VirtualBox

Ticket #17000: VBoxHardening.log

File VBoxHardening.log, 266.4 KB (added by edwaldner, 7 years ago)

Hardening log

Line 
123c0.6b8: Log file opened: 5.1.26r117224 g_hStartupLog=0000000000000068 g_uNtVerCombined=0xa03ad700
223c0.6b8: \SystemRoot\System32\ntdll.dll:
323c0.6b8: CreationTime: 2017-07-11T05:40:11.983760300Z
423c0.6b8: LastWriteTime: 2017-07-11T05:40:11.983760300Z
523c0.6b8: ChangeTime: 2017-08-09T16:02:07.654508700Z
623c0.6b8: FileAttributes: 0x20
723c0.6b8: Size: 0x1d7450
823c0.6b8: NT Headers: 0xe0
923c0.6b8: Timestamp: 0xa329d3a8
1023c0.6b8: Machine: 0x8664 - amd64
1123c0.6b8: Timestamp: 0xa329d3a8
1223c0.6b8: Image Version: 10.0
1323c0.6b8: SizeOfImage: 0x1db000 (1945600)
1423c0.6b8: Resource Dir: 0x170000 LB 0x69398
1523c0.6b8: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
1623c0.6b8: [Raw version resource data: 0x1700f0 LB 0x380, codepage 0x0 (reserved 0x0)]
1723c0.6b8: ProductName: Microsoft® Windows® Operating System
1823c0.6b8: ProductVersion: 10.0.15063.447
1923c0.6b8: FileVersion: 10.0.15063.447 (WinBuild.160101.0800)
2023c0.6b8: FileDescription: NT Layer DLL
2123c0.6b8: \SystemRoot\System32\kernel32.dll:
2223c0.6b8: CreationTime: 2017-07-11T05:40:08.546207000Z
2323c0.6b8: LastWriteTime: 2017-07-11T05:40:08.546207000Z
2423c0.6b8: ChangeTime: 2017-08-09T16:02:07.594291800Z
2523c0.6b8: FileAttributes: 0x20
2623c0.6b8: Size: 0xad068
2723c0.6b8: NT Headers: 0xf8
2823c0.6b8: Timestamp: 0xf5fa43df
2923c0.6b8: Machine: 0x8664 - amd64
3023c0.6b8: Timestamp: 0xf5fa43df
3123c0.6b8: Image Version: 10.0
3223c0.6b8: SizeOfImage: 0xae000 (712704)
3323c0.6b8: Resource Dir: 0xac000 LB 0x520
3423c0.6b8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
3523c0.6b8: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
3623c0.6b8: ProductName: Microsoft® Windows® Operating System
3723c0.6b8: ProductVersion: 10.0.15063.296
3823c0.6b8: FileVersion: 10.0.15063.296 (WinBuild.160101.0800)
3923c0.6b8: FileDescription: Windows NT BASE API Client DLL
4023c0.6b8: \SystemRoot\System32\KernelBase.dll:
4123c0.6b8: CreationTime: 2017-08-08T19:16:09.595226000Z
4223c0.6b8: LastWriteTime: 2017-07-28T05:25:32.331020800Z
4323c0.6b8: ChangeTime: 2017-08-09T21:27:38.198821800Z
4423c0.6b8: FileAttributes: 0x20
4523c0.6b8: Size: 0x249df0
4623c0.6b8: NT Headers: 0x100
4723c0.6b8: Timestamp: 0x5405b5
4823c0.6b8: Machine: 0x8664 - amd64
4923c0.6b8: Timestamp: 0x5405b5
5023c0.6b8: Image Version: 10.0
5123c0.6b8: SizeOfImage: 0x249000 (2396160)
5223c0.6b8: Resource Dir: 0x22a000 LB 0x548
5323c0.6b8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
5423c0.6b8: [Raw version resource data: 0x22a0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
5523c0.6b8: ProductName: Microsoft® Windows® Operating System
5623c0.6b8: ProductVersion: 10.0.15063.502
5723c0.6b8: FileVersion: 10.0.15063.502 (WinBuild.160101.0800)
5823c0.6b8: FileDescription: Windows NT BASE API Client DLL
5923c0.6b8: \SystemRoot\System32\apisetschema.dll:
6023c0.6b8: CreationTime: 2017-03-18T20:57:35.373527900Z
6123c0.6b8: LastWriteTime: 2017-03-18T20:57:35.373527900Z
6223c0.6b8: ChangeTime: 2017-07-31T16:05:29.423746600Z
6323c0.6b8: FileAttributes: 0x20
6423c0.6b8: Size: 0x1ada0
6523c0.6b8: NT Headers: 0xc0
6623c0.6b8: Timestamp: 0x76544b2
6723c0.6b8: Machine: 0x8664 - amd64
6823c0.6b8: Timestamp: 0x76544b2
6923c0.6b8: Image Version: 10.0
7023c0.6b8: SizeOfImage: 0x1b000 (110592)
7123c0.6b8: Resource Dir: 0x1a000 LB 0x408
7223c0.6b8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
7323c0.6b8: [Raw version resource data: 0x1a060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
7423c0.6b8: ProductName: Microsoft® Windows® Operating System
7523c0.6b8: ProductVersion: 10.0.15063.0
7623c0.6b8: FileVersion: 10.0.15063.0 (WinBuild.160101.0800)
7723c0.6b8: FileDescription: ApiSet Schema DLL
7823c0.6b8: NtOpenDirectoryObject failed on \Driver: 0xc0000022
7923c0.6b8: supR3HardenedWinFindAdversaries: 0x0
8023c0.6b8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
8123c0.6b8: Calling main()
8223c0.6b8: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
8323c0.6b8: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
8423c0.6b8: SUPR3HardenedMain: Respawn #1
8523c0.6b8: System32: \Device\HarddiskVolume3\Windows\System32
8623c0.6b8: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
8723c0.6b8: KnownDllPath: C:\WINDOWS\System32
8823c0.6b8: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
8923c0.6b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe)
9023c0.6b8: supR3HardNtEnableThreadCreation:
9123c0.6b8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffa18ba9ac0 pvNtTerminateThread=00007ffa18bd5df0
9223c0.6b8: supR3HardenedWinDoReSpawn(1): New child 22d0.3954 [kernel32].
9323c0.6b8: supR3HardNtChildGatherData: PebBaseAddress=000000000062b000 cbPeb=0x388
9423c0.6b8: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffa18b30000 uNtDllChildAddr=00007ffa18b30000
9523c0.6b8: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffa18ba9ac0
9623c0.6b8: supR3HardenedWinSetupChildInit: Start child.
9723c0.6b8: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
9823c0.6b8: supR3HardNtChildPurify: Startup delay kludge #1/0: 271 ms, 18 sleeps
9923c0.6b8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
10023c0.6b8: *0000000000000000-00000000004dffff 0x0001/0x0000 0x0000000
10123c0.6b8: *00000000004e0000-00000000004fffff 0x0004/0x0004 0x0020000
10223c0.6b8: *0000000000500000-0000000000517fff 0x0002/0x0002 0x0040000
10323c0.6b8: 0000000000518000-000000000051ffff 0x0001/0x0000 0x0000000
10423c0.6b8: *0000000000520000-0000000000523fff 0x0002/0x0002 0x0040000
10523c0.6b8: 0000000000524000-000000000052ffff 0x0001/0x0000 0x0000000
10623c0.6b8: *0000000000530000-0000000000530fff 0x0004/0x0004 0x0020000
10723c0.6b8: 0000000000531000-00000000005fffff 0x0001/0x0000 0x0000000
10823c0.6b8: *0000000000600000-000000000062afff 0x0000/0x0004 0x0020000
10923c0.6b8: 000000000062b000-000000000062dfff 0x0004/0x0004 0x0020000
11023c0.6b8: 000000000062e000-00000000007fffff 0x0000/0x0004 0x0020000
11123c0.6b8: *0000000000800000-00000000008fafff 0x0000/0x0004 0x0020000
11223c0.6b8: 00000000008fb000-00000000008fdfff 0x0104/0x0004 0x0020000
11323c0.6b8: 00000000008fe000-00000000008fffff 0x0004/0x0004 0x0020000
11423c0.6b8: 0000000000900000-000000007ffdffff 0x0001/0x0000 0x0000000
11523c0.6b8: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
11623c0.6b8: *000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
11723c0.6b8: 000000007fff0000-00007ff6f8d7ffff 0x0001/0x0000 0x0000000
11823c0.6b8: *00007ff6f8d80000-00007ff6f8da2fff 0x0002/0x0002 0x0040000
11923c0.6b8: 00007ff6f8da3000-00007ff6f942ffff 0x0001/0x0000 0x0000000
12023c0.6b8: *00007ff6f9430000-00007ff6f9430fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
12123c0.6b8: 00007ff6f9431000-00007ff6f94a0fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
12223c0.6b8: 00007ff6f94a1000-00007ff6f94a1fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
12323c0.6b8: 00007ff6f94a2000-00007ff6f94e7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
12423c0.6b8: 00007ff6f94e8000-00007ff6f94e8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
12523c0.6b8: 00007ff6f94e9000-00007ff6f94e9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
12623c0.6b8: 00007ff6f94ea000-00007ff6f94eefff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
12723c0.6b8: 00007ff6f94ef000-00007ff6f94effff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
12823c0.6b8: 00007ff6f94f0000-00007ff6f94f0fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
12923c0.6b8: 00007ff6f94f1000-00007ff6f94f4fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
13023c0.6b8: 00007ff6f94f5000-00007ff6f953cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
13123c0.6b8: 00007ff6f953d000-00007ffa18b2ffff 0x0001/0x0000 0x0000000
13223c0.6b8: *00007ffa18b30000-00007ffa18b30fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
13323c0.6b8: 00007ffa18b31000-00007ffa18c3ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
13423c0.6b8: 00007ffa18c40000-00007ffa18c84fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
13523c0.6b8: 00007ffa18c85000-00007ffa18c8cfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
13623c0.6b8: 00007ffa18c8d000-00007ffa18c9afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
13723c0.6b8: 00007ffa18c9b000-00007ffa18c9bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
13823c0.6b8: 00007ffa18c9c000-00007ffa18c9efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
13923c0.6b8: 00007ffa18c9f000-00007ffa18d0afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
14023c0.6b8: 00007ffa18d0b000-00007ffffffdffff 0x0001/0x0000 0x0000000
14123c0.6b8: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
14223c0.6b8: VirtualBox.exe: timestamp 0x5979cfa2 (rc=VINF_SUCCESS)
14323c0.6b8: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
14423c0.6b8: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
14523c0.6b8: supR3HardNtChildPurify: Done after 318 ms and 0 fixes (loop #0).
14623c0.6b8: supR3HardNtEnableThreadCreation:
14722d0.3954: Log file opened: 5.1.26r117224 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa03ad700
14822d0.3954: supR3HardenedVmProcessInit: uNtDllAddr=00007ffa18b30000 g_uNtVerCombined=0xa03ad700
14922d0.3954: ntdll.dll: timestamp 0xa329d3a8 (rc=VINF_SUCCESS)
15022d0.3954: New simple heap: #1 0000000000a00000 LB 0x400000 (for 1945600 allocation)
15122d0.3954: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
15222d0.3954: System32: \Device\HarddiskVolume3\Windows\System32
15322d0.3954: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
15422d0.3954: KnownDllPath: C:\WINDOWS\System32
15522d0.3954: supR3HardenedVmProcessInit: Opening vboxdrv stub...
15622d0.3954: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
15722d0.3954: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
15822d0.3954: Registered Dll notification callback with NTDLL.
15922d0.3954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
16022d0.3954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
16122d0.3954: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
16222d0.3954: supR3HardenedDllNotificationCallback: load 00007ffa186e0000 LB 0x00249000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
16322d0.3954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
16422d0.3954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
16522d0.3954: supR3HardenedDllNotificationCallback: load 00007ffa18930000 LB 0x000ae000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
16622d0.3954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
16722d0.3954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18930000 'C:\WINDOWS\System32\KERNEL32.DLL'
16822d0.3954: supR3HardenedDllNotificationCallback: load 00007ff6f9430000 LB 0x0010d000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
16922d0.3954: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
17022d0.3954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe)
17122d0.3954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
17222d0.3954: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffa18ba9ac0 pvNtTerminateThread=00007ffa18bd5df0
17323c0.6b8: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 78 ms.
