0000 LB 0x000d7000 C:\WINDOWS\System32\OLEAUT32.dll [fFlags=0x0]
2661	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
2662	4ad4.60b4: supR3HardenedDllNotificationCallback: load 00007ffc58e10000 LB 0x01bde000 C:\Program Files\Oracle\VirtualBox\UICommon.dll [fFlags=0x0]
2663	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\UICommon.dll
2664	4ad4.60b4: supR3HardenedDllNotificationCallback: load 00007ffc5dbc0000 LB 0x00147000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll [fFlags=0x0]
2665	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
2666	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'win32u.dll'.
2667	4ad4.60b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\imm32.dll)
2668	4ad4.60b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imm32.dll
2669	4ad4.60b4: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 000000000000059c (hFile=0000000000000508) with 0xc0000022 -> STATUS_TRUST_FAILURE
2670	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
2671	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rescheduled]
2672	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
2673	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
2674	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\srvcli.dll'.
2675	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\srvcli.dll' [rescheduled]
2676	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\DXCore.dll'.
2677	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\DXCore.dll' [rescheduled]
2678	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\netutils.dll'.
2679	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\netutils.dll' [rescheduled]
2680	4ad4.60b4: Detected loader lock ownership: rc=24202 '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll'.
2681	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll' [rescheduled]
2682	4ad4.60b4: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
2683	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
2684	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
2685	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
2686	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\userenv.dll'.
2687	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\userenv.dll' [rescheduled]
2688	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\version.dll'.
2689	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\version.dll' [rescheduled]
2690	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\netapi32.dll'.
2691	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\netapi32.dll' [rescheduled]
2692	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\d3d11.dll'.
2693	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\d3d11.dll' [rescheduled]
2694	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\dxgi.dll'.
2695	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\dxgi.dll' [rescheduled]
2696	4ad4.60b4: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume3\Windows\System32\opengl32.dll'.
2697	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rescheduled]
2698	4ad4.60b4: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume3\Windows\System32\uxtheme.dll'.
2699	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\uxtheme.dll' [rescheduled]
2700	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\dwmapi.dll'.
2701	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\dwmapi.dll' [rescheduled]
2702	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
2703	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
2704	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp140_1.dll'.
2705	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp140_1.dll' [rescheduled]
2706	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
2707	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
2708	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
2709	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
2710	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
2711	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
2712	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
2713	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
2714	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [redoing WinVerifyTrust]
2715	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
2716	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\imm32.dll
2717	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
2718	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
2719	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [redoing WinVerifyTrust]
2720	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
2721	4ad4.60b4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\win32u.dll
2722	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
2723	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
2724	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [redoing WinVerifyTrust]
2725	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
2726	4ad4.60b4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\win32u.dll
2727	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2728	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2729	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2730	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2731	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
2732	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
2733	4ad4.60b4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\gdi32.dll
2734	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
2735	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
2736	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
2737	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
2738	4ad4.60b4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
2739	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2740	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2741	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
2742	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
2743	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [redoing WinVerifyTrust]
2744	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
2745	4ad4.60b4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\win32u.dll
2746	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
2747	4ad4.60b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
2748	4ad4.60b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
2749	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
2750	4ad4.60b4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
2751	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2752	4ad4.60b4: supR3HardenedDllNotificationCallback: load 00007ffcb88c0000 LB 0x00031000 C:\WINDOWS\System32\IMM32.DLL [fFlags=0x0]
2753	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
2754	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb88c0000 'C:\WINDOWS\system32\IMM32.DLL'
2755	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
2756	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rescheduled]
2757	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
2758	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
2759	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\srvcli.dll'.
2760	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\srvcli.dll' [rescheduled]
2761	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\DXCore.dll'.
2762	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\DXCore.dll' [rescheduled]
2763	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\netutils.dll'.
2764	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\netutils.dll' [rescheduled]
2765	4ad4.60b4: Detected loader lock ownership: rc=24202 '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll'.
2766	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll' [rescheduled]
2767	4ad4.60b4: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
2768	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
2769	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
2770	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
2771	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\userenv.dll'.
2772	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\userenv.dll' [rescheduled]
2773	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\version.dll'.
2774	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\version.dll' [rescheduled]
2775	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\netapi32.dll'.
2776	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\netapi32.dll' [rescheduled]
2777	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\d3d11.dll'.
2778	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\d3d11.dll' [rescheduled]
2779	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\dxgi.dll'.
2780	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\dxgi.dll' [rescheduled]
2781	4ad4.60b4: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume3\Windows\System32\opengl32.dll'.
2782	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rescheduled]
2783	4ad4.60b4: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume3\Windows\System32\uxtheme.dll'.
2784	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\uxtheme.dll' [rescheduled]
2785	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\dwmapi.dll'.
2786	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\dwmapi.dll' [rescheduled]
2787	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
2788	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
2789	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp140_1.dll'.
2790	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp140_1.dll' [rescheduled]
2791	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
2792	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
2793	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
2794	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
2795	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
2796	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
2797	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
2798	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
2799	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
2800	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rescheduled]
2801	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
2802	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
2803	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\srvcli.dll'.