17422d0.3954: \SystemRoot\System32\ntdll.dll:
17522d0.3954: CreationTime: 2017-07-11T05:40:11.983760300Z
17622d0.3954: LastWriteTime: 2017-07-11T05:40:11.983760300Z
17722d0.3954: ChangeTime: 2017-08-09T16:02:07.654508700Z
17822d0.3954: FileAttributes: 0x20
17922d0.3954: Size: 0x1d7450
18022d0.3954: NT Headers: 0xe0
18122d0.3954: Timestamp: 0xa329d3a8
18222d0.3954: Machine: 0x8664 - amd64
18322d0.3954: Timestamp: 0xa329d3a8
18422d0.3954: Image Version: 10.0
18522d0.3954: SizeOfImage: 0x1db000 (1945600)
18622d0.3954: Resource Dir: 0x170000 LB 0x69398
18722d0.3954: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
18822d0.3954: [Raw version resource data: 0x1700f0 LB 0x380, codepage 0x0 (reserved 0x0)]
18922d0.3954: ProductName: Microsoft® Windows® Operating System
19022d0.3954: ProductVersion: 10.0.15063.447
19122d0.3954: FileVersion: 10.0.15063.447 (WinBuild.160101.0800)
19222d0.3954: FileDescription: NT Layer DLL
19322d0.3954: \SystemRoot\System32\kernel32.dll:
19422d0.3954: CreationTime: 2017-07-11T05:40:08.546207000Z
19522d0.3954: LastWriteTime: 2017-07-11T05:40:08.546207000Z
19622d0.3954: ChangeTime: 2017-08-09T16:02:07.594291800Z
19722d0.3954: FileAttributes: 0x20
19822d0.3954: Size: 0xad068
19922d0.3954: NT Headers: 0xf8
20022d0.3954: Timestamp: 0xf5fa43df
20122d0.3954: Machine: 0x8664 - amd64
20222d0.3954: Timestamp: 0xf5fa43df
20322d0.3954: Image Version: 10.0
20422d0.3954: SizeOfImage: 0xae000 (712704)
20522d0.3954: Resource Dir: 0xac000 LB 0x520
20622d0.3954: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
20722d0.3954: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
20822d0.3954: ProductName: Microsoft® Windows® Operating System
20922d0.3954: ProductVersion: 10.0.15063.296
21022d0.3954: FileVersion: 10.0.15063.296 (WinBuild.160101.0800)
21122d0.3954: FileDescription: Windows NT BASE API Client DLL
21222d0.3954: \SystemRoot\System32\KernelBase.dll:
21322d0.3954: CreationTime: 2017-08-08T19:16:09.595226000Z
21422d0.3954: LastWriteTime: 2017-07-28T05:25:32.331020800Z
21522d0.3954: ChangeTime: 2017-08-09T21:27:38.198821800Z
21622d0.3954: FileAttributes: 0x20
21722d0.3954: Size: 0x249df0
21822d0.3954: NT Headers: 0x100
21922d0.3954: Timestamp: 0x5405b5
22022d0.3954: Machine: 0x8664 - amd64
22122d0.3954: Timestamp: 0x5405b5
22222d0.3954: Image Version: 10.0
22322d0.3954: SizeOfImage: 0x249000 (2396160)
22422d0.3954: Resource Dir: 0x22a000 LB 0x548
22522d0.3954: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
22622d0.3954: [Raw version resource data: 0x22a0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
22722d0.3954: ProductName: Microsoft® Windows® Operating System
22822d0.3954: ProductVersion: 10.0.15063.502
22922d0.3954: FileVersion: 10.0.15063.502 (WinBuild.160101.0800)
23022d0.3954: FileDescription: Windows NT BASE API Client DLL
23122d0.3954: \SystemRoot\System32\apisetschema.dll:
23222d0.3954: CreationTime: 2017-03-18T20:57:35.373527900Z
23322d0.3954: LastWriteTime: 2017-03-18T20:57:35.373527900Z
23422d0.3954: ChangeTime: 2017-07-31T16:05:29.423746600Z
23522d0.3954: FileAttributes: 0x20
23622d0.3954: Size: 0x1ada0
23722d0.3954: NT Headers: 0xc0
23822d0.3954: Timestamp: 0x76544b2
23922d0.3954: Machine: 0x8664 - amd64
24022d0.3954: Timestamp: 0x76544b2
24122d0.3954: Image Version: 10.0
24222d0.3954: SizeOfImage: 0x1b000 (110592)
24322d0.3954: Resource Dir: 0x1a000 LB 0x408
24422d0.3954: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
24522d0.3954: [Raw version resource data: 0x1a060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
24622d0.3954: ProductName: Microsoft® Windows® Operating System
24722d0.3954: ProductVersion: 10.0.15063.0
24822d0.3954: FileVersion: 10.0.15063.0 (WinBuild.160101.0800)
24922d0.3954: FileDescription: ApiSet Schema DLL
25022d0.3954: NtOpenDirectoryObject failed on \Driver: 0xc0000022
25122d0.3954: supR3HardenedWinFindAdversaries: 0x0
25222d0.3954: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
25322d0.3954: Calling main()
25422d0.3954: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
25522d0.3954: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
25622d0.3954: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
25722d0.3954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe)
25822d0.3954: SUPR3HardenedMain: Respawn #2
25922d0.3954: supR3HardNtEnableThreadCreation:
26022d0.3954: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
26122d0.3954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntdll.dll)
26222d0.3954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntdll.dll
26322d0.3954: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
26422d0.3954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18b30000 'C:\WINDOWS\System32\ntdll.dll'
26522d0.3954: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffa18ba9ac0 pvNtTerminateThread=00007ffa18bd5df0
26622d0.3954: supR3HardenedWinDoReSpawn(2): New child 17d8.1710 [kernel32].
26722d0.3954: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
26822d0.3954: supR3HardNtChildGatherData: PebBaseAddress=0000000000b55000 cbPeb=0x388
26922d0.3954: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffa18b30000 uNtDllChildAddr=00007ffa18b30000
27022d0.3954: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffa18ba9ac0
27122d0.3954: supR3HardenedWinSetupChildInit: Start child.
27222d0.3954: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
27322d0.3954: supR3HardNtChildPurify: Startup delay kludge #1/0: 266 ms, 16 sleeps
27422d0.3954: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
27522d0.3954: *0000000000000000-000000000087ffff 0x0001/0x0000 0x0000000
27622d0.3954: *0000000000880000-000000000089ffff 0x0004/0x0004 0x0020000
27722d0.3954: *00000000008a0000-00000000008b7fff 0x0002/0x0002 0x0040000
27822d0.3954: 00000000008b8000-00000000008bffff 0x0001/0x0000 0x0000000
27922d0.3954: *00000000008c0000-00000000009bafff 0x0000/0x0004 0x0020000
28022d0.3954: 00000000009bb000-00000000009bdfff 0x0104/0x0004 0x0020000
28122d0.3954: 00000000009be000-00000000009bffff 0x0004/0x0004 0x0020000
28222d0.3954: *00000000009c0000-00000000009c3fff 0x0002/0x0002 0x0040000
28322d0.3954: 00000000009c4000-00000000009cffff 0x0001/0x0000 0x0000000
28422d0.3954: *00000000009d0000-00000000009d0fff 0x0004/0x0004 0x0020000
28522d0.3954: 00000000009d1000-00000000009fffff 0x0001/0x0000 0x0000000
28622d0.3954: *0000000000a00000-0000000000b54fff 0x0000/0x0004 0x0020000
28722d0.3954: 0000000000b55000-0000000000b57fff 0x0004/0x0004 0x0020000
28822d0.3954: 0000000000b58000-0000000000bfffff 0x0000/0x0004 0x0020000
28922d0.3954: 0000000000c00000-000000007ffdffff 0x0001/0x0000 0x0000000
29022d0.3954: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
29122d0.3954: *000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
29222d0.3954: 000000007fff0000-00007ff6f8e9ffff 0x0001/0x0000 0x0000000
29322d0.3954: *00007ff6f8ea0000-00007ff6f8ec2fff 0x0002/0x0002 0x0040000
29422d0.3954: 00007ff6f8ec3000-00007ff6f942ffff 0x0001/0x0000 0x0000000
29522d0.3954: *00007ff6f9430000-00007ff6f9430fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
29622d0.3954: 00007ff6f9431000-00007ff6f94a0fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
29722d0.3954: 00007ff6f94a1000-00007ff6f94a1fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
29822d0.3954: 00007ff6f94a2000-00007ff6f94e7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
29922d0.3954: 00007ff6f94e8000-00007ff6f94e8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
30022d0.3954: 00007ff6f94e9000-00007ff6f94e9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
30122d0.3954: 00007ff6f94ea000-00007ff6f94eefff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
30222d0.3954: 00007ff6f94ef000-00007ff6f94effff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
30322d0.3954: 00007ff6f94f0000-00007ff6f94f0fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
30422d0.3954: 00007ff6f94f1000-00007ff6f94f4fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
30522d0.3954: 00007ff6f94f5000-00007ff6f953cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
30622d0.3954: 00007ff6f953d000-00007ffa18b2ffff 0x0001/0x0000 0x0000000
30722d0.3954: *00007ffa18b30000-00007ffa18b30fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
30822d0.3954: 00007ffa18b31000-00007ffa18c3ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
30922d0.3954: 00007ffa18c40000-00007ffa18c84fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
31022d0.3954: 00007ffa18c85000-00007ffa18c8cfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
31122d0.3954: 00007ffa18c8d000-00007ffa18c9afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
31222d0.3954: 00007ffa18c9b000-00007ffa18c9bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
31322d0.3954: 00007ffa18c9c000-00007ffa18c9efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
31422d0.3954: 00007ffa18c9f000-00007ffa18d0afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
31522d0.3954: 00007ffa18d0b000-00007ffffffdffff 0x0001/0x0000 0x0000000
31622d0.3954: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
31722d0.3954: VirtualBox.exe: timestamp 0x5979cfa2 (rc=VINF_SUCCESS)
31822d0.3954: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
31922d0.3954: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
32022d0.3954: supR3HardNtChildPurify: Done after 313 ms and 0 fixes (loop #0).
32117d8.1710: Log file opened: 5.1.26r117224 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa03ad700
32217d8.1710: supR3HardenedVmProcessInit: uNtDllAddr=00007ffa18b30000 g_uNtVerCombined=0xa03ad700
32322d0.3954: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000a00000 LB 0x400000)
32422d0.3954: supR3HardNtEnableThreadCreation:
32517d8.1710: ntdll.dll: timestamp 0xa329d3a8 (rc=VINF_SUCCESS)
32617d8.1710: New simple heap: #1 0000000000d00000 LB 0x400000 (for 1945600 allocation)
32717d8.1710: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
32817d8.1710: System32: \Device\HarddiskVolume3\Windows\System32
32917d8.1710: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
33017d8.1710: KnownDllPath: C:\WINDOWS\System32
33117d8.1710: supR3HardenedVmProcessInit: Opening vboxdrv...
33217d8.1710: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
33317d8.1710: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
33417d8.1710: Registered Dll notification callback with NTDLL.
33517d8.1710: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
33617d8.1710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
33717d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
33817d8.1710: supR3HardenedDllNotificationCallback: load 00007ffa186e0000 LB 0x00249000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
33917d8.1710: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
34017d8.1710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
34117d8.1710: supR3HardenedDllNotificationCallback: load 00007ffa18930000 LB 0x000ae000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
34217d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
34317d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18930000 'C:\WINDOWS\System32\KERNEL32.DLL'
34417d8.1710: supR3HardenedDllNotificationCallback: load 00007ff6f9430000 LB 0x0010d000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
34517d8.1710: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
34617d8.1710: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe)
34717d8.1710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
34817d8.1710: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffa18ba9ac0 pvNtTerminateThread=00007ffa18bd5df0
34922d0.3954: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 93 ms.
35017d8.1710: \SystemRoot\System32\ntdll.dll:
35117d8.1710: CreationTime: 2017-07-11T05:40:11.983760300Z
35217d8.1710: LastWriteTime: 2017-07-11T05:40:11.983760300Z
35317d8.1710: ChangeTime: 2017-08-09T16:02:07.654508700Z
35417d8.1710: FileAttributes: 0x20
35517d8.1710: Size: 0x1d7450
35617d8.1710: NT Headers: 0xe0
35717d8.1710: Timestamp: 0xa329d3a8
35817d8.1710: Machine: 0x8664 - amd64
35917d8.1710: Timestamp: 0xa329d3a8
36017d8.1710: Image Version: 10.0
36117d8.1710: SizeOfImage: 0x1db000 (1945600)
36217d8.1710: Resource Dir: 0x170000 LB 0x69398
36317d8.1710: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
36417d8.1710: [Raw version resource data: 0x1700f0 LB 0x380, codepage 0x0 (reserved 0x0)]
36517d8.1710: ProductName: Microsoft® Windows® Operating System
36617d8.1710: ProductVersion: 10.0.15063.447
36717d8.1710: FileVersion: 10.0.15063.447 (WinBuild.160101.0800)
36817d8.1710: FileDescription: NT Layer DLL
36917d8.1710: \SystemRoot\System32\kernel32.dll:
37017d8.1710: CreationTime: 2017-07-11T05:40:08.546207000Z
37117d8.1710: LastWriteTime: 2017-07-11T05:40:08.546207000Z
37217d8.1710: ChangeTime: 2017-08-09T16:02:07.594291800Z
37317d8.1710: FileAttributes: 0x20
37417d8.1710: Size: 0xad068
37517d8.1710: NT Headers: 0xf8
37617d8.1710: Timestamp: 0xf5fa43df
37717d8.1710: Machine: 0x8664 - amd64
37817d8.1710: Timestamp: 0xf5fa43df
37917d8.1710: Image Version: 10.0
38017d8.1710: SizeOfImage: 0xae000 (712704)
38117d8.1710: Resource Dir: 0xac000 LB 0x520
38217d8.1710: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
38317d8.1710: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
38417d8.1710: ProductName: Microsoft® Windows® Operating System
38517d8.1710: ProductVersion: 10.0.15063.296
38617d8.1710: FileVersion: 10.0.15063.296 (WinBuild.160101.0800)
38717d8.1710: FileDescription: Windows NT BASE API Client DLL
38817d8.1710: \SystemRoot\System32\KernelBase.dll:
38917d8.1710: CreationTime: 2017-08-08T19:16:09.595226000Z
39017d8.1710: LastWriteTime: 2017-07-28T05:25:32.331020800Z
39117d8.1710: ChangeTime: 2017-08-09T21:27:38.198821800Z
39217d8.1710: FileAttributes: 0x20
39317d8.1710: Size: 0x249df0
39417d8.1710: NT Headers: 0x100
39517d8.1710: Timestamp: 0x5405b5
39617d8.1710: Machine: 0x8664 - amd64
39717d8.1710: Timestamp: 0x5405b5
39817d8.1710: Image Version: 10.0
39917d8.1710: SizeOfImage: 0x249000 (2396160)
40017d8.1710: Resource Dir: 0x22a000 LB 0x548
40117d8.1710: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
40217d8.1710: [Raw version resource data: 0x22a0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
40317d8.1710: ProductName: Microsoft® Windows® Operating System
40417d8.1710: ProductVersion: 10.0.15063.502
40517d8.1710: FileVersion: 10.0.15063.502 (WinBuild.160101.0800)
40617d8.1710: FileDescription: Windows NT BASE API Client DLL
40717d8.1710: \SystemRoot\System32\apisetschema.dll:
40817d8.1710: CreationTime: 2017-03-18T20:57:35.373527900Z
40917d8.1710: LastWriteTime: 2017-03-18T20:57:35.373527900Z
41017d8.1710: ChangeTime: 2017-07-31T16:05:29.423746600Z
41117d8.1710: FileAttributes: 0x20
41217d8.1710: Size: 0x1ada0
41317d8.1710: NT Headers: 0xc0
41417d8.1710: Timestamp: 0x76544b2
41517d8.1710: Machine: 0x8664 - amd64
41617d8.1710: Timestamp: 0x76544b2
41717d8.1710: Image Version: 10.0
41817d8.1710: SizeOfImage: 0x1b000 (110592)
41917d8.1710: Resource Dir: 0x1a000 LB 0x408
42017d8.1710: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
42117d8.1710: [Raw version resource data: 0x1a060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
42217d8.1710: ProductName: Microsoft® Windows® Operating System
42317d8.1710: ProductVersion: 10.0.15063.0
42417d8.1710: FileVersion: 10.0.15063.0 (WinBuild.160101.0800)
42517d8.1710: FileDescription: ApiSet Schema DLL
42617d8.1710: NtOpenDirectoryObject failed on \Driver: 0xc0000022
42717d8.1710: supR3HardenedWinFindAdversaries: 0x0
42817d8.1710: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
42917d8.1710: Calling main()
43017d8.1710: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
43117d8.1710: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
43217d8.1710: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
43317d8.1710: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe)
43417d8.1710: SUPR3HardenedMain: Final process, opening VBoxDrv...
43517d8.1710: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000d00000 LB 0x400000)
43617d8.1710: supR3HardNtEnableThreadCreation:
43717d8.1710: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
43817d8.1710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
43917d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
44017d8.1710: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
44117d8.1710: supR3HardenedDllNotificationCallback: load 00007ffa12e40000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
44217d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
44317d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
44417d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
44517d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa12e40000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
44617d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
44717d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
44817d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa12e40000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
44917d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa12e40000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
45017d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
45117d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
45217d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
45317d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
45417d8.1710: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wintrust.dll)
45517d8.1710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wintrust.dll
45617d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
45717d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
45817d8.1710: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll)
45917d8.1710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
46017d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
46117d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
46217d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'msasn1.dll'.
46317d8.1710: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\crypt32.dll)
46417d8.1710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\crypt32.dll
46517d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
46617d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
46717d8.1710: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msasn1.dll)
46817d8.1710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msasn1.dll
46917d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
47017d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
47117d8.1710: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcrt.dll)
47217d8.1710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
47317d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
47417d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
47517d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
47617d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
47717d8.1710: supR3HardenedDllNotificationCallback: load 00007ffa18600000 LB 0x0009d000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0]
47817d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
47917d8.1710: supR3HardenedDllNotificationCallback: load 00007ffa14fd0000 LB 0x00011000 C:\WINDOWS\System32\MSASN1.dll [fFlags=0x0]
48017d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
48117d8.1710: supR3HardenedDllNotificationCallback: load 00007ffa15d00000 LB 0x000f6000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0]
48217d8.1710: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ucrtbase.dll)
48317d8.1710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ucrtbase.dll
48417d8.1710: supR3HardenedDllNotificationCallback: load 00007ffa15710000 LB 0x001c9000 C:\WINDOWS\System32\CRYPT32.dll [fFlags=0x0]
48517d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
48617d8.1710: supR3HardenedDllNotificationCallback: load 00007ffa164e0000 LB 0x00125000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
48717d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
48817d8.1710: supR3HardenedDllNotificationCallback: load 00007ffa15e00000 LB 0x00059000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
48917d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
49017d8.1710: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\sechost.dll)
49117d8.1710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sechost.dll
49217d8.1710: supR3HardenedDllNotificationCallback: load 00007ffa15e80000 LB 0x000a1000 C:\WINDOWS\System32\advapi32.dll [fFlags=0x0]
49317d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
49417d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'sechost.dll'.
49517d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
49617d8.1710: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\advapi32.dll)
49717d8.1710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\advapi32.dll
49817d8.1710: supR3HardenedDllNotificationCallback: load 00007ffa15980000 LB 0x00056000 C:\WINDOWS\System32\Wintrust.dll [fFlags=0x0]
49917d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
50017d8.1710: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
50117d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
50217d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa186e0000 'api-ms-win-core-synch-l1-2-0'
50317d8.1710: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
50417d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
50517d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa186e0000 'api-ms-win-core-fibers-l1-1-1'
50617d8.1710: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
50717d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
50817d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa186e0000 'api-ms-win-core-fibers-l1-1-1'
50917d8.1710: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
51017d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
51117d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa186e0000 'api-ms-win-core-synch-l1-2-0'
51217d8.1710: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
51317d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
51417d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa186e0000 'api-ms-win-core-localization-l1-2-1'
51517d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15980000 'C:\WINDOWS\system32\Wintrust.dll'
51617d8.1710: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcrypt.dll)
51717d8.1710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
51817d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
51917d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
52017d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
52117d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
52217d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume3\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
52317d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\sechost.dll [lacks WinVerifyTrust]
52417d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
52517d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
52617d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
52717d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
52817d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
52917d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
53017d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
53117d8.1710: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
53217d8.1710: supR3HardenedDllNotificationCallback: load 00007ffa14b20000 LB 0x00025000 C:\WINDOWS\system32\bcrypt.dll [fFlags=0x0]
53317d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
53417d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14b20000 'C:\WINDOWS\system32\bcrypt.dll'
53517d8.1710: bcrypt.dll loaded at 00007ffa14b20000, BCryptOpenAlgorithmProvider at 00007ffa14b24aa0, preloading providers:
53617d8.1710: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll)
53717d8.1710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
53817d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
53917d8.1710: supR3HardenedDllNotificationCallback: load 00007ffa15b70000 LB 0x0006a000 C:\WINDOWS\System32\bcryptprimitives.dll [fFlags=0x0]
54017d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
54117d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15b70000 'C:\WINDOWS\system32\bcryptprimitives.dll'
54217d8.1710: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=00000000011be6e0)
54317d8.1710: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=00000000011becf0)
54417d8.1710: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=00000000011befd0)
54517d8.1710: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=00000000011bf2a0)
54617d8.1710: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=00000000011bfd80)
54717d8.1710: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=00000000011c0050)
54817d8.1710: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=00000000011c0320)
54917d8.1710: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=00000000011c05f0)
55017d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
55117d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
55217d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15980000 'C:\Windows\System32\WINTRUST.DLL'
55317d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
55417d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
55517d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15980000 'C:\Windows\System32\WINTRUST.DLL'
55617d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
55717d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
55817d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15980000 'C:\Windows\System32\WINTRUST.DLL'
55917d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
56017d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
56117d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15980000 'C:\Windows\System32\WINTRUST.DLL'
56217d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
56317d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
56417d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15980000 'C:\Windows\System32\WINTRUST.DLL'
56517d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
56617d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
56717d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15980000 'C:\Windows\System32\WINTRUST.DLL'
56817d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
56917d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
57017d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15980000 'C:\Windows\System32\WINTRUST.DLL'
57117d8.1710: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptsp.dll)
57217d8.1710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptsp.dll
57317d8.1710: supR3HardenedDllNotificationCallback: load 00007ffa14a00000 LB 0x00017000 C:\WINDOWS\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
57417d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
57517d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'bcrypt.dll'.
57617d8.1710: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rsaenh.dll)
57717d8.1710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
57817d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
57917d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
58017d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
58117d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
58217d8.1710: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
58317d8.1710: supR3HardenedDllNotificationCallback: load 00007ffa14120000 LB 0x00034000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
58417d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
58517d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
58617d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
58717d8.1710: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptbase.dll)
58817d8.1710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptbase.dll
58917d8.1710: supR3HardenedDllNotificationCallback: load 00007ffa149e0000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
59017d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
59117d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
59217d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
59317d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
59417d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
59517d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
59617d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18930000 'C:\WINDOWS\System32\kernel32.dll'
59717d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
59817d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15980000 'C:\Windows\System32\WINTRUST.DLL'
59917d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
60017d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
60117d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15710000 'C:\WINDOWS\System32\CRYPT32.dll'
60217d8.1710: supR3HardenedDllNotificationCallback: load 00007ffa15e60000 LB 0x0001d000 C:\WINDOWS\System32\imagehlp.dll [fFlags=0x0]
60317d8.1710: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\imagehlp.dll)
60417d8.1710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imagehlp.dll
60517d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
60617d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
60717d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
60817d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
60917d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
61017d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'crypt32.dll'.
61117d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'bcrypt.dll'.
61217d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'ncrypt.dll'.