2804	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\srvcli.dll' [rescheduled]
2805	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\DXCore.dll'.
2806	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\DXCore.dll' [rescheduled]
2807	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\netutils.dll'.
2808	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\netutils.dll' [rescheduled]
2809	4ad4.60b4: Detected loader lock ownership: rc=24202 '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll'.
2810	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll' [rescheduled]
2811	4ad4.60b4: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
2812	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
2813	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
2814	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
2815	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\userenv.dll'.
2816	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\userenv.dll' [rescheduled]
2817	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\version.dll'.
2818	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\version.dll' [rescheduled]
2819	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\netapi32.dll'.
2820	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\netapi32.dll' [rescheduled]
2821	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\d3d11.dll'.
2822	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\d3d11.dll' [rescheduled]
2823	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\dxgi.dll'.
2824	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\dxgi.dll' [rescheduled]
2825	4ad4.60b4: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume3\Windows\System32\opengl32.dll'.
2826	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rescheduled]
2827	4ad4.60b4: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume3\Windows\System32\uxtheme.dll'.
2828	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\uxtheme.dll' [rescheduled]
2829	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\dwmapi.dll'.
2830	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\dwmapi.dll' [rescheduled]
2831	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
2832	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
2833	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp140_1.dll'.
2834	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp140_1.dll' [rescheduled]
2835	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
2836	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
2837	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
2838	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
2839	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
2840	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
2841	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
2842	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
2843	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
2844	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
2845	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\gdi32.dll
2846	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7db0000 'C:\WINDOWS\System32\gdi32.dll'
2847	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
2848	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rescheduled]
2849	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
2850	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
2851	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\srvcli.dll'.
2852	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\srvcli.dll' [rescheduled]
2853	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\DXCore.dll'.
2854	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\DXCore.dll' [rescheduled]
2855	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\netutils.dll'.
2856	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\netutils.dll' [rescheduled]
2857	4ad4.60b4: Detected loader lock ownership: rc=24202 '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll'.
2858	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll' [rescheduled]
2859	4ad4.60b4: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
2860	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
2861	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
2862	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
2863	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\userenv.dll'.
2864	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\userenv.dll' [rescheduled]
2865	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\version.dll'.
2866	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\version.dll' [rescheduled]
2867	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\netapi32.dll'.
2868	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\netapi32.dll' [rescheduled]
2869	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\d3d11.dll'.
2870	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\d3d11.dll' [rescheduled]
2871	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\dxgi.dll'.
2872	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\dxgi.dll' [rescheduled]
2873	4ad4.60b4: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume3\Windows\System32\opengl32.dll'.
2874	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rescheduled]
2875	4ad4.60b4: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume3\Windows\System32\uxtheme.dll'.
2876	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\uxtheme.dll' [rescheduled]
2877	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\dwmapi.dll'.
2878	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\dwmapi.dll' [rescheduled]
2879	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
2880	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
2881	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp140_1.dll'.
2882	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp140_1.dll' [rescheduled]
2883	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
2884	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
2885	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
2886	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
2887	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
2888	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
2889	4ad4.60b4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
2890	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
2891	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc5dbc0000 'C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll'
2892	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb62a0000 'C:\WINDOWS\system32\rsaenh.dll'
2893	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7230000 'C:\WINDOWS\System32\crypt32.dll'
2894	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll'
2895	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb62a0000 'C:\WINDOWS\system32\rsaenh.dll'
2896	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7230000 'C:\WINDOWS\System32\crypt32.dll'
2897	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'
2898	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb62a0000 'C:\WINDOWS\system32\rsaenh.dll'
2899	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7230000 'C:\WINDOWS\System32\crypt32.dll'
2900	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\srvcli.dll'
2901	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb62a0000 'C:\WINDOWS\system32\rsaenh.dll'
2902	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7230000 'C:\WINDOWS\System32\crypt32.dll'
2903	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\DXCore.dll'
2904	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb62a0000 'C:\WINDOWS\system32\rsaenh.dll'
2905	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7230000 'C:\WINDOWS\System32\crypt32.dll'
2906	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\netutils.dll'
2907	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb62a0000 'C:\WINDOWS\system32\rsaenh.dll'
2908	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7230000 'C:\WINDOWS\System32\crypt32.dll'