61317d8.1710: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\ngcrecovery.dll)
61417d8.1710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ngcrecovery.dll
61517d8.1710: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 00000000000001f4 (hFile=00000000000001e8) with 0xc0000022 -> STATUS_TRUST_FAILURE
61617d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
61717d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
61817d8.1710: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gpapi.dll)
61917d8.1710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gpapi.dll
62017d8.1710: supR3HardenedDllNotificationCallback: load 00007ffa13960000 LB 0x00022000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0]
62117d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
62217d8.1710: supR3HardenedDllNotificationCallback: load 00007ffa14fb0000 LB 0x00015000 C:\WINDOWS\System32\profapi.dll [fFlags=0x0]
62317d8.1710: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\profapi.dll)
62417d8.1710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\profapi.dll
62517d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
62617d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
62717d8.1710: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\cryptnet.dll)
62817d8.1710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptnet.dll
62917d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
63017d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
63117d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
63217d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
63317d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
63417d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
63517d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
63617d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
63717d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
63817d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
63917d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
64017d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
64117d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ncrypt.dll'...
64217d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'ncrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\ncrypt.dll' [rcNtRedir=0xc0150008]
64317d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcrypt.dll'.
64417d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'ntasn1.dll'.
64517d8.1710: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ncrypt.dll)
64617d8.1710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ncrypt.dll
64717d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
64817d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
64917d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
65017d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
65117d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
65217d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
65317d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
65417d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
65517d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
65617d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
65717d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
65817d8.1710: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll)
65917d8.1710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
66017d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntasn1.dll'...
66117d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\ntasn1.dll' [rcNtRedir=0xc0150008]
66217d8.1710: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntasn1.dll)
66317d8.1710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntasn1.dll
66417d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
66517d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
66617d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
66717d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
66817d8.1710: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
66917d8.1710: supR3HardenedDllNotificationCallback: load 00007ff9f0790000 LB 0x0002f000 C:\WINDOWS\System32\cryptnet.dll [fFlags=0x0]
67017d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
67117d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
67217d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
67317d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f0790000 'C:\WINDOWS\System32\cryptnet.dll'
67417d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
67517d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
67617d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f0790000 'C:\WINDOWS\System32\cryptnet.dll'
67717d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
67817d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
67917d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f0790000 'C:\WINDOWS\System32\cryptnet.dll'
68017d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
68117d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
68217d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f0790000 'C:\WINDOWS\System32\cryptnet.dll'
68317d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
68417d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
68517d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f0790000 'C:\WINDOWS\System32\cryptnet.dll'
68617d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
68717d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
68817d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f0790000 'C:\WINDOWS\System32\cryptnet.dll'
68917d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
69017d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f0790000 'C:\WINDOWS\System32\cryptnet.dll'
69117d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
69217d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f0790000 'C:\WINDOWS\System32\cryptnet.dll'
69317d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
69417d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f0790000 'C:\WINDOWS\System32\cryptnet.dll'
69517d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
69617d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f0790000 'C:\WINDOWS\System32\cryptnet.dll'
69717d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
69817d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f0790000 'C:\WINDOWS\System32\cryptnet.dll'
69917d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f0790000 'C:\WINDOWS\System32\cryptnet.dll'
70017d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
70117d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f0790000 'C:\Windows\System32\cryptnet.dll'
70217d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
70317d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
70417d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
70517d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
70617d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
70717d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15710000 'C:\WINDOWS\System32\crypt32.dll'
70817d8.1710: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
70917d8.1710: supR3HardNtViCallWinVerifyTrustCatFile: New context 000000000124c190
71017d8.1710: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000124c190
71117d8.1710: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8B20614B43CC15BF412F46E920338E687B9EB4BD
71217d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
71317d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
71417d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa164e0000 'C:\WINDOWS\System32\rpcrt4.dll'
71517d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
71617d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15980000 'C:\Windows\System32\WINTRUST.DLL'
71717d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
71817d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15980000 'C:\Windows\System32\WINTRUST.DLL'
71917d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
72017d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15980000 'C:\Windows\System32\WINTRUST.DLL'
72117d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
72217d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15980000 'C:\Windows\System32\WINTRUST.DLL'
72317d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
72417d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15980000 'C:\Windows\System32\WINTRUST.DLL'
72517d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
72617d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15980000 'C:\Windows\System32\WINTRUST.DLL'
72717d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
72817d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
72917d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15980000 'C:\Windows\System32\WINTRUST.DLL'
73017d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
73117d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
73217d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
73317d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
73417d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
73517d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15710000 'C:\WINDOWS\System32\crypt32.dll'
73617d8.1710: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1289_for_KB4034674~31bf3856ad364e35~amd64~~10.0.1.10.cat'; file='\SystemRoot\System32\ntdll.dll'
73717d8.1710: g_pfnWinVerifyTrust=00007ffa1598d3e0
73817d8.1710: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
73917d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
74017d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
74117d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
74217d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
74317d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
74417d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15710000 'C:\WINDOWS\System32\crypt32.dll'
74517d8.1710: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\crypt32.dll'
74617d8.1710: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
74717d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
74817d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
74917d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
75017d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15710000 'C:\WINDOWS\System32\crypt32.dll'
75117d8.1710: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\wintrust.dll'
75217d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
75317d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
75417d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
75517d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15710000 'C:\WINDOWS\System32\crypt32.dll'
75617d8.1710: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ntasn1.dll'
75717d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
75817d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
75917d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15710000 'C:\WINDOWS\System32\crypt32.dll'
76017d8.1710: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'
76117d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
76217d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
76317d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15710000 'C:\WINDOWS\System32\crypt32.dll'
76417d8.1710: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ncrypt.dll'
76517d8.1710: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000390 pwszName=\Device\HarddiskVolume3\Windows\System32\cryptnet.dll
76617d8.1710: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000124c190
76717d8.1710: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000124c190
76817d8.1710: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=30DAE41220776EDDC1F05DDBB10EE8379CC41546
76917d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
77017d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
77117d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15710000 'C:\WINDOWS\System32\crypt32.dll'
77217d8.1710: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-CoreSystem-onecore-Package~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\cryptnet.dll'
77317d8.1710: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
77417d8.1710: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptnet.dll'
77517d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
77617d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
77717d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15710000 'C:\WINDOWS\System32\crypt32.dll'
77817d8.1710: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\profapi.dll'
77917d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
78017d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
78117d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15710000 'C:\WINDOWS\System32\crypt32.dll'
78217d8.1710: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gpapi.dll'
78317d8.1710: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001f0 pwszName=\Device\HarddiskVolume3\Windows\System32\ngcrecovery.dll
78417d8.1710: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000124c190
78517d8.1710: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000124c190
78617d8.1710: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6FF31F66ACC1741364CE15D70DCEA891F87E6083
78717d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
78817d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
78917d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
79017d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
79117d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15710000 'C:\WINDOWS\System32\crypt32.dll'
79217d8.1710: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-Security-Ngc-Package~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\ngcrecovery.dll'
79317d8.1710: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
79417d8.1710: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ngcrecovery.dll'
79517d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
79617d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
79717d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15710000 'C:\WINDOWS\System32\crypt32.dll'
79817d8.1710: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imagehlp.dll'
79917d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
80017d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
80117d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
80217d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15710000 'C:\WINDOWS\System32\crypt32.dll'
80317d8.1710: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptbase.dll'
80417d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
80517d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
80617d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15710000 'C:\WINDOWS\System32\crypt32.dll'
80717d8.1710: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rsaenh.dll'
80817d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
80917d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15710000 'C:\WINDOWS\System32\crypt32.dll'
81017d8.1710: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptsp.dll'
81117d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
81217d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15710000 'C:\WINDOWS\System32\crypt32.dll'
81317d8.1710: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll'
81417d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
81517d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15710000 'C:\WINDOWS\System32\crypt32.dll'
81617d8.1710: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll'
81717d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
81817d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15710000 'C:\WINDOWS\System32\crypt32.dll'
81917d8.1710: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\advapi32.dll'
82017d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
82117d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15710000 'C:\WINDOWS\System32\crypt32.dll'
82217d8.1710: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\sechost.dll'
82317d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
82417d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15710000 'C:\WINDOWS\System32\crypt32.dll'
82517d8.1710: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ucrtbase.dll'
82617d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
82717d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15710000 'C:\WINDOWS\System32\crypt32.dll'
82817d8.1710: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll'
82917d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
83017d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15710000 'C:\WINDOWS\System32\crypt32.dll'
83117d8.1710: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msasn1.dll'
83217d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
83317d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15710000 'C:\WINDOWS\System32\crypt32.dll'
83417d8.1710: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll'
83517d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
83617d8.1710: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
83717d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
83817d8.1710: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe'
83917d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
84017d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15710000 'C:\WINDOWS\System32\crypt32.dll'
84117d8.1710: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\KernelBase.dll'
84217d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
84317d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15710000 'C:\WINDOWS\System32\crypt32.dll'
84417d8.1710: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\kernel32.dll'
84517d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15710000 'C:\WINDOWS\system32\crypt32.dll'
84617d8.1710: supR3HardenedWinIsDesiredRootCA: Adding 0xfad7fcdfd48da000 C=DE, O=ADVA Optical Networking, CN=ADVA Root Authority
84717d8.1710: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
84817d8.1710: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
84917d8.1710: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
85017d8.1710: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
85117d8.1710: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
85217d8.1710: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
85317d8.1710: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
85417d8.1710: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
85517d8.1710: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
85617d8.1710: supR3HardenedWinIsDesiredRootCA: Adding 0xfad7fcdfd48da000 C=DE, O=ADVA Optical Networking, CN=ADVA Root Authority
85717d8.1710: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
85817d8.1710: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
85917d8.1710: supR3HardenedWinIsDesiredRootCA: Adding 0x50bb81640c01cb00 C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Root Certification Authority
86017d8.1710: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
86117d8.1710: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
86217d8.1710: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
86317d8.1710: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
86417d8.1710: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
86517d8.1710: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
86617d8.1710: supR3HardenedWinIsDesiredRootCA: Adding 0x9403a4b8727eb000 C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Root Certification Authority
86717d8.1710: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
86817d8.1710: supR3HardenedWinIsDesiredRootCA: Adding 0x1591b8ac8dcabd00 C=CN, O=WoSign CA Limited, CN=Certification Authority of WoSign
86917d8.1710: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
87017d8.1710: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
87117d8.1710: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
87217d8.1710: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
87317d8.1710: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
87417d8.1710: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
87517d8.1710: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
87617d8.1710: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
87717d8.1710: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
87817d8.1710: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
87917d8.1710: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
88017d8.1710: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
88117d8.1710: supR3HardenedWinIsDesiredRootCA: Adding 0x16e64d2a56ccf200 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., OU=http://certificates.starfieldtech.com/repository/, CN=Starfield Services Root Certificate Authority
88217d8.1710: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
88317d8.1710: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
88417d8.1710: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
88517d8.1710: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
88617d8.1710: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
88717d8.1710: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
88817d8.1710: supR3HardenedWinIsDesiredRootCA: Adding 0xab549401526569d3 L=Internet, O=VeriSign, Inc., OU=VeriSign Commercial Software Publishers CA
88917d8.1710: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
89017d8.1710: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
89117d8.1710: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
89217d8.1710: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
89317d8.1710: supR3HardenedWinIsDesiredRootCA: Adding 0x319f46aae38f9600 C=DE, ST=UNIX, L=Berlin, O=ADVA Optical Networking SE, Email=root@advaoptical.com, CN=ADVA UNIX CA
89417d8.1710: supR3HardenedWinIsDesiredRootCA: Adding 0xfad7fcdfd48da000 C=DE, O=ADVA Optical Networking, CN=ADVA Root Authority
89517d8.1710: supR3HardenedWinIsDesiredRootCA: Adding 0x4d6770fec02dc400 C=DE, L=Munich, O=ADVA Optical Networking SE, OU=IT, CN=ADVA_PAN_Root-CA, Email=itsupport@advaoptical.com
89617d8.1710: supR3HardenedWinIsDesiredRootCA: Adding 0xfad7fcdfd48da000 C=DE, O=ADVA Optical Networking, CN=ADVA Root Authority
89717d8.1710: supR3HardenedWinIsDesiredRootCA: Adding 0xfad7fcdfd48da000 C=DE, O=ADVA Optical Networking, CN=ADVA Root Authority
89817d8.1710: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=52
89917d8.1710: SUPR3HardenedMain: Load Runtime...
90017d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
90117d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
90217d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
90317d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
90417d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
90517d8.1710: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
90617d8.1710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
90717d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
90817d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
90917d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
91017d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
91117d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
91217d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
91317d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
91417d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
91517d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
91617d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
91717d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15710000 'C:\WINDOWS\System32\crypt32.dll'
91817d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
91917d8.1710: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ws2_32.dll) WinVerifyTrust
92017d8.1710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
92117d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
92217d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
92317d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
92417d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
92517d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
92617d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
92717d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
92817d8.1710: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
92917d8.1710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
93017d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
93117d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
93217d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
93317d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
93417d8.1710: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
93517d8.1710: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll)
93617d8.1710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
93717d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
93817d8.1710: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
93917d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
94017d8.1710: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
94117d8.1710: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
94217d8.1710: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
94317d8.1710: supR3HardenedDllNotificationCallback: load 00000000708c0000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
94417d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
94517d8.1710: supR3HardenedDllNotificationCallback: load 00000000709a0000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
94617d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
94717d8.1710: supR3HardenedDllNotificationCallback: load 00007ffa183f0000 LB 0x0006c000 C:\WINDOWS\System32\WS2_32.dll [fFlags=0x0]
94817d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
94917d8.1710: supR3HardenedDllNotificationCallback: load 00007ff9f5370000 LB 0x0053f000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
95017d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
95117d8.1710: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
95217d8.1710: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
95317d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
95417d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
95517d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f5370000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
95617d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
95717d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
95817d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f5370000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
95917d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
96017d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
96117d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f5370000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
96217d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
96317d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
96417d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f5370000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
96517d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
96617d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
96717d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f5370000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
96817d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
96917d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
97017d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f5370000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
97117d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f5370000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
97217d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f5370000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
97317d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f5370000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
97417d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f5370000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
97517d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f5370000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
97617d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f5370000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
97717d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f5370000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
97817d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
97917d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
98017d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f5370000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
98117d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f5370000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
98217d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f5370000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
98317d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f5370000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
98417d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f5370000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
98517d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f5370000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
98617d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f5370000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
98717d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f5370000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
98817d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f5370000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
98917d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f5370000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
99017d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f5370000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
99117d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f5370000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
99217d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f5370000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
99317d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f5370000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
99417d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f5370000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
99517d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f5370000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
99617d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
99717d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
99817d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f5370000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
99917d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f5370000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
100017d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f5370000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
100117d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f5370000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
100217d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15980000 'C:\WINDOWS\system32\Wintrust.dll'
100317d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
100417d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15710000 'C:\WINDOWS\System32\crypt32.dll'
100517d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
100617d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15710000 'C:\WINDOWS\System32\crypt32.dll'
100717d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15710000 'C:\WINDOWS\system32\crypt32.dll'
100817d8.1710: SUPR3HardenedMain: Load TrustedMain...
100917d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
101017d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
101117d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
101217d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
101317d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
101417d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
101517d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5guivbox.dll'.
101617d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5widgetsvbox.dll'.
101717d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5printsupportvbox.dll'.
101817d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
101917d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
102017d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
102117d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
102217d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
102317d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
102417d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'.
102517d8.1710: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
102617d8.1710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.dll
102717d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
102817d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
102917d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
103017d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15710000 'C:\WINDOWS\System32\crypt32.dll'
103117d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
103217d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
103317d8.1710: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winmm.dll) WinVerifyTrust
103417d8.1710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winmm.dll
103517d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
103617d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
103717d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
103817d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
103917d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
104017d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
104117d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
104217d8.1710: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'.
104317d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
104417d8.1710: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winmmbase.dll)
104517d8.1710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winmmbase.dll
104617d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
104717d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
104817d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
104917d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
105017d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15710000 'C:\WINDOWS\System32\crypt32.dll'
105117d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
105217d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
105317d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
105417d8.1710: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\oleaut32.dll) WinVerifyTrust
105517d8.1710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
105617d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
105717d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
105817d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
105917d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
106017d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
106117d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
106217d8.1710: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
106317d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
106417d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'bcryptprimitives.dll'.
106517d8.1710: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\combase.dll)
106617d8.1710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\combase.dll
106717d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
106817d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
106917d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
107017d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
107117d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
107217d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
107317d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
107417d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
107517d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
107617d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15710000 'C:\WINDOWS\System32\crypt32.dll'
107717d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'rpcrt4.dll'.
107817d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'gdi32.dll'.
107917d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'user32.dll'.
108017d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'combase.dll'.
108117d8.1710: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ole32.dll) WinVerifyTrust
108217d8.1710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ole32.dll
108317d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
108417d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
108517d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
108617d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
108717d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [lacks WinVerifyTrust]
108817d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
108917d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
109017d8.1710: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
109117d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
109217d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'gdi32.dll'.
109317d8.1710: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\user32.dll)
109417d8.1710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\user32.dll
109517d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
109617d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
109717d8.1710: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
109817d8.1710: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32.dll)
109917d8.1710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32.dll
110017d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
110117d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
110217d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
110317d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
110417d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
110517d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
110617d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
110717d8.1710: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
110817d8.1710: '\Device\HarddiskVolume3\Windows\System32\win32u.dll' has no imports
110917d8.1710: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\win32u.dll)
111017d8.1710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\win32u.dll
111117d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
111217d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15710000 'C:\WINDOWS\System32\crypt32.dll'
111317d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
111417d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #67 'user32.dll'.
111517d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #69 'gdi32.dll'.
111617d8.1710: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shell32.dll) WinVerifyTrust
111717d8.1710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shell32.dll
111817d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
111917d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
112017d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
112117d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
112217d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
112317d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [redoing WinVerifyTrust]
112417d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
112517d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
112617d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
112717d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
112817d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
112917d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
113017d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
113117d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
113217d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
113317d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
113417d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15710000 'C:\WINDOWS\System32\crypt32.dll'
113517d8.1710: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\user32.dll'
113617d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
113717d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
113817d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
113917d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
114017d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
114117d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
114217d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
114317d8.1710: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
114417d8.1710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
114517d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5printsupportvbox.dll'...
114617d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5printsupportvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5printsupportvbox.dll' [rcNtRedir=0xc0150008]
114717d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
114817d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
114917d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
115017d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
115117d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
115217d8.1710: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'.
115317d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
115417d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
115517d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
115617d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
115717d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
115817d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
115917d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
116017d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
116117d8.1710: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll)
116217d8.1710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
116317d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
116417d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
116517d8.1710: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'.
116617d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
116717d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
116817d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
116917d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
117017d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
117117d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
117217d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
117317d8.1710: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll)
117417d8.1710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
117517d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
117617d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
117717d8.1710: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
117817d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
117917d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
118017d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
118117d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
118217d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
118317d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
118417d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
118517d8.1710: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll)
118617d8.1710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
118717d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
118817d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
118917d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
119017d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
119117d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
119217d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
119317d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
119417d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
119517d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
119617d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
119717d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
119817d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
119917d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
120017d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
120117d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
120217d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
120317d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
120417d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
120517d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
120617d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
120717d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
120817d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
120917d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
121017d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
121117d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
121217d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
121317d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
121417d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
121517d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
121617d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
121717d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
121817d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
121917d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
122017d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
122117d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
122217d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
122317d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
122417d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
122517d8.1710: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\opengl32.dll'.
122617d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
122717d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
122817d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
122917d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
123017d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'glu32.dll'.
123117d8.1710: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\opengl32.dll)
123217d8.1710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\opengl32.dll
123317d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
123417d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
123517d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
123617d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
123717d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
123817d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
123917d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
124017d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
124117d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
124217d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
124317d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
124417d8.1710: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
124517d8.1710: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\mpr.dll)
124617d8.1710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\mpr.dll
124717d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
124817d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
124917d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
125017d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
125117d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
125217d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
125317d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
125417d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
125517d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
125617d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
125717d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
125817d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
125917d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
126017d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
126117d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
126217d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
126317d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
126417d8.1710: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
126517d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
126617d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
126717d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'opengl32.dll'.
126817d8.1710: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\glu32.dll)
126917d8.1710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\glu32.dll
127017d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
127117d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
127217d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
127317d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
127417d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
127517d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
127617d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
127717d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
127817d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
127917d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
128017d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
128117d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
128217d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
128317d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
128417d8.1710: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
128517d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
128617d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
128717d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
128817d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
128917d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
129017d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
129117d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
129217d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
129317d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5widgetsvbox.dll'.
129417d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
129517d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
129617d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
129717d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'comdlg32.dll'.
129817d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcr100.dll'.
129917d8.1710: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll) WinVerifyTrust
130017d8.1710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
130117d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
130217d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
130317d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [redoing WinVerifyTrust]
130417d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
130517d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
130617d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
130717d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
130817d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume3\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
130917d8.1710: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\comdlg32.dll'.
131017d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
131117d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'user32.dll'.
131217d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'shlwapi.dll'.
131317d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
131417d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'comctl32.dll'.
131517d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'shell32.dll'.
131617d8.1710: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\comdlg32.dll)
131717d8.1710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\comdlg32.dll
131817d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
131917d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume3\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
132017d8.1710: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\winspool.drv'.
132117d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
132217d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'bcrypt.dll'.
132317d8.1710: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\winspool.drv)
132417d8.1710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winspool.drv
132517d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
132617d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
132717d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
132817d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
132917d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
133017d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
133117d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
133217d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
133317d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust]
133417d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
133517d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
133617d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
133717d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
133817d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
133917d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
134017d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
134117d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
134217d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
134317d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
134417d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
134517d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
134617d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
134717d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
134817d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
134917d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
135017d8.1710: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\comctl32.dll'.
135117d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
135217d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
135317d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
135417d8.1710: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\comctl32.dll)
135517d8.1710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\comctl32.dll
135617d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
135717d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
135817d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
135917d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
136017d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
136117d8.1710: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'.
136217d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
136317d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'gdi32.dll'.
136417d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'user32.dll'.
136517d8.1710: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shlwapi.dll)
136617d8.1710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
136717d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
136817d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
136917d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
137017d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
137117d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
137217d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
137317d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
137417d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
137517d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
137617d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
137717d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
137817d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
137917d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
138017d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
138117d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
138217d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
138317d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
138417d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
138517d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
138617d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
138717d8.1710: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'
138817d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
138917d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
139017d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust]
139117d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
139217d8.1710: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'
139317d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
139417d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
139517d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust]
139617d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
139717d8.1710: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'
139817d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
139917d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
140017d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [redoing WinVerifyTrust]
140117d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
140217d8.1710: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'
140317d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
140417d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
140517d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
140617d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
140717d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
140817d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
140917d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
141017d8.1710: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
141117d8.1710: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004c8 pwszName=\Device\HarddiskVolume3\Windows\System32\opengl32.dll
141217d8.1710: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000124c190
141317d8.1710: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000124c190
141417d8.1710: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3C84CAE716539BA897604EBDDBAB05F52E4868A0
141517d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
141617d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15710000 'C:\WINDOWS\System32\crypt32.dll'
141717d8.1710: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecoreuap~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\opengl32.dll'
141817d8.1710: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
141917d8.1710: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\opengl32.dll'
142017d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
142117d8.1710: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.dll
142217d8.1710: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
142317d8.1710: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
142417d8.1710: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
142517d8.1710: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
142617d8.1710: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
142717d8.1710: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
142817d8.1710: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
142917d8.1710: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
143017d8.1710: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
143117d8.1710: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
143217d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
143317d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
143417d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
143517d8.1710: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_0e0f5dcc67adff4e\comctl32.dll)
143617d8.1710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_0e0f5dcc67adff4e\comctl32.dll
143717d8.1710: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
143817d8.1710: supR3HardenedDllNotificationCallback: load 00007ffa15c90000 LB 0x0001e000 C:\WINDOWS\System32\win32u.dll [fFlags=0x0]
143917d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [avoiding WinVerifyTrust]
144017d8.1710: supR3HardenedDllNotificationCallback: load 00007ffa158e0000 LB 0x0009a000 C:\WINDOWS\System32\msvcp_win.dll [fFlags=0x0]
144117d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
144217d8.1710: supR3HardenedDllNotificationCallback: load 00007ffa159e0000 LB 0x00188000 C:\WINDOWS\System32\gdi32full.dll [fFlags=0x0]
144317d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
144417d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'gdi32.dll'.
144517d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'user32.dll'.
144617d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'win32u.dll'.