2909	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll'
2910	4ad4.60b4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005bc pwszName=\Device\HarddiskVolume3\Windows\System32\glu32.dll
2911	4ad4.60b4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000029a0c2d5010
2912	4ad4.60b4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000029a0c2d5010
2913	4ad4.60b4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E282E8708D3F395DD885A51198AB92FC954FEB93
2914	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb62a0000 'C:\WINDOWS\system32\rsaenh.dll'
2915	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7230000 'C:\WINDOWS\System32\crypt32.dll'
2916	4ad4.60b4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0212~31bf3856ad364e35~amd64~~10.0.22621.3374.cat'; file='\Device\HarddiskVolume3\Windows\System32\glu32.dll'
2917	4ad4.60b4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2918	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll'
2919	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb62a0000 'C:\WINDOWS\system32\rsaenh.dll'
2920	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7230000 'C:\WINDOWS\System32\crypt32.dll'
2921	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll'
2922	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb62a0000 'C:\WINDOWS\system32\rsaenh.dll'
2923	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7230000 'C:\WINDOWS\System32\crypt32.dll'
2924	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\userenv.dll'
2925	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb62a0000 'C:\WINDOWS\system32\rsaenh.dll'
2926	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7230000 'C:\WINDOWS\System32\crypt32.dll'
2927	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\version.dll'
2928	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb62a0000 'C:\WINDOWS\system32\rsaenh.dll'
2929	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7230000 'C:\WINDOWS\System32\crypt32.dll'
2930	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\netapi32.dll'
2931	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb62a0000 'C:\WINDOWS\system32\rsaenh.dll'
2932	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7230000 'C:\WINDOWS\System32\crypt32.dll'
2933	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\d3d11.dll'
2934	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb62a0000 'C:\WINDOWS\system32\rsaenh.dll'
2935	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7230000 'C:\WINDOWS\System32\crypt32.dll'
2936	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dxgi.dll'
2937	4ad4.60b4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005a8 pwszName=\Device\HarddiskVolume3\Windows\System32\opengl32.dll
2938	4ad4.60b4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000029a0c2d5010
2939	4ad4.60b4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000029a0c2d5010
2940	4ad4.60b4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FA8479AEB25E866D14EB613903E2F9C454CD5B68
2941	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb62a0000 'C:\WINDOWS\system32\rsaenh.dll'
2942	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
2943	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2944	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7230000 'C:\WINDOWS\System32\crypt32.dll'
2945	4ad4.60b4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0212~31bf3856ad364e35~amd64~~10.0.22621.3527.cat'; file='\Device\HarddiskVolume3\Windows\System32\opengl32.dll'
2946	4ad4.60b4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2947	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\opengl32.dll'
2948	4ad4.60b4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000514 pwszName=\Device\HarddiskVolume3\Windows\System32\uxtheme.dll
2949	4ad4.60b4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000029a0c2d5010
2950	4ad4.60b4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000029a0c2d5010
2951	4ad4.60b4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D2E8973F51705FD020BE190A582194F512EF093F
2952	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb62a0000 'C:\WINDOWS\system32\rsaenh.dll'
2953	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7230000 'C:\WINDOWS\System32\crypt32.dll'
2954	4ad4.60b4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05~31bf3856ad364e35~amd64~~10.0.22621.3527.cat'; file='\Device\HarddiskVolume3\Windows\System32\uxtheme.dll'
2955	4ad4.60b4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2956	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\uxtheme.dll'
2957	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb62a0000 'C:\WINDOWS\system32\rsaenh.dll'
2958	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7230000 'C:\WINDOWS\System32\crypt32.dll'
2959	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dwmapi.dll'
2960	4ad4.60b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
2961	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2962	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb62a0000 'C:\WINDOWS\system32\rsaenh.dll'
2963	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7230000 'C:\WINDOWS\System32\crypt32.dll'
2964	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll'
2965	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb62a0000 'C:\WINDOWS\system32\rsaenh.dll'
2966	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7230000 'C:\WINDOWS\System32\crypt32.dll'
2967	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcp140_1.dll'
2968	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb62a0000 'C:\WINDOWS\system32\rsaenh.dll'
2969	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7230000 'C:\WINDOWS\System32\crypt32.dll'
2970	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll'
2971	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb62a0000 'C:\WINDOWS\system32\rsaenh.dll'
2972	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7230000 'C:\WINDOWS\System32\crypt32.dll'
2973	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'
2974	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb62a0000 'C:\WINDOWS\system32\rsaenh.dll'
2975	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7230000 'C:\WINDOWS\System32\crypt32.dll'
2976	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'
2977	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb62a0000 'C:\WINDOWS\system32\rsaenh.dll'
2978	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7230000 'C:\WINDOWS\System32\crypt32.dll'
2979	4ad4.60b4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\combase.dll'
2980	4ad4.60b4: SUPR3HardenedMain: Calling TrustedMain (00007ffc5dbc1c90)...
2981	4ad4.60b4: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll: Signature #1/2: info status: 24202
2982	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb62a0000 'C:\WINDOWS\system32\rsaenh.dll'
2983	4ad4.60b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7230000 'C:\WINDOWS\System32\crypt32.dll'
2984	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'dwmapi.dll'.
2985	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'imm32.dll'.
2986	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'.
2987	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'wtsapi32.dll'.
2988	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
2989	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
2990	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
2991	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5guivbox.dll'.
2992	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5corevbox.dll'.
2993	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shell32.dll'.
2994	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'winmm.dll'.
2995	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp140.dll'.
2996	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'vcruntime140.dll'.
2997	4ad4.60b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'vcruntime140_1.dll'.
2998	4ad4.60b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
2999	4ad4.60b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll

Download in other formats:

Original Format