144717d8.1710: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32full.dll)
144817d8.1710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32full.dll
144917d8.1710: supR3HardenedDllNotificationCallback: load 00007ffa16290000 LB 0x00027000 C:\WINDOWS\System32\GDI32.dll [fFlags=0x0]
145017d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [avoiding WinVerifyTrust]
145117d8.1710: supR3HardenedDllNotificationCallback: load 00007ffa189e0000 LB 0x0014a000 C:\WINDOWS\System32\USER32.dll [fFlags=0x0]
145217d8.1710: supR3HardenedDllNotificationCallback: load 00007ff9fe580000 LB 0x0002c000 C:\WINDOWS\SYSTEM32\GLU32.dll [fFlags=0x0]
145317d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
145417d8.1710: supR3HardenedDllNotificationCallback: load 00007ff9fe5b0000 LB 0x00121000 C:\WINDOWS\SYSTEM32\OPENGL32.dll [fFlags=0x0]
145517d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
145617d8.1710: supR3HardenedDllNotificationCallback: load 00007ffa15cb0000 LB 0x00049000 C:\WINDOWS\System32\cfgmgr32.dll [fFlags=0x0]
145717d8.1710: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll)
145817d8.1710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
145917d8.1710: supR3HardenedDllNotificationCallback: load 00007ffa15f30000 LB 0x002f9000 C:\WINDOWS\System32\combase.dll [fFlags=0x0]
146017d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [avoiding WinVerifyTrust]
146117d8.1710: supR3HardenedDllNotificationCallback: load 00007ffa16890000 LB 0x000aa000 C:\WINDOWS\System32\shcore.dll [fFlags=0x0]
146217d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
146317d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'rpcrt4.dll'.
146417d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'combase.dll'.
146517d8.1710: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\SHCore.dll)
146617d8.1710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\SHCore.dll
146717d8.1710: supR3HardenedDllNotificationCallback: load 00007ffa16610000 LB 0x00051000 C:\WINDOWS\System32\shlwapi.dll [fFlags=0x0]
146817d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll [avoiding WinVerifyTrust]
146917d8.1710: supR3HardenedDllNotificationCallback: load 00007ffa14ff0000 LB 0x00011000 C:\WINDOWS\System32\kernel.appcore.dll [fFlags=0x0]
147017d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'.
147117d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
147217d8.1710: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll)
147317d8.1710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll
147417d8.1710: supR3HardenedDllNotificationCallback: load 00007ffa14f60000 LB 0x0004c000 C:\WINDOWS\System32\powrprof.dll [fFlags=0x0]
147517d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
147617d8.1710: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\powrprof.dll)
147717d8.1710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\powrprof.dll
147817d8.1710: supR3HardenedDllNotificationCallback: load 00007ffa15010000 LB 0x006f3000 C:\WINDOWS\System32\windows.storage.dll [fFlags=0x0]
147917d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
148017d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
148117d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #50 'combase.dll'.
148217d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #63 'profapi.dll'.
148317d8.1710: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\windows.storage.dll)
148417d8.1710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\windows.storage.dll
148517d8.1710: supR3HardenedDllNotificationCallback: load 00007ffa16d80000 LB 0x01437000 C:\WINDOWS\System32\SHELL32.dll [fFlags=0x0]
148617d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
148717d8.1710: supR3HardenedDllNotificationCallback: load 00007ffa162d0000 LB 0x00145000 C:\WINDOWS\System32\ole32.dll [fFlags=0x0]
148817d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
148917d8.1710: supR3HardenedDllNotificationCallback: load 00007ff9f3060000 LB 0x0001b000 C:\WINDOWS\SYSTEM32\MPR.dll [fFlags=0x0]
149017d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
149117d8.1710: supR3HardenedDllNotificationCallback: load 0000000070050000 LB 0x00565000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
149217d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
149317d8.1710: supR3HardenedDllNotificationCallback: load 00007ff9f4d70000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
149417d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
149517d8.1710: supR3HardenedDllNotificationCallback: load 000000006efe0000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
149617d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
149717d8.1710: supR3HardenedDllNotificationCallback: load 00007ffa0e630000 LB 0x0008a000 C:\WINDOWS\SYSTEM32\WINSPOOL.DRV [fFlags=0x0]
149817d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
149917d8.1710: supR3HardenedDllNotificationCallback: load 00007ffa0b3d0000 LB 0x000a6000 C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_0e0f5dcc67adff4e\COMCTL32.dll [fFlags=0x0]
150017d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_0e0f5dcc67adff4e\comctl32.dll [avoiding WinVerifyTrust]
150117d8.1710: supR3HardenedDllNotificationCallback: load 00007ffa182e0000 LB 0x00108000 C:\WINDOWS\System32\COMDLG32.dll [fFlags=0x0]
150217d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\comdlg32.dll [avoiding WinVerifyTrust]
150317d8.1710: supR3HardenedDllNotificationCallback: load 00007ffa0bed0000 LB 0x00051000 C:\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll [fFlags=0x0]
150417d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
150517d8.1710: supR3HardenedDllNotificationCallback: load 000000006fff0000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
150617d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
150717d8.1710: supR3HardenedDllNotificationCallback: load 00007ffa18220000 LB 0x000c0000 C:\WINDOWS\System32\OLEAUT32.dll [fFlags=0x0]
150817d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
150917d8.1710: supR3HardenedDllNotificationCallback: load 00007ffa13080000 LB 0x0002b000 C:\WINDOWS\SYSTEM32\WINMMBASE.dll [fFlags=0x0]
151017d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
151117d8.1710: supR3HardenedDllNotificationCallback: load 00007ffa130b0000 LB 0x00023000 C:\WINDOWS\SYSTEM32\WINMM.dll [fFlags=0x0]
151217d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
151317d8.1710: supR3HardenedDllNotificationCallback: load 00007ff9bb4e0000 LB 0x008eb000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
151417d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.dll
151517d8.1710: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'.
151617d8.1710: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' [rescheduled]
151717d8.1710: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'.
151817d8.1710: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled]
151917d8.1710: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'.
152017d8.1710: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll' [rescheduled]
152117d8.1710: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'.
152217d8.1710: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' [rescheduled]
152317d8.1710: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'.
152417d8.1710: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rescheduled]
152517d8.1710: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
152617d8.1710: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
152717d8.1710: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_0e0f5dcc67adff4e\comctl32.dll'.
152817d8.1710: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_0e0f5dcc67adff4e\comctl32.dll' [rescheduled]
152917d8.1710: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'.
153017d8.1710: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rescheduled]
153117d8.1710: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\comctl32.dll'.
153217d8.1710: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\comctl32.dll' [rescheduled]
153317d8.1710: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\winspool.drv'.
153417d8.1710: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winspool.drv' [rescheduled]
153517d8.1710: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\comdlg32.dll'.
153617d8.1710: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\comdlg32.dll' [rescheduled]
153717d8.1710: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
153817d8.1710: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
153917d8.1710: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
154017d8.1710: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
154117d8.1710: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
154217d8.1710: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
154317d8.1710: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
154417d8.1710: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
154517d8.1710: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
154617d8.1710: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
154717d8.1710: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'.
154817d8.1710: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled]
154917d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
155017d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
155117d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
155217d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\profapi.dll
155317d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
155417d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
155517d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [redoing WinVerifyTrust]
155617d8.1710: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
155717d8.1710: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\combase.dll
155817d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
155917d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
156017d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
156117d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
156217d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
156317d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
156417d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
156517d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
156617d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
156717d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
156817d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
156917d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
157017d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [redoing WinVerifyTrust]
157117d8.1710: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
157217d8.1710: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\combase.dll
157317d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
157417d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
157517d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
157617d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
157717d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
157817d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
157917d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [redoing WinVerifyTrust]
158017d8.1710: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
158117d8.1710: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\win32u.dll
158217d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
158317d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
158417d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
158517d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
158617d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
158717d8.1710: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
158817d8.1710: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\gdi32.dll
158917d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
159017d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
159117d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
159217d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
159317d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
159417d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
159517d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
159617d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
159717d8.1710: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
159817d8.1710: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\gdi32.dll
159917d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
160017d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
160117d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
160217d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
160317d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18930000 'C:\WINDOWS\System32\kernel32.dll'
160417d8.1710: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
160517d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
160617d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa186e0000 'api-ms-win-core-string-l1-1-0'
160717d8.1710: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
160817d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
160917d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa186e0000 'api-ms-win-core-datetime-l1-1-1'
161017d8.1710: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
161117d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
161217d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa186e0000 'api-ms-win-core-localization-obsolete-l1-2-0'
161317d8.1710: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
161417d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
161517d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'win32u.dll'.
161617d8.1710: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\imm32.dll)
161717d8.1710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imm32.dll
161817d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
161917d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
162017d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [redoing WinVerifyTrust]
162117d8.1710: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
162217d8.1710: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\win32u.dll
162317d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
162417d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
162517d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
162617d8.1710: supR3HardenedDllNotificationCallback: load 00007ffa164b0000 LB 0x0002d000 C:\WINDOWS\System32\IMM32.DLL [fFlags=0x0]
162717d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
162817d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa164b0000 'C:\WINDOWS\system32\IMM32.DLL'
162917d8.1710: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
163017d8.1710: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rescheduled]
163117d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [redoing WinVerifyTrust]
163217d8.1710: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
163317d8.1710: supR3HardenedScreenImage/LdrLoadDll: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\imm32.dll
163417d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
163517d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa164b0000 'C:\WINDOWS\System32\imm32.dll'
163617d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
163717d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
163817d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15e80000 'C:\WINDOWS\System32\ADVAPI32.DLL'
163917d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9bb4e0000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
164017d8.1710: SUPR3HardenedMain: Calling TrustedMain (00007ff9bb4e1610)...
164117d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
164217d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
164317d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
164417d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
164517d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
164617d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
164717d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
164817d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
164917d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
165017d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
165117d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
165217d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
165317d8.1710: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
165417d8.1710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
165517d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
165617d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
165717d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
165817d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
165917d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
166017d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
166117d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
166217d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
166317d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
166417d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
166517d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
166617d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
166717d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
166817d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
166917d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
167017d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
167117d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
167217d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
167317d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
167417d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
167517d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
167617d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
167717d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [redoing WinVerifyTrust]
167817d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
167917d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15710000 'C:\WINDOWS\System32\crypt32.dll'
168017d8.1710: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll'
168117d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
168217d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
168317d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
168417d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
168517d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
168617d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
168717d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
168817d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
168917d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
169017d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
169117d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15710000 'C:\WINDOWS\System32\crypt32.dll'
169217d8.1710: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'
169317d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
169417d8.1710: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
169517d8.1710: supR3HardenedDllNotificationCallback: load 00007ffa050f0000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
169617d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
169717d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa050f0000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
169817d8.1710: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000006ac pwszName=\Device\HarddiskVolume3\Windows\System32\uxtheme.dll
169917d8.1710: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000124c190
170017d8.1710: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000124c190
170117d8.1710: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B531FF2B0DDEF1474B5898F2B0278778FD6901AD
170217d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
170317d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15710000 'C:\WINDOWS\System32\crypt32.dll'
170417d8.1710: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-shell~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\uxtheme.dll'
170517d8.1710: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
170617d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
170717d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'gdi32.dll'.
170817d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'user32.dll'.
170917d8.1710: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\uxtheme.dll) WinVerifyTrust
171017d8.1710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
171117d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
171217d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
171317d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
171417d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
171517d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
171617d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
171717d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
171817d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
171917d8.1710: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
172017d8.1710: supR3HardenedDllNotificationCallback: load 00007ffa13390000 LB 0x00095000 C:\WINDOWS\system32\uxtheme.dll [fFlags=0x0]
172117d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
172217d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa13390000 'C:\WINDOWS\system32\uxtheme.dll'
172317d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa189e0000 'C:\WINDOWS\system32\user32.dll'
172417d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
172517d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
172617d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa16d80000 'C:\WINDOWS\system32\shell32.dll'
172717d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll [redoing WinVerifyTrust]
172817d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
172917d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15710000 'C:\WINDOWS\System32\crypt32.dll'
173017d8.1710: supR3HardenedScreenImage/LdrLoadDll: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'
173117d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\SHCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
173217d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa16890000 'C:\WINDOWS\system32\SHCore.dll'
173317d8.1710: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll; rcNtGetDll=0x0
173417d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\system32\wintab32.dll'
173517d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
173617d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'win32u.dll'.
173717d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'user32.dll'.
173817d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'gdi32.dll'.
173917d8.1710: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dwmapi.dll)
174017d8.1710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dwmapi.dll
174117d8.1710: supR3HardenedDllNotificationCallback: load 00007ffa13020000 LB 0x0002a000 C:\WINDOWS\system32\dwmapi.dll [fFlags=0x0]
174217d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
174317d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
174417d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
174517d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
174617d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
174717d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
174817d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
174917d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
175017d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
175117d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
175217d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
175317d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15710000 'C:\WINDOWS\System32\crypt32.dll'
175417d8.1710: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dwmapi.dll'
175517d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
175617d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
175717d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa130b0000 'C:\WINDOWS\system32\winmm.dll'
175817d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
175917d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
176017d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa130b0000 'C:\WINDOWS\system32\winmm.dll'
176117d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
176217d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
176317d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa16d80000 'C:\WINDOWS\system32\shell32.dll'
176417d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
176517d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
176617d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa13390000 'C:\WINDOWS\system32\uxtheme.dll'
176717d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
176817d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
176917d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15e80000 'C:\WINDOWS\system32\advapi32.dll'
177017d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
177117d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15710000 'C:\WINDOWS\System32\crypt32.dll'
177217d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
177317d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'profapi.dll'.
177417d8.1710: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\userenv.dll) WinVerifyTrust
177517d8.1710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\userenv.dll
177617d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
177717d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
177817d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\profapi.dll
177917d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
178017d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
178117d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
178217d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
178317d8.1710: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll
178417d8.1710: supR3HardenedDllNotificationCallback: load 00007ffa14e60000 LB 0x00029000 C:\WINDOWS\system32\userenv.dll [fFlags=0x0]
178517d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll
178617d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14e60000 'C:\WINDOWS\system32\userenv.dll'
178717d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
178817d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
178917d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18930000 'C:\WINDOWS\System32\kernel32.dll'
179017d8.1710: supR3HardenedDllNotificationCallback: load 00007ffa167e0000 LB 0x0009e000 C:\WINDOWS\System32\clbcatq.dll [fFlags=0x0]
179117d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
179217d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
179317d8.1710: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\clbcatq.dll)
179417d8.1710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\clbcatq.dll
179517d8.9dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
179617d8.9dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
179717d8.9dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
179817d8.9dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
179917d8.9dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
180017d8.9dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15710000 'C:\WINDOWS\System32\crypt32.dll'
180117d8.9dc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\clbcatq.dll'
180217d8.9dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
180317d8.9dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
180417d8.9dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
180517d8.9dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
180617d8.9dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
180717d8.9dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
180817d8.9dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
180917d8.9dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
181017d8.9dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
181117d8.9dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
181217d8.9dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
181317d8.9dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
181417d8.9dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
181517d8.9dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
181617d8.9dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
181717d8.9dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
181817d8.9dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
181917d8.9dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
182017d8.9dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
182117d8.9dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
182217d8.9dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
182317d8.9dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
182417d8.9dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
182517d8.9dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
182617d8.9dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
182717d8.9dc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
182817d8.9dc: supR3HardenedDllNotificationCallback: load 00007ff9d8230000 LB 0x004f7000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
182917d8.9dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
183017d8.9dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9d8230000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
183117d8.9dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
183217d8.9dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
183317d8.9dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
183417d8.9dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
183517d8.9dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
183617d8.9dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
183717d8.9dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
183817d8.9dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
183917d8.9dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
184017d8.9dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
184117d8.9dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
184217d8.9dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
184317d8.9dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
184417d8.9dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
184517d8.9dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
184617d8.9dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
184717d8.9dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
184817d8.9dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
184917d8.9dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
185017d8.9dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
185117d8.9dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll [redoing WinVerifyTrust]
185217d8.9dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
185317d8.9dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15710000 'C:\WINDOWS\System32\crypt32.dll'
185417d8.9dc: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'
185517d8.9dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
185617d8.9dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
185717d8.9dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
185817d8.9dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
185917d8.9dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
186017d8.9dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
186117d8.9dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
186217d8.9dc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
186317d8.9dc: supR3HardenedDllNotificationCallback: load 00007ffa05030000 LB 0x000b5000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
186417d8.9dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
186517d8.9dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa05030000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
186617d8.9dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
186717d8.9dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
186817d8.9dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18220000 'C:\Windows\System32\oleaut32.dll'
186917d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll
187017d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\gdi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
187117d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa16290000 'C:\WINDOWS\system32\gdi32.dll'
187217d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
187317d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
187417d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa16d80000 'C:\WINDOWS\system32\shell32.dll'
187517d8.1710: supR3HardenedDllNotificationCallback: load 00007ffa16670000 LB 0x00166000 C:\WINDOWS\System32\MSCTF.dll [fFlags=0x0]
187617d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
187717d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'oleaut32.dll'.
187817d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'user32.dll'.
187917d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'gdi32.dll'.
188017d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'imm32.dll'.
188117d8.1710: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msctf.dll)
188217d8.1710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msctf.dll
188317d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
188417d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
188517d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll
188617d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
188717d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
188817d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
188917d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
189017d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
189117d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
189217d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
189317d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
189417d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
189517d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
189617d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15710000 'C:\WINDOWS\System32\crypt32.dll'
189717d8.1710: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msctf.dll'
189817d8.1710: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009c4 pwszName=\Device\HarddiskVolume3\Windows\System32\DataExchange.dll
189917d8.1710: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000124c190
190017d8.1710: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000124c190
190117d8.1710: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=61683FE342024A9B1FED0572E599EB6BBE8FAFAD
190217d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
190317d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15710000 'C:\WINDOWS\System32\crypt32.dll'
190417d8.1710: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecoreuap~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\DataExchange.dll'
190517d8.1710: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
190617d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
190717d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shcore.dll'.
190817d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'combase.dll'.
190917d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'd3d11.dll'.
191017d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'dcomp.dll'.
191117d8.1710: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\DataExchange.dll) WinVerifyTrust
191217d8.1710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\DataExchange.dll
191317d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'...
191417d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume3\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008]
191517d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
191617d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15710000 'C:\WINDOWS\System32\crypt32.dll'
191717d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
191817d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
191917d8.1710: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dcomp.dll) WinVerifyTrust
192017d8.1710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dcomp.dll
192117d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
192217d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume3\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
192317d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
192417d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
192517d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
192617d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
192717d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
192817d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
192917d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
193017d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
193117d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15710000 'C:\WINDOWS\System32\crypt32.dll'
193217d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
193317d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'dxgi.dll'.
193417d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'win32u.dll'.
193517d8.1710: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\d3d11.dll) WinVerifyTrust
193617d8.1710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\d3d11.dll
193717d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
193817d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
193917d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [redoing WinVerifyTrust]
194017d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
194117d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
194217d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
194317d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
194417d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume3\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
194517d8.1710: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\dxgi.dll'.
194617d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
194717d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'win32u.dll'.
194817d8.1710: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dxgi.dll)
194917d8.1710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dxgi.dll
195017d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
195117d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
195217d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
195317d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
195417d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
195517d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
195617d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
195717d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
195817d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15710000 'C:\WINDOWS\System32\crypt32.dll'
195917d8.1710: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\combase.dll'
196017d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
196117d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume3\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
196217d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll
196317d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
196417d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
196517d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
196617d8.1710: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DataExchange.dll
196717d8.1710: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d11.dll
196817d8.1710: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dcomp.dll
196917d8.1710: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
197017d8.1710: supR3HardenedDllNotificationCallback: load 00007ffa139e0000 LB 0x000a4000 C:\WINDOWS\system32\dxgi.dll [fFlags=0x0]
197117d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
197217d8.1710: supR3HardenedDllNotificationCallback: load 00007ffa11c20000 LB 0x002df000 C:\WINDOWS\system32\d3d11.dll [fFlags=0x0]
197317d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d11.dll
197417d8.1710: supR3HardenedDllNotificationCallback: load 00007ffa12600000 LB 0x00122000 C:\WINDOWS\system32\dcomp.dll [fFlags=0x0]
197517d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dcomp.dll
197617d8.1710: supR3HardenedDllNotificationCallback: load 00007ff9e4530000 LB 0x00047000 C:\WINDOWS\system32\dataexchange.dll [fFlags=0x0]
197717d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DataExchange.dll
197817d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9e4530000 'C:\WINDOWS\system32\dataexchange.dll'
197917d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
198017d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15710000 'C:\WINDOWS\System32\crypt32.dll'
198117d8.1710: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dxgi.dll'
198217d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
198317d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
198417d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'bcrypt.dll'.
198517d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'combase.dll'.
198617d8.1710: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll)
198717d8.1710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll
198817d8.1710: supR3HardenedDllNotificationCallback: load 00007ffa135b0000 LB 0x00170000 C:\WINDOWS\system32\twinapi.appcore.dll [fFlags=0x0]
198917d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust]
199017d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
199117d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'coreuicomponents.dll'.
199217d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'coremessaging.dll'.
199317d8.1710: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll)
199417d8.1710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll
199517d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
199617d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'coremessaging.dll'.
199717d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'shcore.dll'.
199817d8.1710: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll)
199917d8.1710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll
200017d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
200117d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'.
200217d8.1710: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll)
200317d8.1710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll
200417d8.1710: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntmarta.dll)
200517d8.1710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntmarta.dll
200617d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'combase.dll'.
200717d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
200817d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'bcryptprimitives.dll'.
200917d8.1710: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\WinTypes.dll)
201017d8.1710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\WinTypes.dll
201117d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
201217d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
201317d8.1710: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\usermgrcli.dll)
201417d8.1710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\usermgrcli.dll
201517d8.1710: supR3HardenedDllNotificationCallback: load 00007ffa13f50000 LB 0x00031000 C:\WINDOWS\SYSTEM32\ntmarta.dll [fFlags=0x0]
201617d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntmarta.dll [avoiding WinVerifyTrust]
201717d8.1710: supR3HardenedDllNotificationCallback: load 00007ffa124b0000 LB 0x000e3000 C:\WINDOWS\System32\CoreMessaging.dll [fFlags=0x0]
201817d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [avoiding WinVerifyTrust]
201917d8.1710: supR3HardenedDllNotificationCallback: load 00007ffa11020000 LB 0x00139000 C:\WINDOWS\SYSTEM32\wintypes.dll [fFlags=0x0]
202017d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust]
202117d8.1710: supR3HardenedDllNotificationCallback: load 00007ffa116f0000 LB 0x00015000 C:\WINDOWS\SYSTEM32\usermgrcli.dll [fFlags=0x0]
202217d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\usermgrcli.dll [avoiding WinVerifyTrust]
202317d8.1710: supR3HardenedDllNotificationCallback: load 00007ffa0e350000 LB 0x002d2000 C:\WINDOWS\System32\CoreUIComponents.dll [fFlags=0x0]
202417d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll [avoiding WinVerifyTrust]
202517d8.1710: supR3HardenedDllNotificationCallback: load 00007ffa0ab10000 LB 0x00082000 C:\WINDOWS\System32\TextInputFramework.dll [fFlags=0x0]
202617d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll [avoiding WinVerifyTrust]
202717d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
202817d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
202917d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
203017d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
203117d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
203217d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
203317d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
203417d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
203517d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
203617d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
203717d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
203817d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll
203917d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
204017d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
204117d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
204217d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
204317d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
204417d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume3\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
204517d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll
204617d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
204717d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume3\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
204817d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
204917d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
205017d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
205117d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
205217d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume3\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
205317d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
205417d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coreuicomponents.dll'...
205517d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'coreuicomponents.dll' -> '\Device\HarddiskVolume3\Windows\System32\coreuicomponents.dll' [rcNtRedir=0xc0150008]
205617d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll [lacks WinVerifyTrust]
205717d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
205817d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
205917d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
206017d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
206117d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll
206217d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
206317d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
206417d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
206517d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
206617d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
206717d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
206817d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
206917d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
207017d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15710000 'C:\WINDOWS\System32\crypt32.dll'
207117d8.1710: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\usermgrcli.dll'
207217d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
207317d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15710000 'C:\WINDOWS\System32\crypt32.dll'
207417d8.1710: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\WinTypes.dll'
207517d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
207617d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15710000 'C:\WINDOWS\System32\crypt32.dll'
207717d8.1710: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ntmarta.dll'
207817d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
207917d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15710000 'C:\WINDOWS\System32\crypt32.dll'
208017d8.1710: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll'
208117d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
208217d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15710000 'C:\WINDOWS\System32\crypt32.dll'
208317d8.1710: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll'
208417d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
208517d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15710000 'C:\WINDOWS\System32\crypt32.dll'
208617d8.1710: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll'
208717d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
208817d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15710000 'C:\WINDOWS\System32\crypt32.dll'
208917d8.1710: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll'
209017d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
209117d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\OLEAUT32.DLL (Input=OLEAUT32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
209217d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18220000 'C:\WINDOWS\System32\OLEAUT32.DLL'
209317d8.1710: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll) -> 0x0, fPresent=1
209417d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
209517d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa189e0000 'ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll'
209617d8.1710: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll) -> 0x0, fPresent=1
209717d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
209817d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa189e0000 'ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll'
209917d8.1710: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\System32\secruntime.dll': 0 (NtPath=\??\C:\WINDOWS\System32\secruntime.dll; Input=secruntime.dll; rcNtGetDll=0xc0000135
210017d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\System32\secruntime.dll'
210117d8.1710: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-com-l1-1-1.dll) -> 0x0, fPresent=1
210217d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-com-l1-1-1.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
210317d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15f30000 'api-ms-win-core-com-l1-1-1.dll'
210417d8.1710: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\System32\secruntime.dll': 0 (NtPath=\??\C:\WINDOWS\System32\secruntime.dll; Input=secruntime.dll; rcNtGetDll=0xc0000135
210517d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\System32\secruntime.dll'
210617d8.1710: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\System32\secruntime.dll': 0 (NtPath=\??\C:\WINDOWS\System32\secruntime.dll; Input=secruntime.dll; rcNtGetDll=0xc0000135
210717d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\System32\secruntime.dll'
210817d8.1710: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\System32\secruntime.dll': 0 (NtPath=\??\C:\WINDOWS\System32\secruntime.dll; Input=secruntime.dll; rcNtGetDll=0xc0000135
210917d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\System32\secruntime.dll'
211017d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msctf.dll
211117d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
211217d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa16670000 'C:\WINDOWS\System32\MSCTF.dll'
211317d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
211417d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
211517d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa162d0000 'C:\WINDOWS\System32\ole32.dll'
211617d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
211717d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
211817d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa18220000 'C:\WINDOWS\System32\OLEAUT32.dll'
211917d8.1710: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000aac pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
212017d8.1710: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000124c190
212117d8.1710: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000124c190
212217d8.1710: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C153C1EEAC2C5A257F8D6DAC54A4EBBA9125F07E
212317d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
212417d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15710000 'C:\WINDOWS\System32\crypt32.dll'
212517d8.1710: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecore~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll'
212617d8.1710: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
212717d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
212817d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
212917d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
213017d8.1710: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
213117d8.1710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
213217d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
213317d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
213417d8.1710: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ab0 pwszName=\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
213517d8.1710: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000124c190
213617d8.1710: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000124c190
213717d8.1710: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5C2FDDA9E0EDB4F1E87D406924BA16734871BCEF
213817d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
213917d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
214017d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
214117d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15710000 'C:\WINDOWS\System32\crypt32.dll'
214217d8.1710: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecore~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll'
214317d8.1710: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
214417d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
214517d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'bcrypt.dll'.
214617d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'ws2_32.dll'.
214717d8.1710: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll) WinVerifyTrust
214817d8.1710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
214917d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
215017d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
215117d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
215217d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
215317d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
215417d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
215517d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
215617d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
215717d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
215817d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
215917d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
216017d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
216117d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
216217d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
216317d8.1710: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
216417d8.1710: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
216517d8.1710: supR3HardenedDllNotificationCallback: load 00007ffa0de30000 LB 0x00082000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [fFlags=0x0]
216617d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
216717d8.1710: supR3HardenedDllNotificationCallback: load 00007ffa0d010000 LB 0x00010000 C:\WINDOWS\system32\wbem\wbemprox.dll [fFlags=0x0]
216817d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
216917d8.1710: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(API-MS-Win-Core-LocalRegistry-L1-1-0.dll) -> 0x0, fPresent=1
217017d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
217117d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa186e0000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
217217d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa0d010000 'C:\WINDOWS\system32\wbem\wbemprox.dll'
217317d8.1710: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b28 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
217417d8.1710: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000124c190
217517d8.1710: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000124c190
217617d8.1710: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=559C24F928E5CCE94C1894759931445FEFCE69FF
217717d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
217817d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15710000 'C:\WINDOWS\System32\crypt32.dll'
217917d8.1710: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecore~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll'
218017d8.1710: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
218117d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
218217d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
218317d8.1710: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
218417d8.1710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
218517d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
218617d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
218717d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
218817d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
218917d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
219017d8.1710: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
219117d8.1710: supR3HardenedDllNotificationCallback: load 00007ffa0be80000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [fFlags=0x0]
219217d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
219317d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa0be80000 'C:\WINDOWS\system32\wbem\wbemsvc.dll'
219417d8.1710: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-0.dll) -> 0x0, fPresent=1
219517d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
219617d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa186e0000 'api-ms-win-core-localization-l1-2-0.dll'
219717d8.1710: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-1-0.dll) -> 0x0, fPresent=1
219817d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
219917d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa186e0000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
220017d8.1710: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b64 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
220117d8.1710: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000124c190
220217d8.1710: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000124c190
220317d8.1710: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3FF6EDA0EE7AAFEFF666CD9B9BCCFAF342DB5470
220417d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
220517d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa15710000 'C:\WINDOWS\System32\crypt32.dll'
220617d8.1710: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecore~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll'
220717d8.1710: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
220817d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
220917d8.1710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
221017d8.1710: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
221117d8.1710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
221217d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
221317d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
221417d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
221517d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
221617d8.1710: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
221717d8.1710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
221817d8.1710: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
221917d8.1710: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
222017d8.1710: supR3HardenedDllNotificationCallback: load 00007ffa0bff0000 LB 0x000f0000 C:\WINDOWS\system32\wbem\fastprox.dll [fFlags=0x0]
222117d8.1710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
222217d8.1710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa0bff0000 'C:\WINDOWS\system32\wbem\fastprox.dll'
222317d8.1a0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
222417d8.1a0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
222517d8.1a0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
222617d8.1a0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
222717d8.1a0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
222817d8.1a0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
222917d8.1a0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
223017d8.1a0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
223117d8.1a0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
223217d8.1a0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
223317d8.1a0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
223417d8.1a0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
223517d8.1a0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
223617d8.1a0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
223717d8.1a0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
223817d8.1a0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll
223917d8.1a0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
224017d8.1a0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
224117d8.1a0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
224217d8.1a0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
224317d8.1a0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
224417d8.1a0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
224517d8.1a0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
224617d8.1a0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
224717d8.1a0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
224817d8.1a0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
224917d8.1a0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
225017d8.1a0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll
225117d8.1a0c: supR3HardenedDllNotificationCallback: load 000000006fee0000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
225217d8.1a0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll
225317d8.1a0c: supR3HardenedDllNotificationCallback: load 00007ff9eb5c0000 LB 0x002be000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
225417d8.1a0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
225517d8.1a0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9eb5c0000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
225617d8.3060: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
225717d8.3bb0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
225817d8.3bb0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
225917d8.3bb0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
226017d8.3bb0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
226117d8.3bb0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
226217d8.3bb0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
226317d8.3bb0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
226417d8.3bb0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
226517d8.3bb0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
226617d8.3bb0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
226717d8.3bb0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
226817d8.3bb0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
226917d8.3bb0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
227017d8.3bb0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
227117d8.3bb0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
227217d8.3bb0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
227317d8.3bb0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
227417d8.3bb0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
227517d8.3bb0: supR3HardenedDllNotificationCallback: load 00007ffa09c40000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
227617d8.3bb0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
227717d8.3bb0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa09c40000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
227817d8.3bb0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa189e0000 'C:\WINDOWS\system32\User32.dll'
227917d8.2ea8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
228017d8.2ea8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
228117d8.2ea8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
228217d8.2ea8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
228317d8.2ea8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
228417d8.2ea8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
228517d8.2ea8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
228617d8.2ea8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
228717d8.2ea8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
228817d8.2ea8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
228917d8.2ea8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
229017d8.2ea8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
229117d8.2ea8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
229217d8.2ea8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
229317d8.2ea8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
229417d8.2ea8: supR3HardenedDllNotificationCallback: load 00007ffa09c30000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
229517d8.2ea8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
229617d8.2ea8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa09c30000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
229717d8.3894: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
229817d8.3894: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
229917d8.3894: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
230017d8.3894: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
230117d8.3894: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
230217d8.3894: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
230317d8.3894: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
230417d8.3894: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
230517d8.3894: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
230617d8.3894: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
230717d8.3894: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
230817d8.3894: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
230917d8.3894: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
231017d8.3894: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
231117d8.3894: supR3HardenedDllNotificationCallback: load 00007ffa054c0000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
231217d8.3894: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
231317d8.3894: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa054c0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
231417d8.ddc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa14120000 'C:\WINDOWS\system32\rsaenh.dll'
231517d8.ddc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
231617d8.ddc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
231717d8.ddc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
231817d8.ddc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
231917d8.ddc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
232017d8.ddc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
232117d8.ddc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
232217d8.ddc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
232317d8.ddc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
232417d8.ddc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
232517d8.ddc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
232617d8.ddc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
232717d8.ddc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
232817d8.ddc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
232917d8.ddc: supR3HardenedDllNotificationCallback: load 00007ffa05390000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
233017d8.ddc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
233117d8.ddc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa05390000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
233217d8.3060: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa16d80000 'C:\WINDOWS\system32\Shell32.dll'
233317d8.ddc: supR3HardenedDllNotificationCallback: Unload 00007ffa05390000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [flags=0x0]
233417d8.3894: supR3HardenedDllNotificationCallback: Unload 00007ffa054c0000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [flags=0x0]
233517d8.2ea8: supR3HardenedDllNotificationCallback: Unload 00007ffa09c30000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [flags=0x0]
233617d8.3bb0: supR3HardenedDllNotificationCallback: Unload 00007ffa09c40000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [flags=0x0]
233717d8.1710: supR3HardenedDllNotificationCallback: Unload 00007ffa0be80000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [flags=0x0]
233817d8.1710: supR3HardenedDllNotificationCallback: Unload 00007ff9e4530000 LB 0x00047000 C:\WINDOWS\system32\dataexchange.dll [flags=0x0]
233917d8.1710: supR3HardenedDllNotificationCallback: Unload 00007ffa11c20000 LB 0x002df000 C:\WINDOWS\system32\d3d11.dll [flags=0x0]
234017d8.1710: supR3HardenedDllNotificationCallback: Unload 00007ffa139e0000 LB 0x000a4000 C:\WINDOWS\system32\dxgi.dll [flags=0x0]
234117d8.1710: supR3HardenedDllNotificationCallback: Unload 00007ffa12600000 LB 0x00122000 C:\WINDOWS\system32\dcomp.dll [flags=0x0]
234217d8.1710: supR3HardenedDllNotificationCallback: Unload 00007ffa135b0000 LB 0x00170000 C:\WINDOWS\system32\twinapi.appcore.dll [flags=0x0]
234317d8.1710: supR3HardenedDllNotificationCallback: Unload 00007ffa0bff0000 LB 0x000f0000 C:\WINDOWS\system32\wbem\fastprox.dll [flags=0x0]
234417d8.1710: supR3HardenedDllNotificationCallback: Unload 00007ffa05030000 LB 0x000b5000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [flags=0x0]
234517d8.1710: supR3HardenedDllNotificationCallback: Unload 00007ffa0d010000 LB 0x00010000 C:\WINDOWS\system32\wbem\wbemprox.dll [flags=0x0]
234617d8.1710: supR3HardenedDllNotificationCallback: Unload 00007ffa0de30000 LB 0x00082000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [flags=0x0]
234717d8.1710: supR3HardenedDllNotificationCallback: Unload 00007ff9d8230000 LB 0x004f7000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [flags=0x0]
234817d8.1710: Terminating the normal way: rcExit=0
234922d0.3954: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 2984 ms, the end);
235023c0.6b8: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 3428 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy