VirtualBox

Ticket #17068: VBoxHardening.log

File VBoxHardening.log, 412.2 KB (added by dannyo1, 7 years ago)
Line 
144c.1ea8: Log file opened: 5.1.27r117883 g_hStartupLog=0000000000000068 g_uNtVerCombined=0xa03ad700
244c.1ea8: \SystemRoot\System32\ntdll.dll:
344c.1ea8: CreationTime: 2017-07-11T05:40:23.359978000Z
444c.1ea8: LastWriteTime: 2017-07-11T05:40:23.359978000Z
544c.1ea8: ChangeTime: 2017-08-08T20:44:40.923516000Z
644c.1ea8: FileAttributes: 0x20
744c.1ea8: Size: 0x1d7450
844c.1ea8: NT Headers: 0xe0
944c.1ea8: Timestamp: 0xa329d3a8
1044c.1ea8: Machine: 0x8664 - amd64
1144c.1ea8: Timestamp: 0xa329d3a8
1244c.1ea8: Image Version: 10.0
1344c.1ea8: SizeOfImage: 0x1db000 (1945600)
1444c.1ea8: Resource Dir: 0x170000 LB 0x69398
1544c.1ea8: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
1644c.1ea8: [Raw version resource data: 0x1700f0 LB 0x380, codepage 0x0 (reserved 0x0)]
1744c.1ea8: ProductName: Microsoft® Windows® Operating System
1844c.1ea8: ProductVersion: 10.0.15063.447
1944c.1ea8: FileVersion: 10.0.15063.447 (WinBuild.160101.0800)
2044c.1ea8: FileDescription: NT Layer DLL
2144c.1ea8: \SystemRoot\System32\kernel32.dll:
2244c.1ea8: CreationTime: 2017-07-11T05:40:23.172474500Z
2344c.1ea8: LastWriteTime: 2017-07-11T05:40:23.172474500Z
2444c.1ea8: ChangeTime: 2017-08-08T20:44:40.892265600Z
2544c.1ea8: FileAttributes: 0x20
2644c.1ea8: Size: 0xad068
2744c.1ea8: NT Headers: 0xf8
2844c.1ea8: Timestamp: 0xf5fa43df
2944c.1ea8: Machine: 0x8664 - amd64
3044c.1ea8: Timestamp: 0xf5fa43df
3144c.1ea8: Image Version: 10.0
3244c.1ea8: SizeOfImage: 0xae000 (712704)
3344c.1ea8: Resource Dir: 0xac000 LB 0x520
3444c.1ea8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
3544c.1ea8: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
3644c.1ea8: ProductName: Microsoft® Windows® Operating System
3744c.1ea8: ProductVersion: 10.0.15063.296
3844c.1ea8: FileVersion: 10.0.15063.296 (WinBuild.160101.0800)
3944c.1ea8: FileDescription: Windows NT BASE API Client DLL
4044c.1ea8: \SystemRoot\System32\KernelBase.dll:
4144c.1ea8: CreationTime: 2017-08-08T20:29:08.051761800Z
4244c.1ea8: LastWriteTime: 2017-08-08T20:29:08.067386700Z
4344c.1ea8: ChangeTime: 2017-08-08T20:44:40.907890800Z
4444c.1ea8: FileAttributes: 0x20
4544c.1ea8: Size: 0x249df0
4644c.1ea8: NT Headers: 0x100
4744c.1ea8: Timestamp: 0x5405b5
4844c.1ea8: Machine: 0x8664 - amd64
4944c.1ea8: Timestamp: 0x5405b5
5044c.1ea8: Image Version: 10.0
5144c.1ea8: SizeOfImage: 0x249000 (2396160)
5244c.1ea8: Resource Dir: 0x22a000 LB 0x548
5344c.1ea8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
5444c.1ea8: [Raw version resource data: 0x22a0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
5544c.1ea8: ProductName: Microsoft® Windows® Operating System
5644c.1ea8: ProductVersion: 10.0.15063.502
5744c.1ea8: FileVersion: 10.0.15063.502 (WinBuild.160101.0800)
5844c.1ea8: FileDescription: Windows NT BASE API Client DLL
5944c.1ea8: \SystemRoot\System32\apisetschema.dll:
6044c.1ea8: CreationTime: 2017-03-18T20:57:35.373527900Z
6144c.1ea8: LastWriteTime: 2017-03-18T20:57:35.373527900Z
6244c.1ea8: ChangeTime: 2017-08-08T20:09:52.521843600Z
6344c.1ea8: FileAttributes: 0x20
6444c.1ea8: Size: 0x1ada0
6544c.1ea8: NT Headers: 0xc0
6644c.1ea8: Timestamp: 0x76544b2
6744c.1ea8: Machine: 0x8664 - amd64
6844c.1ea8: Timestamp: 0x76544b2
6944c.1ea8: Image Version: 10.0
7044c.1ea8: SizeOfImage: 0x1b000 (110592)
7144c.1ea8: Resource Dir: 0x1a000 LB 0x408
7244c.1ea8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
7344c.1ea8: [Raw version resource data: 0x1a060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
7444c.1ea8: ProductName: Microsoft® Windows® Operating System
7544c.1ea8: ProductVersion: 10.0.15063.0
7644c.1ea8: FileVersion: 10.0.15063.0 (WinBuild.160101.0800)
7744c.1ea8: FileDescription: ApiSet Schema DLL
7844c.1ea8: NtOpenDirectoryObject failed on \Driver: 0xc0000022
7944c.1ea8: supR3HardenedWinFindAdversaries: 0x80
8044c.1ea8: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
8144c.1ea8: CreationTime: 2015-11-11T15:00:21.407446400Z
8244c.1ea8: LastWriteTime: 2017-09-13T13:47:46.400077500Z
8344c.1ea8: ChangeTime: 2017-09-13T13:47:46.400077500Z
8444c.1ea8: FileAttributes: 0x20
8544c.1ea8: Size: 0x3dfa0
8644c.1ea8: NT Headers: 0x100
8744c.1ea8: Timestamp: 0x5931ce89
8844c.1ea8: Machine: 0x8664 - amd64
8944c.1ea8: Timestamp: 0x5931ce89
9044c.1ea8: Image Version: 6.3
9144c.1ea8: SizeOfImage: 0x40000 (262144)
9244c.1ea8: Resource Dir: 0x3e000 LB 0x3b8
9344c.1ea8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
9444c.1ea8: [Raw version resource data: 0x3e060 LB 0x358, codepage 0x0 (reserved 0x0)]
9544c.1ea8: ProductName: Malwarebytes SwissArmy
9644c.1ea8: ProductVersion: 4.2.0.119
9744c.1ea8: FileVersion: 4.2.0.119
9844c.1ea8: FileDescription: Malwarebytes SwissArmy
9944c.1ea8: \SystemRoot\System32\drivers\mwac.sys:
10044c.1ea8: CreationTime: 2017-07-24T15:41:05.576400700Z
10144c.1ea8: LastWriteTime: 2017-07-26T16:26:57.545593600Z
10244c.1ea8: ChangeTime: 2017-08-08T17:47:08.075745000Z
10344c.1ea8: FileAttributes: 0x20
10444c.1ea8: Size: 0x16da0
10544c.1ea8: NT Headers: 0xf8
10644c.1ea8: Timestamp: 0x5949610f
10744c.1ea8: Machine: 0x8664 - amd64
10844c.1ea8: Timestamp: 0x5949610f
10944c.1ea8: Image Version: 6.3
11044c.1ea8: SizeOfImage: 0x19000 (102400)
11144c.1ea8: Resource Dir: 0x17000 LB 0x3a8
11244c.1ea8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
11344c.1ea8: [Raw version resource data: 0x17060 LB 0x348, codepage 0x0 (reserved 0x0)]
11444c.1ea8: ProductName: Malwarebytes Web Protection
11544c.1ea8: ProductVersion: 3.0.0.152
11644c.1ea8: FileVersion: 3.0.0.152
11744c.1ea8: FileDescription: Malwarebytes Web Protection
11844c.1ea8: \SystemRoot\System32\drivers\mbamchameleon.sys:
11944c.1ea8: CreationTime: 2017-07-24T15:41:13.272329600Z
12044c.1ea8: LastWriteTime: 2017-07-24T15:46:47.473770100Z
12144c.1ea8: ChangeTime: 2017-08-08T17:47:08.075745000Z
12244c.1ea8: FileAttributes: 0x20
12344c.1ea8: Size: 0x2dfc0
12444c.1ea8: NT Headers: 0xf8
12544c.1ea8: Timestamp: 0x5952a24e
12644c.1ea8: Machine: 0x8664 - amd64
12744c.1ea8: Timestamp: 0x5952a24e
12844c.1ea8: Image Version: 6.3
12944c.1ea8: SizeOfImage: 0x31000 (200704)
13044c.1ea8: Resource Dir: 0x2f000 LB 0x3b8
13144c.1ea8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
13244c.1ea8: [Raw version resource data: 0x2f060 LB 0x358, codepage 0x0 (reserved 0x0)]
13344c.1ea8: ProductName: Malwarebytes Chameleon
13444c.1ea8: ProductVersion: 3.0.0.169
13544c.1ea8: FileVersion: 3.0.0.169
13644c.1ea8: FileDescription: Malwarebytes Chameleon
13744c.1ea8: \SystemRoot\System32\drivers\mbam.sys:
13844c.1ea8: CreationTime: 2015-11-11T15:00:05.034972300Z
13944c.1ea8: LastWriteTime: 2017-08-06T16:55:11.225851300Z
14044c.1ea8: ChangeTime: 2017-08-08T17:47:08.075745000Z
14144c.1ea8: FileAttributes: 0x20
14244c.1ea8: Size: 0xb1a0
14344c.1ea8: NT Headers: 0xf0
14444c.1ea8: Timestamp: 0x59380d32
14544c.1ea8: Machine: 0x8664 - amd64
14644c.1ea8: Timestamp: 0x59380d32
14744c.1ea8: Image Version: 6.3
14844c.1ea8: SizeOfImage: 0xd000 (53248)
14944c.1ea8: Resource Dir: 0xb000 LB 0x3c0
15044c.1ea8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
15144c.1ea8: [Raw version resource data: 0xb060 LB 0x360, codepage 0x0 (reserved 0x0)]
15244c.1ea8: ProductName: Malwarebytes Real-Time Protection
15344c.1ea8: ProductVersion: 3.0.0.101
15444c.1ea8: FileVersion: 3.0.0.101
15544c.1ea8: FileDescription: Malwarebytes Real-Time Protection
15644c.1ea8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
15744c.1ea8: Calling main()
15844c.1ea8: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
15944c.1ea8: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
16044c.1ea8: SUPR3HardenedMain: Respawn #1
16144c.1ea8: System32: \Device\HarddiskVolume3\Windows\System32
16244c.1ea8: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
16344c.1ea8: KnownDllPath: C:\WINDOWS\System32
16444c.1ea8: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
16544c.1ea8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe)
16644c.1ea8: supR3HardNtEnableThreadCreation:
16744c.1ea8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffc3ff29ac0 pvNtTerminateThread=00007ffc3ff55df0
16844c.1ea8: supR3HardenedWinDoReSpawn(1): New child 1f70.248c [kernel32].
16944c.1ea8: supR3HardNtChildGatherData: PebBaseAddress=0000000000413000 cbPeb=0x388
17044c.1ea8: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffc3feb0000 uNtDllChildAddr=00007ffc3feb0000
17144c.1ea8: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffc3ff29ac0
17244c.1ea8: supR3HardenedWinSetupChildInit: Start child.
17344c.1ea8: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
17444c.1ea8: supR3HardNtChildPurify: Startup delay kludge #1/0: 516 ms, 32 sleeps
17544c.1ea8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
17644c.1ea8: *0000000000000000-000000000039ffff 0x0001/0x0000 0x0000000
17744c.1ea8: *00000000003a0000-00000000003bffff 0x0004/0x0004 0x0020000
17844c.1ea8: *00000000003c0000-00000000003d7fff 0x0002/0x0002 0x0040000
17944c.1ea8: 00000000003d8000-00000000003dffff 0x0001/0x0000 0x0000000
18044c.1ea8: *00000000003e0000-00000000003e3fff 0x0002/0x0002 0x0040000
18144c.1ea8: 00000000003e4000-00000000003effff 0x0001/0x0000 0x0000000
18244c.1ea8: *00000000003f0000-00000000003f0fff 0x0004/0x0004 0x0020000
18344c.1ea8: 00000000003f1000-00000000003fffff 0x0001/0x0000 0x0000000
18444c.1ea8: *0000000000400000-0000000000412fff 0x0000/0x0004 0x0020000
18544c.1ea8: 0000000000413000-0000000000415fff 0x0004/0x0004 0x0020000
18644c.1ea8: 0000000000416000-00000000005fffff 0x0000/0x0004 0x0020000
18744c.1ea8: *0000000000600000-00000000006fafff 0x0000/0x0004 0x0020000
18844c.1ea8: 00000000006fb000-00000000006fdfff 0x0104/0x0004 0x0020000
18944c.1ea8: 00000000006fe000-00000000006fffff 0x0004/0x0004 0x0020000
19044c.1ea8: 0000000000700000-000000007ffdffff 0x0001/0x0000 0x0000000
19144c.1ea8: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
19244c.1ea8: *000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
19344c.1ea8: 000000007fff0000-00007ff7d2c1ffff 0x0001/0x0000 0x0000000
19444c.1ea8: *00007ff7d2c20000-00007ff7d2c42fff 0x0002/0x0002 0x0040000
19544c.1ea8: 00007ff7d2c43000-00007ff7d2f1ffff 0x0001/0x0000 0x0000000
19644c.1ea8: *00007ff7d2f20000-00007ff7d2f20fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
19744c.1ea8: 00007ff7d2f21000-00007ff7d2f90fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
19844c.1ea8: 00007ff7d2f91000-00007ff7d2f91fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
19944c.1ea8: 00007ff7d2f92000-00007ff7d2fd7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
20044c.1ea8: 00007ff7d2fd8000-00007ff7d2fd8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
20144c.1ea8: 00007ff7d2fd9000-00007ff7d2fd9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
20244c.1ea8: 00007ff7d2fda000-00007ff7d2fdefff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
20344c.1ea8: 00007ff7d2fdf000-00007ff7d2fdffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
20444c.1ea8: 00007ff7d2fe0000-00007ff7d2fe0fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
20544c.1ea8: 00007ff7d2fe1000-00007ff7d2fe4fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
20644c.1ea8: 00007ff7d2fe5000-00007ff7d302cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
20744c.1ea8: 00007ff7d302d000-00007ffc3feaffff 0x0001/0x0000 0x0000000
20844c.1ea8: *00007ffc3feb0000-00007ffc3feb0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
20944c.1ea8: 00007ffc3feb1000-00007ffc3ffbffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
21044c.1ea8: 00007ffc3ffc0000-00007ffc40004fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
21144c.1ea8: 00007ffc40005000-00007ffc4000cfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
21244c.1ea8: 00007ffc4000d000-00007ffc4001afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
21344c.1ea8: 00007ffc4001b000-00007ffc4001bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
21444c.1ea8: 00007ffc4001c000-00007ffc4001efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
21544c.1ea8: 00007ffc4001f000-00007ffc4008afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
21644c.1ea8: 00007ffc4008b000-00007ffffffdffff 0x0001/0x0000 0x0000000
21744c.1ea8: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
21844c.1ea8: VirtualBox.exe: timestamp 0x59aeb9ad (rc=VINF_SUCCESS)
21944c.1ea8: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
22044c.1ea8: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
22144c.1ea8: supR3HardNtChildPurify: Done after 547 ms and 0 fixes (loop #0).
2221f70.248c: Log file opened: 5.1.27r117883 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa03ad700
2231f70.248c: supR3HardenedVmProcessInit: uNtDllAddr=00007ffc3feb0000 g_uNtVerCombined=0xa03ad700
22444c.1ea8: supR3HardNtEnableThreadCreation:
2251f70.248c: ntdll.dll: timestamp 0xa329d3a8 (rc=VINF_SUCCESS)
2261f70.248c: New simple heap: #1 0000000000800000 LB 0x400000 (for 1945600 allocation)
2271f70.248c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
2281f70.248c: System32: \Device\HarddiskVolume3\Windows\System32
2291f70.248c: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
2301f70.248c: KnownDllPath: C:\WINDOWS\System32
2311f70.248c: supR3HardenedVmProcessInit: Opening vboxdrv stub...
2321f70.248c: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
2331f70.248c: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
2341f70.248c: Registered Dll notification callback with NTDLL.
2351f70.248c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
2361f70.248c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
2371f70.248c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
2381f70.248c: supR3HardenedDllNotificationCallback: load 00007ffc3cdf0000 LB 0x00249000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
2391f70.248c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
2401f70.248c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
2411f70.248c: supR3HardenedDllNotificationCallback: load 00007ffc3dc30000 LB 0x000ae000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
2421f70.248c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
2431f70.248c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3dc30000 'C:\WINDOWS\System32\KERNEL32.DLL'
2441f70.248c: supR3HardenedDllNotificationCallback: load 00007ff7d2f20000 LB 0x0010d000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
2451f70.248c: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
2461f70.248c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe)
2471f70.248c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
2481f70.248c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffc3ff29ac0 pvNtTerminateThread=00007ffc3ff55df0
24944c.1ea8: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 78 ms.
2501f70.248c: \SystemRoot\System32\ntdll.dll:
2511f70.248c: CreationTime: 2017-07-11T05:40:23.359978000Z
2521f70.248c: LastWriteTime: 2017-07-11T05:40:23.359978000Z
2531f70.248c: ChangeTime: 2017-08-08T20:44:40.923516000Z
2541f70.248c: FileAttributes: 0x20
2551f70.248c: Size: 0x1d7450
2561f70.248c: NT Headers: 0xe0
2571f70.248c: Timestamp: 0xa329d3a8
2581f70.248c: Machine: 0x8664 - amd64
2591f70.248c: Timestamp: 0xa329d3a8
2601f70.248c: Image Version: 10.0
2611f70.248c: SizeOfImage: 0x1db000 (1945600)
2621f70.248c: Resource Dir: 0x170000 LB 0x69398
2631f70.248c: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
2641f70.248c: [Raw version resource data: 0x1700f0 LB 0x380, codepage 0x0 (reserved 0x0)]
2651f70.248c: ProductName: Microsoft® Windows® Operating System
2661f70.248c: ProductVersion: 10.0.15063.447
2671f70.248c: FileVersion: 10.0.15063.447 (WinBuild.160101.0800)
2681f70.248c: FileDescription: NT Layer DLL
2691f70.248c: \SystemRoot\System32\kernel32.dll:
2701f70.248c: CreationTime: 2017-07-11T05:40:23.172474500Z
2711f70.248c: LastWriteTime: 2017-07-11T05:40:23.172474500Z
2721f70.248c: ChangeTime: 2017-08-08T20:44:40.892265600Z
2731f70.248c: FileAttributes: 0x20
2741f70.248c: Size: 0xad068
2751f70.248c: NT Headers: 0xf8
2761f70.248c: Timestamp: 0xf5fa43df
2771f70.248c: Machine: 0x8664 - amd64
2781f70.248c: Timestamp: 0xf5fa43df
2791f70.248c: Image Version: 10.0
2801f70.248c: SizeOfImage: 0xae000 (712704)
2811f70.248c: Resource Dir: 0xac000 LB 0x520
2821f70.248c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
2831f70.248c: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
2841f70.248c: ProductName: Microsoft® Windows® Operating System
2851f70.248c: ProductVersion: 10.0.15063.296
2861f70.248c: FileVersion: 10.0.15063.296 (WinBuild.160101.0800)
2871f70.248c: FileDescription: Windows NT BASE API Client DLL
2881f70.248c: \SystemRoot\System32\KernelBase.dll:
2891f70.248c: CreationTime: 2017-08-08T20:29:08.051761800Z
2901f70.248c: LastWriteTime: 2017-08-08T20:29:08.067386700Z
2911f70.248c: ChangeTime: 2017-08-08T20:44:40.907890800Z
2921f70.248c: FileAttributes: 0x20
2931f70.248c: Size: 0x249df0
2941f70.248c: NT Headers: 0x100
2951f70.248c: Timestamp: 0x5405b5
2961f70.248c: Machine: 0x8664 - amd64
2971f70.248c: Timestamp: 0x5405b5
2981f70.248c: Image Version: 10.0
2991f70.248c: SizeOfImage: 0x249000 (2396160)
3001f70.248c: Resource Dir: 0x22a000 LB 0x548
3011f70.248c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
3021f70.248c: [Raw version resource data: 0x22a0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
3031f70.248c: ProductName: Microsoft® Windows® Operating System
3041f70.248c: ProductVersion: 10.0.15063.502
3051f70.248c: FileVersion: 10.0.15063.502 (WinBuild.160101.0800)
3061f70.248c: FileDescription: Windows NT BASE API Client DLL
3071f70.248c: \SystemRoot\System32\apisetschema.dll:
3081f70.248c: CreationTime: 2017-03-18T20:57:35.373527900Z
3091f70.248c: LastWriteTime: 2017-03-18T20:57:35.373527900Z
3101f70.248c: ChangeTime: 2017-08-08T20:09:52.521843600Z
3111f70.248c: FileAttributes: 0x20
3121f70.248c: Size: 0x1ada0
3131f70.248c: NT Headers: 0xc0
3141f70.248c: Timestamp: 0x76544b2
3151f70.248c: Machine: 0x8664 - amd64
3161f70.248c: Timestamp: 0x76544b2
3171f70.248c: Image Version: 10.0
3181f70.248c: SizeOfImage: 0x1b000 (110592)
3191f70.248c: Resource Dir: 0x1a000 LB 0x408
3201f70.248c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
3211f70.248c: [Raw version resource data: 0x1a060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
3221f70.248c: ProductName: Microsoft® Windows® Operating System
3231f70.248c: ProductVersion: 10.0.15063.0
3241f70.248c: FileVersion: 10.0.15063.0 (WinBuild.160101.0800)
3251f70.248c: FileDescription: ApiSet Schema DLL
3261f70.248c: NtOpenDirectoryObject failed on \Driver: 0xc0000022
3271f70.248c: supR3HardenedWinFindAdversaries: 0x80
3281f70.248c: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
3291f70.248c: CreationTime: 2015-11-11T15:00:21.407446400Z
3301f70.248c: LastWriteTime: 2017-09-13T13:47:46.400077500Z
3311f70.248c: ChangeTime: 2017-09-13T13:47:46.400077500Z
3321f70.248c: FileAttributes: 0x20
3331f70.248c: Size: 0x3dfa0
3341f70.248c: NT Headers: 0x100
3351f70.248c: Timestamp: 0x5931ce89
3361f70.248c: Machine: 0x8664 - amd64
3371f70.248c: Timestamp: 0x5931ce89
3381f70.248c: Image Version: 6.3
3391f70.248c: SizeOfImage: 0x40000 (262144)
3401f70.248c: Resource Dir: 0x3e000 LB 0x3b8
3411f70.248c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
3421f70.248c: [Raw version resource data: 0x3e060 LB 0x358, codepage 0x0 (reserved 0x0)]
3431f70.248c: ProductName: Malwarebytes SwissArmy
3441f70.248c: ProductVersion: 4.2.0.119
3451f70.248c: FileVersion: 4.2.0.119
3461f70.248c: FileDescription: Malwarebytes SwissArmy
3471f70.248c: \SystemRoot\System32\drivers\mwac.sys:
3481f70.248c: CreationTime: 2017-07-24T15:41:05.576400700Z
3491f70.248c: LastWriteTime: 2017-07-26T16:26:57.545593600Z
3501f70.248c: ChangeTime: 2017-08-08T17:47:08.075745000Z
3511f70.248c: FileAttributes: 0x20
3521f70.248c: Size: 0x16da0
3531f70.248c: NT Headers: 0xf8
3541f70.248c: Timestamp: 0x5949610f
3551f70.248c: Machine: 0x8664 - amd64
3561f70.248c: Timestamp: 0x5949610f
3571f70.248c: Image Version: 6.3
3581f70.248c: SizeOfImage: 0x19000 (102400)
3591f70.248c: Resource Dir: 0x17000 LB 0x3a8
3601f70.248c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
3611f70.248c: [Raw version resource data: 0x17060 LB 0x348, codepage 0x0 (reserved 0x0)]
3621f70.248c: ProductName: Malwarebytes Web Protection
3631f70.248c: ProductVersion: 3.0.0.152
3641f70.248c: FileVersion: 3.0.0.152
3651f70.248c: FileDescription: Malwarebytes Web Protection
3661f70.248c: \SystemRoot\System32\drivers\mbamchameleon.sys:
3671f70.248c: CreationTime: 2017-07-24T15:41:13.272329600Z
3681f70.248c: LastWriteTime: 2017-07-24T15:46:47.473770100Z
3691f70.248c: ChangeTime: 2017-08-08T17:47:08.075745000Z
3701f70.248c: FileAttributes: 0x20
3711f70.248c: Size: 0x2dfc0
3721f70.248c: NT Headers: 0xf8
3731f70.248c: Timestamp: 0x5952a24e
3741f70.248c: Machine: 0x8664 - amd64
3751f70.248c: Timestamp: 0x5952a24e
3761f70.248c: Image Version: 6.3
3771f70.248c: SizeOfImage: 0x31000 (200704)
3781f70.248c: Resource Dir: 0x2f000 LB 0x3b8
3791f70.248c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
3801f70.248c: [Raw version resource data: 0x2f060 LB 0x358, codepage 0x0 (reserved 0x0)]
3811f70.248c: ProductName: Malwarebytes Chameleon
3821f70.248c: ProductVersion: 3.0.0.169
3831f70.248c: FileVersion: 3.0.0.169
3841f70.248c: FileDescription: Malwarebytes Chameleon
3851f70.248c: \SystemRoot\System32\drivers\mbam.sys:
3861f70.248c: CreationTime: 2015-11-11T15:00:05.034972300Z
3871f70.248c: LastWriteTime: 2017-08-06T16:55:11.225851300Z
3881f70.248c: ChangeTime: 2017-08-08T17:47:08.075745000Z
3891f70.248c: FileAttributes: 0x20
3901f70.248c: Size: 0xb1a0
3911f70.248c: NT Headers: 0xf0
3921f70.248c: Timestamp: 0x59380d32
3931f70.248c: Machine: 0x8664 - amd64
3941f70.248c: Timestamp: 0x59380d32
3951f70.248c: Image Version: 6.3
3961f70.248c: SizeOfImage: 0xd000 (53248)
3971f70.248c: Resource Dir: 0xb000 LB 0x3c0
3981f70.248c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
3991f70.248c: [Raw version resource data: 0xb060 LB 0x360, codepage 0x0 (reserved 0x0)]
4001f70.248c: ProductName: Malwarebytes Real-Time Protection
4011f70.248c: ProductVersion: 3.0.0.101
4021f70.248c: FileVersion: 3.0.0.101
4031f70.248c: FileDescription: Malwarebytes Real-Time Protection
4041f70.248c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
4051f70.248c: Calling main()
4061f70.248c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
4071f70.248c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
4081f70.248c: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
4091f70.248c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe)
4101f70.248c: SUPR3HardenedMain: Respawn #2
4111f70.248c: supR3HardNtEnableThreadCreation:
4121f70.248c: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
4131f70.248c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntdll.dll)
4141f70.248c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntdll.dll
4151f70.248c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
4161f70.248c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3feb0000 'C:\WINDOWS\System32\ntdll.dll'
4171f70.248c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffc3ff29ac0 pvNtTerminateThread=00007ffc3ff55df0
4181f70.248c: supR3HardenedWinDoReSpawn(2): New child 268c.1ae0 [kernel32].
4191f70.248c: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
4201f70.248c: supR3HardNtChildGatherData: PebBaseAddress=0000000000304000 cbPeb=0x388
4211f70.248c: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffc3feb0000 uNtDllChildAddr=00007ffc3feb0000
4221f70.248c: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffc3ff29ac0
4231f70.248c: supR3HardenedWinSetupChildInit: Start child.
4241f70.248c: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
4251f70.248c: supR3HardNtChildPurify: Startup delay kludge #1/0: 516 ms, 33 sleeps
4261f70.248c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
4271f70.248c: *0000000000000000-00000000000effff 0x0001/0x0000 0x0000000
4281f70.248c: *00000000000f0000-000000000010ffff 0x0004/0x0004 0x0020000
4291f70.248c: *0000000000110000-0000000000127fff 0x0002/0x0002 0x0040000
4301f70.248c: 0000000000128000-000000000012ffff 0x0001/0x0000 0x0000000
4311f70.248c: *0000000000130000-0000000000133fff 0x0002/0x0002 0x0040000
4321f70.248c: 0000000000134000-000000000013ffff 0x0001/0x0000 0x0000000
4331f70.248c: *0000000000140000-0000000000140fff 0x0004/0x0004 0x0020000
4341f70.248c: 0000000000141000-00000000001fffff 0x0001/0x0000 0x0000000
4351f70.248c: *0000000000200000-0000000000303fff 0x0000/0x0004 0x0020000
4361f70.248c: 0000000000304000-0000000000306fff 0x0004/0x0004 0x0020000
4371f70.248c: 0000000000307000-00000000003fffff 0x0000/0x0004 0x0020000
4381f70.248c: *0000000000400000-00000000004fafff 0x0000/0x0004 0x0020000
4391f70.248c: 00000000004fb000-00000000004fdfff 0x0104/0x0004 0x0020000
4401f70.248c: 00000000004fe000-00000000004fffff 0x0004/0x0004 0x0020000
4411f70.248c: 0000000000500000-000000007ffdffff 0x0001/0x0000 0x0000000
4421f70.248c: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
4431f70.248c: *000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
4441f70.248c: 000000007fff0000-00007ff7d200ffff 0x0001/0x0000 0x0000000
4451f70.248c: *00007ff7d2010000-00007ff7d2032fff 0x0002/0x0002 0x0040000
4461f70.248c: 00007ff7d2033000-00007ff7d2f1ffff 0x0001/0x0000 0x0000000
4471f70.248c: *00007ff7d2f20000-00007ff7d2f20fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
4481f70.248c: 00007ff7d2f21000-00007ff7d2f90fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
4491f70.248c: 00007ff7d2f91000-00007ff7d2f91fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
4501f70.248c: 00007ff7d2f92000-00007ff7d2fd7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
4511f70.248c: 00007ff7d2fd8000-00007ff7d2fd8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
4521f70.248c: 00007ff7d2fd9000-00007ff7d2fd9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
4531f70.248c: 00007ff7d2fda000-00007ff7d2fdefff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
4541f70.248c: 00007ff7d2fdf000-00007ff7d2fdffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
4551f70.248c: 00007ff7d2fe0000-00007ff7d2fe0fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
4561f70.248c: 00007ff7d2fe1000-00007ff7d2fe4fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
4571f70.248c: 00007ff7d2fe5000-00007ff7d302cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
4581f70.248c: 00007ff7d302d000-00007ffc3feaffff 0x0001/0x0000 0x0000000
4591f70.248c: *00007ffc3feb0000-00007ffc3feb0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
4601f70.248c: 00007ffc3feb1000-00007ffc3ffbffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
4611f70.248c: 00007ffc3ffc0000-00007ffc40004fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
4621f70.248c: 00007ffc40005000-00007ffc4000cfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
4631f70.248c: 00007ffc4000d000-00007ffc4001afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
4641f70.248c: 00007ffc4001b000-00007ffc4001bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
4651f70.248c: 00007ffc4001c000-00007ffc4001efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
4661f70.248c: 00007ffc4001f000-00007ffc4008afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
4671f70.248c: 00007ffc4008b000-00007ffffffdffff 0x0001/0x0000 0x0000000
4681f70.248c: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
4691f70.248c: VirtualBox.exe: timestamp 0x59aeb9ad (rc=VINF_SUCCESS)
4701f70.248c: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
4711f70.248c: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
4721f70.248c: supR3HardNtChildPurify: Done after 563 ms and 0 fixes (loop #0).
473268c.1ae0: Log file opened: 5.1.27r117883 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa03ad700
474268c.1ae0: supR3HardenedVmProcessInit: uNtDllAddr=00007ffc3feb0000 g_uNtVerCombined=0xa03ad700
475268c.1ae0: ntdll.dll: timestamp 0xa329d3a8 (rc=VINF_SUCCESS)
476268c.1ae0: New simple heap: #1 0000000000600000 LB 0x400000 (for 1945600 allocation)
4771f70.248c: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000800000 LB 0x400000)
4781f70.248c: supR3HardNtEnableThreadCreation:
479268c.1ae0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
480268c.1ae0: System32: \Device\HarddiskVolume3\Windows\System32
481268c.1ae0: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
482268c.1ae0: KnownDllPath: C:\WINDOWS\System32
483268c.1ae0: supR3HardenedVmProcessInit: Opening vboxdrv...
484268c.1ae0: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
485268c.1ae0: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
486268c.1ae0: Registered Dll notification callback with NTDLL.
487268c.1ae0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
488268c.1ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
489268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
490268c.1ae0: supR3HardenedDllNotificationCallback: load 00007ffc3cdf0000 LB 0x00249000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
491268c.1ae0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
492268c.1ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
493268c.1ae0: supR3HardenedDllNotificationCallback: load 00007ffc3dc30000 LB 0x000ae000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
494268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
495268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3dc30000 'C:\WINDOWS\System32\KERNEL32.DLL'
496268c.1ae0: supR3HardenedDllNotificationCallback: load 00007ff7d2f20000 LB 0x0010d000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
497268c.1ae0: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
498268c.1ae0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe)
499268c.1ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
500268c.1ae0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffc3ff29ac0 pvNtTerminateThread=00007ffc3ff55df0
5011f70.248c: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 78 ms.
502268c.1ae0: \SystemRoot\System32\ntdll.dll:
503268c.1ae0: CreationTime: 2017-07-11T05:40:23.359978000Z
504268c.1ae0: LastWriteTime: 2017-07-11T05:40:23.359978000Z
505268c.1ae0: ChangeTime: 2017-08-08T20:44:40.923516000Z
506268c.1ae0: FileAttributes: 0x20
507268c.1ae0: Size: 0x1d7450
508268c.1ae0: NT Headers: 0xe0
509268c.1ae0: Timestamp: 0xa329d3a8
510268c.1ae0: Machine: 0x8664 - amd64
511268c.1ae0: Timestamp: 0xa329d3a8
512268c.1ae0: Image Version: 10.0
513268c.1ae0: SizeOfImage: 0x1db000 (1945600)
514268c.1ae0: Resource Dir: 0x170000 LB 0x69398
515268c.1ae0: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
516268c.1ae0: [Raw version resource data: 0x1700f0 LB 0x380, codepage 0x0 (reserved 0x0)]
517268c.1ae0: ProductName: Microsoft® Windows® Operating System
518268c.1ae0: ProductVersion: 10.0.15063.447
519268c.1ae0: FileVersion: 10.0.15063.447 (WinBuild.160101.0800)
520268c.1ae0: FileDescription: NT Layer DLL
521268c.1ae0: \SystemRoot\System32\kernel32.dll:
522268c.1ae0: CreationTime: 2017-07-11T05:40:23.172474500Z
523268c.1ae0: LastWriteTime: 2017-07-11T05:40:23.172474500Z
524268c.1ae0: ChangeTime: 2017-08-08T20:44:40.892265600Z
525268c.1ae0: FileAttributes: 0x20
526268c.1ae0: Size: 0xad068
527268c.1ae0: NT Headers: 0xf8
528268c.1ae0: Timestamp: 0xf5fa43df
529268c.1ae0: Machine: 0x8664 - amd64
530268c.1ae0: Timestamp: 0xf5fa43df
531268c.1ae0: Image Version: 10.0
532268c.1ae0: SizeOfImage: 0xae000 (712704)
533268c.1ae0: Resource Dir: 0xac000 LB 0x520
534268c.1ae0: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
535268c.1ae0: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
536268c.1ae0: ProductName: Microsoft® Windows® Operating System
537268c.1ae0: ProductVersion: 10.0.15063.296
538268c.1ae0: FileVersion: 10.0.15063.296 (WinBuild.160101.0800)
539268c.1ae0: FileDescription: Windows NT BASE API Client DLL
540268c.1ae0: \SystemRoot\System32\KernelBase.dll:
541268c.1ae0: CreationTime: 2017-08-08T20:29:08.051761800Z
542268c.1ae0: LastWriteTime: 2017-08-08T20:29:08.067386700Z
543268c.1ae0: ChangeTime: 2017-08-08T20:44:40.907890800Z
544268c.1ae0: FileAttributes: 0x20
545268c.1ae0: Size: 0x249df0
546268c.1ae0: NT Headers: 0x100
547268c.1ae0: Timestamp: 0x5405b5
548268c.1ae0: Machine: 0x8664 - amd64
549268c.1ae0: Timestamp: 0x5405b5
550268c.1ae0: Image Version: 10.0
551268c.1ae0: SizeOfImage: 0x249000 (2396160)
552268c.1ae0: Resource Dir: 0x22a000 LB 0x548
553268c.1ae0: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
554268c.1ae0: [Raw version resource data: 0x22a0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
555268c.1ae0: ProductName: Microsoft® Windows® Operating System
556268c.1ae0: ProductVersion: 10.0.15063.502
557268c.1ae0: FileVersion: 10.0.15063.502 (WinBuild.160101.0800)
558268c.1ae0: FileDescription: Windows NT BASE API Client DLL
559268c.1ae0: \SystemRoot\System32\apisetschema.dll:
560268c.1ae0: CreationTime: 2017-03-18T20:57:35.373527900Z
561268c.1ae0: LastWriteTime: 2017-03-18T20:57:35.373527900Z
562268c.1ae0: ChangeTime: 2017-08-08T20:09:52.521843600Z
563268c.1ae0: FileAttributes: 0x20
564268c.1ae0: Size: 0x1ada0
565268c.1ae0: NT Headers: 0xc0
566268c.1ae0: Timestamp: 0x76544b2
567268c.1ae0: Machine: 0x8664 - amd64
568268c.1ae0: Timestamp: 0x76544b2
569268c.1ae0: Image Version: 10.0
570268c.1ae0: SizeOfImage: 0x1b000 (110592)
571268c.1ae0: Resource Dir: 0x1a000 LB 0x408
572268c.1ae0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
573268c.1ae0: [Raw version resource data: 0x1a060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
574268c.1ae0: ProductName: Microsoft® Windows® Operating System
575268c.1ae0: ProductVersion: 10.0.15063.0
576268c.1ae0: FileVersion: 10.0.15063.0 (WinBuild.160101.0800)
577268c.1ae0: FileDescription: ApiSet Schema DLL
578268c.1ae0: NtOpenDirectoryObject failed on \Driver: 0xc0000022
579268c.1ae0: supR3HardenedWinFindAdversaries: 0x80
580268c.1ae0: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
581268c.1ae0: CreationTime: 2015-11-11T15:00:21.407446400Z
582268c.1ae0: LastWriteTime: 2017-09-13T13:47:46.400077500Z
583268c.1ae0: ChangeTime: 2017-09-13T13:47:46.400077500Z
584268c.1ae0: FileAttributes: 0x20
585268c.1ae0: Size: 0x3dfa0
586268c.1ae0: NT Headers: 0x100
587268c.1ae0: Timestamp: 0x5931ce89
588268c.1ae0: Machine: 0x8664 - amd64
589268c.1ae0: Timestamp: 0x5931ce89
590268c.1ae0: Image Version: 6.3
591268c.1ae0: SizeOfImage: 0x40000 (262144)
592268c.1ae0: Resource Dir: 0x3e000 LB 0x3b8
593268c.1ae0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
594268c.1ae0: [Raw version resource data: 0x3e060 LB 0x358, codepage 0x0 (reserved 0x0)]
595268c.1ae0: ProductName: Malwarebytes SwissArmy
596268c.1ae0: ProductVersion: 4.2.0.119
597268c.1ae0: FileVersion: 4.2.0.119
598268c.1ae0: FileDescription: Malwarebytes SwissArmy
599268c.1ae0: \SystemRoot\System32\drivers\mwac.sys:
600268c.1ae0: CreationTime: 2017-07-24T15:41:05.576400700Z
601268c.1ae0: LastWriteTime: 2017-07-26T16:26:57.545593600Z
602268c.1ae0: ChangeTime: 2017-08-08T17:47:08.075745000Z
603268c.1ae0: FileAttributes: 0x20
604268c.1ae0: Size: 0x16da0
605268c.1ae0: NT Headers: 0xf8
606268c.1ae0: Timestamp: 0x5949610f
607268c.1ae0: Machine: 0x8664 - amd64
608268c.1ae0: Timestamp: 0x5949610f
609268c.1ae0: Image Version: 6.3
610268c.1ae0: SizeOfImage: 0x19000 (102400)
611268c.1ae0: Resource Dir: 0x17000 LB 0x3a8
612268c.1ae0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
613268c.1ae0: [Raw version resource data: 0x17060 LB 0x348, codepage 0x0 (reserved 0x0)]
614268c.1ae0: ProductName: Malwarebytes Web Protection
615268c.1ae0: ProductVersion: 3.0.0.152
616268c.1ae0: FileVersion: 3.0.0.152
617268c.1ae0: FileDescription: Malwarebytes Web Protection
618268c.1ae0: \SystemRoot\System32\drivers\mbamchameleon.sys:
619268c.1ae0: CreationTime: 2017-07-24T15:41:13.272329600Z
620268c.1ae0: LastWriteTime: 2017-07-24T15:46:47.473770100Z
621268c.1ae0: ChangeTime: 2017-08-08T17:47:08.075745000Z
622268c.1ae0: FileAttributes: 0x20
623268c.1ae0: Size: 0x2dfc0
624268c.1ae0: NT Headers: 0xf8
625268c.1ae0: Timestamp: 0x5952a24e
626268c.1ae0: Machine: 0x8664 - amd64
627268c.1ae0: Timestamp: 0x5952a24e
628268c.1ae0: Image Version: 6.3
629268c.1ae0: SizeOfImage: 0x31000 (200704)
630268c.1ae0: Resource Dir: 0x2f000 LB 0x3b8
631268c.1ae0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
632268c.1ae0: [Raw version resource data: 0x2f060 LB 0x358, codepage 0x0 (reserved 0x0)]
633268c.1ae0: ProductName: Malwarebytes Chameleon
634268c.1ae0: ProductVersion: 3.0.0.169
635268c.1ae0: FileVersion: 3.0.0.169
636268c.1ae0: FileDescription: Malwarebytes Chameleon
637268c.1ae0: \SystemRoot\System32\drivers\mbam.sys:
638268c.1ae0: CreationTime: 2015-11-11T15:00:05.034972300Z
639268c.1ae0: LastWriteTime: 2017-08-06T16:55:11.225851300Z
640268c.1ae0: ChangeTime: 2017-08-08T17:47:08.075745000Z
641268c.1ae0: FileAttributes: 0x20
642268c.1ae0: Size: 0xb1a0
643268c.1ae0: NT Headers: 0xf0
644268c.1ae0: Timestamp: 0x59380d32
645268c.1ae0: Machine: 0x8664 - amd64
646268c.1ae0: Timestamp: 0x59380d32
647268c.1ae0: Image Version: 6.3
648268c.1ae0: SizeOfImage: 0xd000 (53248)
649268c.1ae0: Resource Dir: 0xb000 LB 0x3c0
650268c.1ae0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
651268c.1ae0: [Raw version resource data: 0xb060 LB 0x360, codepage 0x0 (reserved 0x0)]
652268c.1ae0: ProductName: Malwarebytes Real-Time Protection
653268c.1ae0: ProductVersion: 3.0.0.101
654268c.1ae0: FileVersion: 3.0.0.101
655268c.1ae0: FileDescription: Malwarebytes Real-Time Protection
656268c.1ae0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
657268c.1ae0: Calling main()
658268c.1ae0: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
659268c.1ae0: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
660268c.1ae0: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
661268c.1ae0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe)
662268c.1ae0: SUPR3HardenedMain: Final process, opening VBoxDrv...
663268c.1ae0: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000600000 LB 0x400000)
664268c.1ae0: supR3HardNtEnableThreadCreation:
665268c.1ae0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
666268c.1ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
667268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
668268c.1ae0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
669268c.1ae0: supR3HardenedDllNotificationCallback: load 00007ffc2fe30000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
670268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
671268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
672268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
673268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc2fe30000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
674268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
675268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
676268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc2fe30000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
677268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc2fe30000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
678268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
679268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
680268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
681268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
682268c.1ae0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wintrust.dll)
683268c.1ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wintrust.dll
684268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
685268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
686268c.1ae0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll)
687268c.1ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
688268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
689268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
690268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'msasn1.dll'.
691268c.1ae0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\crypt32.dll)
692268c.1ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\crypt32.dll
693268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
694268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
695268c.1ae0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msasn1.dll)
696268c.1ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msasn1.dll
697268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
698268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
699268c.1ae0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcrt.dll)
700268c.1ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
701268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
702268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
703268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
704268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
705268c.1ae0: supR3HardenedDllNotificationCallback: load 00007ffc3f7c0000 LB 0x0009d000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0]
706268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
707268c.1ae0: supR3HardenedDllNotificationCallback: load 00007ffc3c3b0000 LB 0x00011000 C:\WINDOWS\System32\MSASN1.dll [fFlags=0x0]
708268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
709268c.1ae0: supR3HardenedDllNotificationCallback: load 00007ffc3c3d0000 LB 0x000f6000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0]
710268c.1ae0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ucrtbase.dll)
711268c.1ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ucrtbase.dll
712268c.1ae0: supR3HardenedDllNotificationCallback: load 00007ffc3d0f0000 LB 0x001c9000 C:\WINDOWS\System32\CRYPT32.dll [fFlags=0x0]
713268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
714268c.1ae0: supR3HardenedDllNotificationCallback: load 00007ffc3fac0000 LB 0x00125000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
715268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
716268c.1ae0: supR3HardenedDllNotificationCallback: load 00007ffc3f170000 LB 0x00059000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
717268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
718268c.1ae0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\sechost.dll)
719268c.1ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sechost.dll
720268c.1ae0: supR3HardenedDllNotificationCallback: load 00007ffc3f860000 LB 0x000a1000 C:\WINDOWS\System32\advapi32.dll [fFlags=0x0]
721268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
722268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'sechost.dll'.
723268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
724268c.1ae0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\advapi32.dll)
725268c.1ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\advapi32.dll
726268c.1ae0: supR3HardenedDllNotificationCallback: load 00007ffc3d090000 LB 0x00056000 C:\WINDOWS\System32\Wintrust.dll [fFlags=0x0]
727268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
728268c.1ae0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
729268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
730268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3cdf0000 'api-ms-win-core-synch-l1-2-0'
731268c.1ae0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
732268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
733268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3cdf0000 'api-ms-win-core-fibers-l1-1-1'
734268c.1ae0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
735268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
736268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3cdf0000 'api-ms-win-core-fibers-l1-1-1'
737268c.1ae0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
738268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
739268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3cdf0000 'api-ms-win-core-synch-l1-2-0'
740268c.1ae0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
741268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
742268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3cdf0000 'api-ms-win-core-localization-l1-2-1'
743268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d090000 'C:\WINDOWS\system32\Wintrust.dll'
744268c.1ae0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcrypt.dll)
745268c.1ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
746268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
747268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
748268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
749268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
750268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume3\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
751268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\sechost.dll [lacks WinVerifyTrust]
752268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
753268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
754268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
755268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
756268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
757268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
758268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
759268c.1ae0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
760268c.1ae0: supR3HardenedDllNotificationCallback: load 00007ffc3c1f0000 LB 0x00025000 C:\WINDOWS\system32\bcrypt.dll [fFlags=0x0]
761268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
762268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3c1f0000 'C:\WINDOWS\system32\bcrypt.dll'
763268c.1ae0: bcrypt.dll loaded at 00007ffc3c1f0000, BCryptOpenAlgorithmProvider at 00007ffc3c1f4aa0, preloading providers:
764268c.1ae0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll)
765268c.1ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
766268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
767268c.1ae0: supR3HardenedDllNotificationCallback: load 00007ffc3c4f0000 LB 0x0006a000 C:\WINDOWS\System32\bcryptprimitives.dll [fFlags=0x0]
768268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
769268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3c4f0000 'C:\WINDOWS\system32\bcryptprimitives.dll'
770268c.1ae0: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=0000000000b6eb30)
771268c.1ae0: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=0000000000b6f140)
772268c.1ae0: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=0000000000b6f410)
773268c.1ae0: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000000000b6fef0)
774268c.1ae0: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000000b701c0)
775268c.1ae0: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000000b70490)
776268c.1ae0: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000000b70760)
777268c.1ae0: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000000b70a30)
778268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
779268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
780268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d090000 'C:\Windows\System32\WINTRUST.DLL'
781268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
782268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
783268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d090000 'C:\Windows\System32\WINTRUST.DLL'
784268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
785268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
786268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d090000 'C:\Windows\System32\WINTRUST.DLL'
787268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
788268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
789268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d090000 'C:\Windows\System32\WINTRUST.DLL'
790268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
791268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
792268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d090000 'C:\Windows\System32\WINTRUST.DLL'
793268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
794268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
795268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d090000 'C:\Windows\System32\WINTRUST.DLL'
796268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
797268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
798268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d090000 'C:\Windows\System32\WINTRUST.DLL'
799268c.1ae0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptsp.dll)
800268c.1ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptsp.dll
801268c.1ae0: supR3HardenedDllNotificationCallback: load 00007ffc3bd70000 LB 0x00017000 C:\WINDOWS\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
802268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
803268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'bcrypt.dll'.
804268c.1ae0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rsaenh.dll)
805268c.1ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
806268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
807268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
808268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
809268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
810268c.1ae0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
811268c.1ae0: supR3HardenedDllNotificationCallback: load 00007ffc3b7f0000 LB 0x00034000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
812268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
813268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
814268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
815268c.1ae0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptbase.dll)
816268c.1ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptbase.dll
817268c.1ae0: supR3HardenedDllNotificationCallback: load 00007ffc3bd90000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
818268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
819268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
820268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
821268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
822268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
823268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
824268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3dc30000 'C:\WINDOWS\System32\kernel32.dll'
825268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
826268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d090000 'C:\Windows\System32\WINTRUST.DLL'
827268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
828268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
829268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\CRYPT32.dll'
830268c.1ae0: supR3HardenedDllNotificationCallback: load 00007ffc3dce0000 LB 0x0001d000 C:\WINDOWS\System32\imagehlp.dll [fFlags=0x0]
831268c.1ae0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\imagehlp.dll)
832268c.1ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imagehlp.dll
833268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
834268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
835268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
836268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
837268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
838268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'crypt32.dll'.
839268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'bcrypt.dll'.
840268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'ncrypt.dll'.
841268c.1ae0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\ngcrecovery.dll)
842268c.1ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ngcrecovery.dll
843268c.1ae0: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 00000000000001f8 (hFile=00000000000001e8) with 0xc0000022 -> STATUS_TRUST_FAILURE
844268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
845268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
846268c.1ae0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gpapi.dll)
847268c.1ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gpapi.dll
848268c.1ae0: supR3HardenedDllNotificationCallback: load 00007ffc3b110000 LB 0x00022000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0]
849268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
850268c.1ae0: supR3HardenedDllNotificationCallback: load 00007ffc3c320000 LB 0x00015000 C:\WINDOWS\System32\profapi.dll [fFlags=0x0]
851268c.1ae0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\profapi.dll)
852268c.1ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\profapi.dll
853268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
854268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
855268c.1ae0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\cryptnet.dll)
856268c.1ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptnet.dll
857268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
858268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
859268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
860268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
861268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
862268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
863268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
864268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
865268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
866268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
867268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
868268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
869268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ncrypt.dll'...
870268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ncrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\ncrypt.dll' [rcNtRedir=0xc0150008]
871268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcrypt.dll'.
872268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'ntasn1.dll'.
873268c.1ae0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ncrypt.dll)
874268c.1ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ncrypt.dll
875268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
876268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
877268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
878268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
879268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
880268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
881268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
882268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
883268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
884268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
885268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
886268c.1ae0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll)
887268c.1ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
888268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntasn1.dll'...
889268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\ntasn1.dll' [rcNtRedir=0xc0150008]
890268c.1ae0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntasn1.dll)
891268c.1ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntasn1.dll
892268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
893268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
894268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
895268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
896268c.1ae0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
897268c.1ae0: supR3HardenedDllNotificationCallback: load 00007ffc1efb0000 LB 0x0002f000 C:\WINDOWS\System32\cryptnet.dll [fFlags=0x0]
898268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
899268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
900268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
901268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1efb0000 'C:\WINDOWS\System32\cryptnet.dll'
902268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
903268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
904268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1efb0000 'C:\WINDOWS\System32\cryptnet.dll'
905268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
906268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
907268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1efb0000 'C:\WINDOWS\System32\cryptnet.dll'
908268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
909268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
910268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1efb0000 'C:\WINDOWS\System32\cryptnet.dll'
911268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
912268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
913268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1efb0000 'C:\WINDOWS\System32\cryptnet.dll'
914268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
915268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
916268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1efb0000 'C:\WINDOWS\System32\cryptnet.dll'
917268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
918268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1efb0000 'C:\WINDOWS\System32\cryptnet.dll'
919268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
920268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1efb0000 'C:\WINDOWS\System32\cryptnet.dll'
921268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
922268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1efb0000 'C:\WINDOWS\System32\cryptnet.dll'
923268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
924268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1efb0000 'C:\WINDOWS\System32\cryptnet.dll'
925268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
926268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1efb0000 'C:\WINDOWS\System32\cryptnet.dll'
927268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1efb0000 'C:\WINDOWS\System32\cryptnet.dll'
928268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
929268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1efb0000 'C:\Windows\System32\cryptnet.dll'
930268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
931268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
932268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
933268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
934268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
935268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
936268c.1ae0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
937268c.1ae0: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000be92e0
938268c.1ae0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000be92e0
939268c.1ae0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8B20614B43CC15BF412F46E920338E687B9EB4BD
940268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
941268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
942268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3fac0000 'C:\WINDOWS\System32\rpcrt4.dll'
943268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
944268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d090000 'C:\Windows\System32\WINTRUST.DLL'
945268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
946268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d090000 'C:\Windows\System32\WINTRUST.DLL'
947268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
948268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d090000 'C:\Windows\System32\WINTRUST.DLL'
949268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
950268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d090000 'C:\Windows\System32\WINTRUST.DLL'
951268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
952268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d090000 'C:\Windows\System32\WINTRUST.DLL'
953268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
954268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d090000 'C:\Windows\System32\WINTRUST.DLL'
955268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
956268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
957268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d090000 'C:\Windows\System32\WINTRUST.DLL'
958268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
959268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
960268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
961268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
962268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
963268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
964268c.1ae0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1109_for_KB4025342~31bf3856ad364e35~amd64~~10.0.1.13.cat'; file='\SystemRoot\System32\ntdll.dll'
965268c.1ae0: g_pfnWinVerifyTrust=00007ffc3d09d3e0
966268c.1ae0: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
967268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
968268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
969268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
970268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
971268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
972268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
973268c.1ae0: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\crypt32.dll'
974268c.1ae0: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
975268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
976268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
977268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
978268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
979268c.1ae0: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\wintrust.dll'
980268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
981268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
982268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
983268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
984268c.1ae0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ntasn1.dll'
985268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
986268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
987268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
988268c.1ae0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'
989268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
990268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
991268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
992268c.1ae0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ncrypt.dll'
993268c.1ae0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000394 pwszName=\Device\HarddiskVolume3\Windows\System32\cryptnet.dll
994268c.1ae0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000be92e0
995268c.1ae0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000be92e0
996268c.1ae0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=30DAE41220776EDDC1F05DDBB10EE8379CC41546
997268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
998268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
999268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
1000268c.1ae0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-CoreSystem-onecore-Package~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\cryptnet.dll'
1001268c.1ae0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1002268c.1ae0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptnet.dll'
1003268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1004268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
1005268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
1006268c.1ae0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\profapi.dll'
1007268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1008268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
1009268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
1010268c.1ae0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gpapi.dll'
1011268c.1ae0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001f4 pwszName=\Device\HarddiskVolume3\Windows\System32\ngcrecovery.dll
1012268c.1ae0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000be92e0
1013268c.1ae0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000be92e0
1014268c.1ae0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6FF31F66ACC1741364CE15D70DCEA891F87E6083
1015268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1016268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
1017268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
1018268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1019268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
1020268c.1ae0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-Security-Ngc-Package~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\ngcrecovery.dll'
1021268c.1ae0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1022268c.1ae0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ngcrecovery.dll'
1023268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1024268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
1025268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
1026268c.1ae0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imagehlp.dll'
1027268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1028268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1029268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
1030268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
1031268c.1ae0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptbase.dll'
1032268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1033268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
1034268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
1035268c.1ae0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rsaenh.dll'
1036268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
1037268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
1038268c.1ae0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptsp.dll'
1039268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
1040268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
1041268c.1ae0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll'
1042268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
1043268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
1044268c.1ae0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll'
1045268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
1046268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
1047268c.1ae0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\advapi32.dll'
1048268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
1049268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
1050268c.1ae0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\sechost.dll'
1051268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
1052268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
1053268c.1ae0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ucrtbase.dll'
1054268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
1055268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
1056268c.1ae0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll'
1057268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
1058268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
1059268c.1ae0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msasn1.dll'
1060268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
1061268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
1062268c.1ae0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll'
1063268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
1064268c.1ae0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
1065268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
1066268c.1ae0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe'
1067268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
1068268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
1069268c.1ae0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\KernelBase.dll'
1070268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
1071268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
1072268c.1ae0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\kernel32.dll'
1073268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\system32\crypt32.dll'
1074268c.1ae0: supR3HardenedWinIsDesiredRootCA: Adding 0x62d1b8d73167ab00 C=CZ, ST=Moravia, L=Brno, O=AVG Technologies cz, OU=Engineering, CN=AVG Technologies
1075268c.1ae0: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
1076268c.1ae0: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
1077268c.1ae0: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
1078268c.1ae0: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
1079268c.1ae0: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
1080268c.1ae0: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
1081268c.1ae0: supR3HardenedWinIsDesiredRootCA: Adding 0x41129c4fa282aa00 OU=generated by AVG Antivirus for SSL/TLS scanning, O=AVG Web/Mail Shield, CN=AVG Web/Mail Shield Root
1082268c.1ae0: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
1083268c.1ae0: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
1084268c.1ae0: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
1085268c.1ae0: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
1086268c.1ae0: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
1087268c.1ae0: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
1088268c.1ae0: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
1089268c.1ae0: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
1090268c.1ae0: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
1091268c.1ae0: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
1092268c.1ae0: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
1093268c.1ae0: supR3HardenedWinIsDesiredRootCA: Adding 0x1591b8ac8dcabd00 C=CN, O=WoSign CA Limited, CN=Certification Authority of WoSign
1094268c.1ae0: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
1095268c.1ae0: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
1096268c.1ae0: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
1097268c.1ae0: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
1098268c.1ae0: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
1099268c.1ae0: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
1100268c.1ae0: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
1101268c.1ae0: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
1102268c.1ae0: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
1103268c.1ae0: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
1104268c.1ae0: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
1105268c.1ae0: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
1106268c.1ae0: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
1107268c.1ae0: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
1108268c.1ae0: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
1109268c.1ae0: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
1110268c.1ae0: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
1111268c.1ae0: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
1112268c.1ae0: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
1113268c.1ae0: supR3HardenedWinIsDesiredRootCA: Adding 0xb16dd37ffeb3b300 C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1
1114268c.1ae0: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
1115268c.1ae0: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
1116268c.1ae0: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
1117268c.1ae0: supR3HardenedWinIsDesiredRootCA: Adding 0xab549401526569d3 L=Internet, O=VeriSign, Inc., OU=VeriSign Commercial Software Publishers CA
1118268c.1ae0: supR3HardenedWinIsDesiredRootCA: Adding 0x1f78fc529cbacb00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
1119268c.1ae0: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
1120268c.1ae0: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
1121268c.1ae0: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
1122268c.1ae0: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
1123268c.1ae0: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=49
1124268c.1ae0: SUPR3HardenedMain: Load Runtime...
1125268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
1126268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1127268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
1128268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
1129268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
1130268c.1ae0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
1131268c.1ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1132268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1133268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1134268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
1135268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1136268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1137268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
1138268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1139268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
1140268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
1141268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1142268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
1143268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
1144268c.1ae0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ws2_32.dll) WinVerifyTrust
1145268c.1ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
1146268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1147268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1148268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1149268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1150268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
1151268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
1152268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1153268c.1ae0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
1154268c.1ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
1155268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1156268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1157268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1158268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1159268c.1ae0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1160268c.1ae0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll)
1161268c.1ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
1162268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
1163268c.1ae0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
1164268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
1165268c.1ae0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1166268c.1ae0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
1167268c.1ae0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
1168268c.1ae0: supR3HardenedDllNotificationCallback: load 00000000627b0000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
1169268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
1170268c.1ae0: supR3HardenedDllNotificationCallback: load 0000000062890000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
1171268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
1172268c.1ae0: supR3HardenedDllNotificationCallback: load 00007ffc3d9e0000 LB 0x0006c000 C:\WINDOWS\System32\WS2_32.dll [fFlags=0x0]
1173268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
1174268c.1ae0: supR3HardenedDllNotificationCallback: load 00007ffc03540000 LB 0x0053f000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
1175268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1176268c.1ae0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1177268c.1ae0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1178268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1179268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1180268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc03540000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1181268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1182268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1183268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc03540000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1184268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1185268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1186268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc03540000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1187268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1188268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1189268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc03540000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1190268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1191268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1192268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc03540000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1193268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1194268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1195268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc03540000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1196268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc03540000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1197268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc03540000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1198268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc03540000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1199268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc03540000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1200268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc03540000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1201268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc03540000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1202268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc03540000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1203268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1204268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1205268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc03540000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1206268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc03540000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1207268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc03540000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1208268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc03540000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1209268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc03540000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1210268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc03540000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1211268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc03540000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1212268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc03540000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1213268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc03540000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1214268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc03540000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1215268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc03540000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1216268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc03540000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1217268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc03540000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1218268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc03540000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1219268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc03540000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1220268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc03540000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1221268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1222268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1223268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc03540000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1224268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc03540000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1225268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc03540000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1226268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc03540000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1227268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d090000 'C:\WINDOWS\system32\Wintrust.dll'
1228268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
1229268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
1230268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
1231268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
1232268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\system32\crypt32.dll'
1233268c.1ae0: SUPR3HardenedMain: Load TrustedMain...
1234268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
1235268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1236268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
1237268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
1238268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
1239268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
1240268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5guivbox.dll'.
1241268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5widgetsvbox.dll'.
1242268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5printsupportvbox.dll'.
1243268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
1244268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
1245268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
1246268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
1247268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
1248268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
1249268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'.
1250268c.1ae0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
1251268c.1ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.dll
1252268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1253268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1254268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
1255268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
1256268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
1257268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
1258268c.1ae0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winmm.dll) WinVerifyTrust
1259268c.1ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winmm.dll
1260268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1261268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1262268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1263268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1264268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
1265268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
1266268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
1267268c.1ae0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'.
1268268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1269268c.1ae0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winmmbase.dll)
1270268c.1ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winmmbase.dll
1271268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1272268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1273268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
1274268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
1275268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
1276268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
1277268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
1278268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
1279268c.1ae0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\oleaut32.dll) WinVerifyTrust
1280268c.1ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
1281268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1282268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1283268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1284268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1285268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1286268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1287268c.1ae0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
1288268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
1289268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'bcryptprimitives.dll'.
1290268c.1ae0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\combase.dll)
1291268c.1ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\combase.dll
1292268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
1293268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
1294268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
1295268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
1296268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
1297268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
1298268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1299268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1300268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
1301268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
1302268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'rpcrt4.dll'.
1303268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'gdi32.dll'.
1304268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'user32.dll'.
1305268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'combase.dll'.
1306268c.1ae0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ole32.dll) WinVerifyTrust
1307268c.1ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ole32.dll
1308268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1309268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1310268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1311268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1312268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [lacks WinVerifyTrust]
1313268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1314268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1315268c.1ae0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
1316268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
1317268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'gdi32.dll'.
1318268c.1ae0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\user32.dll)
1319268c.1ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\user32.dll
1320268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1321268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1322268c.1ae0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
1323268c.1ae0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32.dll)
1324268c.1ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32.dll
1325268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1326268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1327268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1328268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1329268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1330268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1331268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1332268c.1ae0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
1333268c.1ae0: '\Device\HarddiskVolume3\Windows\System32\win32u.dll' has no imports
1334268c.1ae0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\win32u.dll)
1335268c.1ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\win32u.dll
1336268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
1337268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
1338268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1339268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #67 'user32.dll'.
1340268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #69 'gdi32.dll'.
1341268c.1ae0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shell32.dll) WinVerifyTrust
1342268c.1ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shell32.dll
1343268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1344268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1345268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
1346268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1347268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1348268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [redoing WinVerifyTrust]
1349268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1350268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1351268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1352268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1353268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1354268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
1355268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1356268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1357268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
1358268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
1359268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
1360268c.1ae0: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\user32.dll'
1361268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
1362268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
1363268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
1364268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
1365268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
1366268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
1367268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
1368268c.1ae0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
1369268c.1ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
1370268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5printsupportvbox.dll'...
1371268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5printsupportvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5printsupportvbox.dll' [rcNtRedir=0xc0150008]
1372268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1373268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1374268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
1375268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1376268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1377268c.1ae0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'.
1378268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1379268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
1380268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
1381268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
1382268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
1383268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
1384268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
1385268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
1386268c.1ae0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll)
1387268c.1ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1388268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1389268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1390268c.1ae0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'.
1391268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
1392268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
1393268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1394268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1395268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
1396268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1397268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1398268c.1ae0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll)
1399268c.1ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1400268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1401268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1402268c.1ae0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
1403268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1404268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1405268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
1406268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
1407268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
1408268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1409268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1410268c.1ae0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll)
1411268c.1ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
1412268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1413268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1414268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
1415268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1416268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1417268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
1418268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1419268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1420268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
1421268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1422268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1423268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
1424268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1425268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1426268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
1427268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1428268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1429268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
1430268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1431268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1432268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1433268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1434268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1435268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
1436268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1437268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1438268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
1439268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1440268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1441268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
1442268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1443268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1444268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
1445268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1446268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1447268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1448268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1449268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1450268c.1ae0: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\opengl32.dll'.
1451268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1452268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
1453268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1454268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1455268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'glu32.dll'.
1456268c.1ae0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\opengl32.dll)
1457268c.1ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\opengl32.dll
1458268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1459268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1460268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
1461268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1462268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1463268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
1464268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1465268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1466268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
1467268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
1468268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
1469268c.1ae0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
1470268c.1ae0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\mpr.dll)
1471268c.1ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\mpr.dll
1472268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1473268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1474268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
1475268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1476268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1477268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
1478268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1479268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1480268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
1481268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1482268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1483268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
1484268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1485268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1486268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
1487268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
1488268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
1489268c.1ae0: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
1490268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1491268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1492268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'opengl32.dll'.
1493268c.1ae0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\glu32.dll)
1494268c.1ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\glu32.dll
1495268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1496268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1497268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1498268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1499268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1500268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
1501268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1502268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1503268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
1504268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1505268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1506268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
1507268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1508268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1509268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
1510268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1511268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1512268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
1513268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1514268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1515268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
1516268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1517268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1518268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5widgetsvbox.dll'.
1519268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
1520268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
1521268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
1522268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'comdlg32.dll'.
1523268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcr100.dll'.
1524268c.1ae0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll) WinVerifyTrust
1525268c.1ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
1526268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1527268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1528268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [redoing WinVerifyTrust]
1529268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1530268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1531268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
1532268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
1533268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume3\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
1534268c.1ae0: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\comdlg32.dll'.
1535268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1536268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'user32.dll'.
1537268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'shlwapi.dll'.
1538268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
1539268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'comctl32.dll'.
1540268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'shell32.dll'.
1541268c.1ae0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\comdlg32.dll)
1542268c.1ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\comdlg32.dll
1543268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
1544268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume3\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
1545268c.1ae0: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\winspool.drv'.
1546268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1547268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'bcrypt.dll'.
1548268c.1ae0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\winspool.drv)
1549268c.1ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winspool.drv
1550268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1551268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1552268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
1553268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1554268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1555268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
1556268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1557268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1558268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust]
1559268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1560268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1561268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
1562268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1563268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1564268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1565268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
1566268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
1567268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
1568268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1569268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1570268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1571268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1572268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
1573268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
1574268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
1575268c.1ae0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\comctl32.dll'.
1576268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
1577268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1578268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1579268c.1ae0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\comctl32.dll)
1580268c.1ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\comctl32.dll
1581268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1582268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1583268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1584268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1585268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1586268c.1ae0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'.
1587268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1588268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'gdi32.dll'.
1589268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'user32.dll'.
1590268c.1ae0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shlwapi.dll)
1591268c.1ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
1592268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1593268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1594268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1595268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1596268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1597268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1598268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1599268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1600268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1601268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1602268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1603268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1604268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1605268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1606268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1607268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1608268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1609268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1610268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
1611268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
1612268c.1ae0: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'
1613268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1614268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1615268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust]
1616268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
1617268c.1ae0: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'
1618268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1619268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1620268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust]
1621268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
1622268c.1ae0: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'
1623268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1624268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1625268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [redoing WinVerifyTrust]
1626268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
1627268c.1ae0: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'
1628268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1629268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1630268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
1631268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1632268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1633268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1634268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1635268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
1636268c.1ae0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000478 pwszName=\Device\HarddiskVolume3\Windows\System32\opengl32.dll
1637268c.1ae0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000be92e0
1638268c.1ae0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000be92e0
1639268c.1ae0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3C84CAE716539BA897604EBDDBAB05F52E4868A0
1640268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
1641268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
1642268c.1ae0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecoreuap~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\opengl32.dll'
1643268c.1ae0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1644268c.1ae0: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\opengl32.dll'
1645268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
1646268c.1ae0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.dll
1647268c.1ae0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
1648268c.1ae0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1649268c.1ae0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1650268c.1ae0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
1651268c.1ae0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
1652268c.1ae0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
1653268c.1ae0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
1654268c.1ae0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
1655268c.1ae0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
1656268c.1ae0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
1657268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
1658268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1659268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1660268c.1ae0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_0e0f5dcc67adff4e\comctl32.dll)
1661268c.1ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_0e0f5dcc67adff4e\comctl32.dll
1662268c.1ae0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
1663268c.1ae0: supR3HardenedDllNotificationCallback: load 00007ffc3c4d0000 LB 0x0001e000 C:\WINDOWS\System32\win32u.dll [fFlags=0x0]
1664268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [avoiding WinVerifyTrust]
1665268c.1ae0: supR3HardenedDllNotificationCallback: load 00007ffc3d2c0000 LB 0x0009a000 C:\WINDOWS\System32\msvcp_win.dll [fFlags=0x0]
1666268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
1667268c.1ae0: supR3HardenedDllNotificationCallback: load 00007ffc3c560000 LB 0x00188000 C:\WINDOWS\System32\gdi32full.dll [fFlags=0x0]
1668268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
1669268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'gdi32.dll'.
1670268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'user32.dll'.
1671268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'win32u.dll'.
1672268c.1ae0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32full.dll)
1673268c.1ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32full.dll
1674268c.1ae0: supR3HardenedDllNotificationCallback: load 00007ffc3dd00000 LB 0x00027000 C:\WINDOWS\System32\GDI32.dll [fFlags=0x0]
1675268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [avoiding WinVerifyTrust]
1676268c.1ae0: supR3HardenedDllNotificationCallback: load 00007ffc3f910000 LB 0x0014a000 C:\WINDOWS\System32\USER32.dll [fFlags=0x0]
1677268c.1ae0: supR3HardenedDllNotificationCallback: load 00007ffc17060000 LB 0x0002c000 C:\WINDOWS\SYSTEM32\GLU32.dll [fFlags=0x0]
1678268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
1679268c.1ae0: supR3HardenedDllNotificationCallback: load 00007ffc12520000 LB 0x00121000 C:\WINDOWS\SYSTEM32\OPENGL32.dll [fFlags=0x0]
1680268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
1681268c.1ae0: supR3HardenedDllNotificationCallback: load 00007ffc3d040000 LB 0x00049000 C:\WINDOWS\System32\cfgmgr32.dll [fFlags=0x0]
1682268c.1ae0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll)
1683268c.1ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
1684268c.1ae0: supR3HardenedDllNotificationCallback: load 00007ffc3d4e0000 LB 0x002f9000 C:\WINDOWS\System32\combase.dll [fFlags=0x0]
1685268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [avoiding WinVerifyTrust]
1686268c.1ae0: supR3HardenedDllNotificationCallback: load 00007ffc3d930000 LB 0x000aa000 C:\WINDOWS\System32\shcore.dll [fFlags=0x0]
1687268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1688268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'rpcrt4.dll'.
1689268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'combase.dll'.
1690268c.1ae0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\SHCore.dll)
1691268c.1ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\SHCore.dll
1692268c.1ae0: supR3HardenedDllNotificationCallback: load 00007ffc3f1d0000 LB 0x00051000 C:\WINDOWS\System32\shlwapi.dll [fFlags=0x0]
1693268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll [avoiding WinVerifyTrust]
1694268c.1ae0: supR3HardenedDllNotificationCallback: load 00007ffc3c390000 LB 0x00011000 C:\WINDOWS\System32\kernel.appcore.dll [fFlags=0x0]
1695268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'.
1696268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
1697268c.1ae0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll)
1698268c.1ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll
1699268c.1ae0: supR3HardenedDllNotificationCallback: load 00007ffc3c340000 LB 0x0004c000 C:\WINDOWS\System32\powrprof.dll [fFlags=0x0]
1700268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
1701268c.1ae0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\powrprof.dll)
1702268c.1ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\powrprof.dll
1703268c.1ae0: supR3HardenedDllNotificationCallback: load 00007ffc3c6f0000 LB 0x006f3000 C:\WINDOWS\System32\windows.storage.dll [fFlags=0x0]
1704268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1705268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
1706268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #50 'combase.dll'.
1707268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #63 'profapi.dll'.
1708268c.1ae0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\windows.storage.dll)
1709268c.1ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\windows.storage.dll
1710268c.1ae0: supR3HardenedDllNotificationCallback: load 00007ffc3dd30000 LB 0x01437000 C:\WINDOWS\System32\SHELL32.dll [fFlags=0x0]
1711268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
1712268c.1ae0: supR3HardenedDllNotificationCallback: load 00007ffc3f230000 LB 0x00145000 C:\WINDOWS\System32\ole32.dll [fFlags=0x0]
1713268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
1714268c.1ae0: supR3HardenedDllNotificationCallback: load 00007ffc2e6c0000 LB 0x0001b000 C:\WINDOWS\SYSTEM32\MPR.dll [fFlags=0x0]
1715268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
1716268c.1ae0: supR3HardenedDllNotificationCallback: load 0000000060d30000 LB 0x00565000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
1717268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1718268c.1ae0: supR3HardenedDllNotificationCallback: load 00007ffc02650000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
1719268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1720268c.1ae0: supR3HardenedDllNotificationCallback: load 00000000612a0000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
1721268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
1722268c.1ae0: supR3HardenedDllNotificationCallback: load 00007ffc30fe0000 LB 0x0008a000 C:\WINDOWS\SYSTEM32\WINSPOOL.DRV [fFlags=0x0]
1723268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
1724268c.1ae0: supR3HardenedDllNotificationCallback: load 00007ffc2e580000 LB 0x000a6000 C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_0e0f5dcc67adff4e\COMCTL32.dll [fFlags=0x0]
1725268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_0e0f5dcc67adff4e\comctl32.dll [avoiding WinVerifyTrust]
1726268c.1ae0: supR3HardenedDllNotificationCallback: load 00007ffc3fbf0000 LB 0x00108000 C:\WINDOWS\System32\COMDLG32.dll [fFlags=0x0]
1727268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\comdlg32.dll [avoiding WinVerifyTrust]
1728268c.1ae0: supR3HardenedDllNotificationCallback: load 00007ffc16f10000 LB 0x00051000 C:\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll [fFlags=0x0]
1729268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
1730268c.1ae0: supR3HardenedDllNotificationCallback: load 0000000062750000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
1731268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
1732268c.1ae0: supR3HardenedDllNotificationCallback: load 00007ffc3d420000 LB 0x000c0000 C:\WINDOWS\System32\OLEAUT32.dll [fFlags=0x0]
1733268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
1734268c.1ae0: supR3HardenedDllNotificationCallback: load 00007ffc3a670000 LB 0x0002b000 C:\WINDOWS\SYSTEM32\WINMMBASE.dll [fFlags=0x0]
1735268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
1736268c.1ae0: supR3HardenedDllNotificationCallback: load 00007ffc3a6d0000 LB 0x00023000 C:\WINDOWS\SYSTEM32\WINMM.dll [fFlags=0x0]
1737268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
1738268c.1ae0: supR3HardenedDllNotificationCallback: load 00007ffc02c50000 LB 0x008eb000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
1739268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.dll
1740268c.1ae0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'.
1741268c.1ae0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' [rescheduled]
1742268c.1ae0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'.
1743268c.1ae0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled]
1744268c.1ae0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'.
1745268c.1ae0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll' [rescheduled]
1746268c.1ae0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'.
1747268c.1ae0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' [rescheduled]
1748268c.1ae0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'.
1749268c.1ae0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rescheduled]
1750268c.1ae0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
1751268c.1ae0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
1752268c.1ae0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_0e0f5dcc67adff4e\comctl32.dll'.
1753268c.1ae0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_0e0f5dcc67adff4e\comctl32.dll' [rescheduled]
1754268c.1ae0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'.
1755268c.1ae0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rescheduled]
1756268c.1ae0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\comctl32.dll'.
1757268c.1ae0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\comctl32.dll' [rescheduled]
1758268c.1ae0: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\winspool.drv'.
1759268c.1ae0: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winspool.drv' [rescheduled]
1760268c.1ae0: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\comdlg32.dll'.
1761268c.1ae0: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\comdlg32.dll' [rescheduled]
1762268c.1ae0: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
1763268c.1ae0: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
1764268c.1ae0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
1765268c.1ae0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
1766268c.1ae0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
1767268c.1ae0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
1768268c.1ae0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
1769268c.1ae0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
1770268c.1ae0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
1771268c.1ae0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
1772268c.1ae0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'.
1773268c.1ae0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled]
1774268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
1775268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
1776268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
1777268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\profapi.dll
1778268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1779268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1780268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [redoing WinVerifyTrust]
1781268c.1ae0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
1782268c.1ae0: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\combase.dll
1783268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1784268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1785268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1786268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1787268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1788268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1789268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1790268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1791268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1792268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1793268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1794268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1795268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [redoing WinVerifyTrust]
1796268c.1ae0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
1797268c.1ae0: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\combase.dll
1798268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1799268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1800268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1801268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1802268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1803268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1804268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [redoing WinVerifyTrust]
1805268c.1ae0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
1806268c.1ae0: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\win32u.dll
1807268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1808268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1809268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1810268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1811268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
1812268c.1ae0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
1813268c.1ae0: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\gdi32.dll
1814268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
1815268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
1816268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
1817268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1818268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1819268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1820268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1821268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
1822268c.1ae0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
1823268c.1ae0: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\gdi32.dll
1824268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1825268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1826268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
1827268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1828268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3dc30000 'C:\WINDOWS\System32\kernel32.dll'
1829268c.1ae0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
1830268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1831268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3cdf0000 'api-ms-win-core-string-l1-1-0'
1832268c.1ae0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
1833268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1834268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3cdf0000 'api-ms-win-core-datetime-l1-1-1'
1835268c.1ae0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
1836268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1837268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3cdf0000 'api-ms-win-core-localization-obsolete-l1-2-0'
1838268c.1ae0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
1839268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
1840268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'win32u.dll'.
1841268c.1ae0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\imm32.dll)
1842268c.1ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imm32.dll
1843268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1844268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1845268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [redoing WinVerifyTrust]
1846268c.1ae0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
1847268c.1ae0: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\win32u.dll
1848268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1849268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1850268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
1851268c.1ae0: supR3HardenedDllNotificationCallback: load 00007ffc3d860000 LB 0x0002d000 C:\WINDOWS\System32\IMM32.DLL [fFlags=0x0]
1852268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
1853268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d860000 'C:\WINDOWS\system32\IMM32.DLL'
1854268c.1ae0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
1855268c.1ae0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rescheduled]
1856268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [redoing WinVerifyTrust]
1857268c.1ae0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
1858268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\imm32.dll
1859268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1860268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d860000 'C:\WINDOWS\System32\imm32.dll'
1861268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
1862268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1863268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3f860000 'C:\WINDOWS\System32\ADVAPI32.DLL'
1864268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc02c50000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
1865268c.1ae0: SUPR3HardenedMain: Calling TrustedMain (00007ffc02c51610)...
1866268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
1867268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1868268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
1869268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1870268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
1871268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
1872268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
1873268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
1874268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
1875268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
1876268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
1877268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
1878268c.1ae0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
1879268c.1ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
1880268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1881268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1882268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1883268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1884268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1885268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1886268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1887268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1888268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1889268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1890268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
1891268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1892268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1893268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
1894268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1895268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1896268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
1897268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1898268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1899268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
1900268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
1901268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
1902268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [redoing WinVerifyTrust]
1903268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
1904268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
1905268c.1ae0: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll'
1906268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1907268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1908268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
1909268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1910268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1911268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
1912268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1913268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1914268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
1915268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
1916268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
1917268c.1ae0: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'
1918268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1919268c.1ae0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
1920268c.1ae0: supR3HardenedDllNotificationCallback: load 00007ffc0f6f0000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
1921268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
1922268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc0f6f0000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
1923268c.1ae0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000670 pwszName=\Device\HarddiskVolume3\Windows\System32\uxtheme.dll
1924268c.1ae0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000be92e0
1925268c.1ae0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000be92e0
1926268c.1ae0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B531FF2B0DDEF1474B5898F2B0278778FD6901AD
1927268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
1928268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
1929268c.1ae0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-shell~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\uxtheme.dll'
1930268c.1ae0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1931268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1932268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'gdi32.dll'.
1933268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'user32.dll'.
1934268c.1ae0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\uxtheme.dll) WinVerifyTrust
1935268c.1ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
1936268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1937268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1938268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1939268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1940268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1941268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1942268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
1943268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
1944268c.1ae0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
1945268c.1ae0: supR3HardenedDllNotificationCallback: load 00007ffc3aa30000 LB 0x00095000 C:\WINDOWS\system32\uxtheme.dll [fFlags=0x0]
1946268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
1947268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3aa30000 'C:\WINDOWS\system32\uxtheme.dll'
1948268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3f910000 'C:\WINDOWS\system32\user32.dll'
1949268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
1950268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1951268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3dd30000 'C:\WINDOWS\system32\shell32.dll'
1952268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll [redoing WinVerifyTrust]
1953268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
1954268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
1955268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'
1956268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\SHCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1957268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d930000 'C:\WINDOWS\system32\SHCore.dll'
1958268c.1ae0: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll; rcNtGetDll=0x0
1959268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\system32\wintab32.dll'
1960268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1961268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'win32u.dll'.
1962268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'user32.dll'.
1963268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'gdi32.dll'.
1964268c.1ae0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dwmapi.dll)
1965268c.1ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dwmapi.dll
1966268c.1ae0: supR3HardenedDllNotificationCallback: load 00007ffc39ad0000 LB 0x0002a000 C:\WINDOWS\system32\dwmapi.dll [fFlags=0x0]
1967268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
1968268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1969268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1970268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1971268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1972268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1973268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1974268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
1975268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1976268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1977268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
1978268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
1979268c.1ae0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dwmapi.dll'
1980268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
1981268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1982268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\system32\winmm.dll'
1983268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
1984268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1985268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\system32\winmm.dll'
1986268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
1987268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1988268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3dd30000 'C:\WINDOWS\system32\shell32.dll'
1989268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
1990268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1991268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3aa30000 'C:\WINDOWS\system32\uxtheme.dll'
1992268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
1993268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1994268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3f860000 'C:\WINDOWS\system32\advapi32.dll'
1995268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
1996268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
1997268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
1998268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'profapi.dll'.
1999268c.1ae0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\userenv.dll) WinVerifyTrust
2000268c.1ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\userenv.dll
2001268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
2002268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
2003268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\profapi.dll
2004268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2005268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2006268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
2007268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2008268c.1ae0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll
2009268c.1ae0: supR3HardenedDllNotificationCallback: load 00007ffc3c220000 LB 0x00029000 C:\WINDOWS\system32\userenv.dll [fFlags=0x0]
2010268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll
2011268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3c220000 'C:\WINDOWS\system32\userenv.dll'
2012268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
2013268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2014268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3dc30000 'C:\WINDOWS\System32\kernel32.dll'
2015268c.1ae0: supR3HardenedDllNotificationCallback: load 00007ffc3d890000 LB 0x0009e000 C:\WINDOWS\System32\clbcatq.dll [fFlags=0x0]
2016268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2017268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
2018268c.1ae0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\clbcatq.dll)
2019268c.1ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\clbcatq.dll
2020268c.1810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2021268c.1810: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2022268c.1810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2023268c.1810: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2024268c.1810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
2025268c.1810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
2026268c.1810: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\clbcatq.dll'
2027268c.1810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
2028268c.1810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2029268c.1810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2030268c.1810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2031268c.1810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
2032268c.1810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
2033268c.1810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
2034268c.1810: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
2035268c.1810: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
2036268c.1810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2037268c.1810: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2038268c.1810: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
2039268c.1810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2040268c.1810: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2041268c.1810: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
2042268c.1810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2043268c.1810: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2044268c.1810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2045268c.1810: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2046268c.1810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2047268c.1810: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2048268c.1810: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
2049268c.1810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2050268c.1810: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2051268c.1810: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2052268c.1810: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
2053268c.1810: supR3HardenedDllNotificationCallback: load 00007ffc02150000 LB 0x004f7000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
2054268c.1810: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
2055268c.1810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc02150000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
2056268c.1810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
2057268c.1810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2058268c.1810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2059268c.1810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
2060268c.1810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
2061268c.1810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
2062268c.1810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
2063268c.1810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
2064268c.1810: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
2065268c.1810: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
2066268c.1810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2067268c.1810: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2068268c.1810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2069268c.1810: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2070268c.1810: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
2071268c.1810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2072268c.1810: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2073268c.1810: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
2074268c.1810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
2075268c.1810: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
2076268c.1810: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll [redoing WinVerifyTrust]
2077268c.1810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
2078268c.1810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
2079268c.1810: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'
2080268c.1810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2081268c.1810: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2082268c.1810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2083268c.1810: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2084268c.1810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2085268c.1810: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2086268c.1810: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2087268c.1810: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
2088268c.1810: supR3HardenedDllNotificationCallback: load 00007ffc16e10000 LB 0x000b5000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
2089268c.1810: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
2090268c.1810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc16e10000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
2091268c.1810: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
2092268c.1810: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2093268c.1810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d420000 'C:\Windows\System32\oleaut32.dll'
2094268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll
2095268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\gdi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2096268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3dd00000 'C:\WINDOWS\system32\gdi32.dll'
2097268c.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
2098268c.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
2099268c.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
2100268c.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2101268c.1b3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2102268c.1b3c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll) WinVerifyTrust
2103268c.1b3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
2104268c.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2105268c.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2106268c.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2107268c.1b3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2108268c.1b3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2109268c.1b3c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
2110268c.1b3c: supR3HardenedDllNotificationCallback: load 00007ffc2fd50000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL [fFlags=0x0]
2111268c.1b3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
2112268c.1b3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc2fd50000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL'
2113268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
2114268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2115268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3dd30000 'C:\WINDOWS\system32\shell32.dll'
2116268c.1ae0: supR3HardenedDllNotificationCallback: load 00007ffc3da50000 LB 0x00166000 C:\WINDOWS\System32\MSCTF.dll [fFlags=0x0]
2117268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2118268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'oleaut32.dll'.
2119268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'user32.dll'.
2120268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'gdi32.dll'.
2121268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'imm32.dll'.
2122268c.1ae0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msctf.dll)
2123268c.1ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msctf.dll
2124268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
2125268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
2126268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
2127268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll
2128268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2129268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2130268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2131268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2132268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2133268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2134268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
2135268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2136268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2137268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2138268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
2139268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
2140268c.1ae0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msctf.dll'
2141268c.1ae0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a28 pwszName=\Device\HarddiskVolume3\Windows\System32\DataExchange.dll
2142268c.1ae0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000be92e0
2143268c.1ae0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000be92e0
2144268c.1ae0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=61683FE342024A9B1FED0572E599EB6BBE8FAFAD
2145268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
2146268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
2147268c.1ae0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecoreuap~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\DataExchange.dll'
2148268c.1ae0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2149268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2150268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shcore.dll'.
2151268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'combase.dll'.
2152268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'd3d11.dll'.
2153268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'dcomp.dll'.
2154268c.1ae0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\DataExchange.dll) WinVerifyTrust
2155268c.1ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\DataExchange.dll
2156268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'...
2157268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume3\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008]
2158268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
2159268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
2160268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
2161268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
2162268c.1ae0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dcomp.dll) WinVerifyTrust
2163268c.1ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dcomp.dll
2164268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
2165268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume3\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
2166268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2167268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2168268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
2169268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
2170268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
2171268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
2172268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
2173268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2174268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'dxgi.dll'.
2175268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'win32u.dll'.
2176268c.1ae0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\d3d11.dll) WinVerifyTrust
2177268c.1ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\d3d11.dll
2178268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
2179268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
2180268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [redoing WinVerifyTrust]
2181268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
2182268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
2183268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
2184268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
2185268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume3\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
2186268c.1ae0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\dxgi.dll'.
2187268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2188268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'win32u.dll'.
2189268c.1ae0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dxgi.dll)
2190268c.1ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dxgi.dll
2191268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2192268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2193268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
2194268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
2195268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
2196268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2197268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2198268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
2199268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
2200268c.1ae0: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\combase.dll'
2201268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
2202268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume3\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
2203268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll
2204268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2205268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2206268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2207268c.1ae0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DataExchange.dll
2208268c.1ae0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d11.dll
2209268c.1ae0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dcomp.dll
2210268c.1ae0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
2211268c.1ae0: supR3HardenedDllNotificationCallback: load 00007ffc3b190000 LB 0x000a4000 C:\WINDOWS\system32\dxgi.dll [fFlags=0x0]
2212268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
2213268c.1ae0: supR3HardenedDllNotificationCallback: load 00007ffc396e0000 LB 0x002df000 C:\WINDOWS\system32\d3d11.dll [fFlags=0x0]
2214268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d11.dll
2215268c.1ae0: supR3HardenedDllNotificationCallback: load 00007ffc3a250000 LB 0x00122000 C:\WINDOWS\system32\dcomp.dll [fFlags=0x0]
2216268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dcomp.dll
2217268c.1ae0: supR3HardenedDllNotificationCallback: load 00007ffc21d10000 LB 0x00047000 C:\WINDOWS\system32\dataexchange.dll [fFlags=0x0]
2218268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DataExchange.dll
2219268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc21d10000 'C:\WINDOWS\system32\dataexchange.dll'
2220268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
2221268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
2222268c.1ae0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dxgi.dll'
2223268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2224268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
2225268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'bcrypt.dll'.
2226268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'combase.dll'.
2227268c.1ae0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll)
2228268c.1ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll
2229268c.1ae0: supR3HardenedDllNotificationCallback: load 00007ffc3aca0000 LB 0x00170000 C:\WINDOWS\system32\twinapi.appcore.dll [fFlags=0x0]
2230268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust]
2231268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2232268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'coreuicomponents.dll'.
2233268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'coremessaging.dll'.
2234268c.1ae0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll)
2235268c.1ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll
2236268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2237268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'coremessaging.dll'.
2238268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'shcore.dll'.
2239268c.1ae0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll)
2240268c.1ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll
2241268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2242268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'.
2243268c.1ae0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll)
2244268c.1ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll
2245268c.1ae0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntmarta.dll)
2246268c.1ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntmarta.dll
2247268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'combase.dll'.
2248268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
2249268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'bcryptprimitives.dll'.
2250268c.1ae0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\WinTypes.dll)
2251268c.1ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\WinTypes.dll
2252268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2253268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
2254268c.1ae0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\usermgrcli.dll)
2255268c.1ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\usermgrcli.dll
2256268c.1ae0: supR3HardenedDllNotificationCallback: load 00007ffc3b620000 LB 0x00031000 C:\WINDOWS\SYSTEM32\ntmarta.dll [fFlags=0x0]
2257268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntmarta.dll [avoiding WinVerifyTrust]
2258268c.1ae0: supR3HardenedDllNotificationCallback: load 00007ffc399c0000 LB 0x000e3000 C:\WINDOWS\System32\CoreMessaging.dll [fFlags=0x0]
2259268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [avoiding WinVerifyTrust]
2260268c.1ae0: supR3HardenedDllNotificationCallback: load 00007ffc38b60000 LB 0x00139000 C:\WINDOWS\SYSTEM32\wintypes.dll [fFlags=0x0]
2261268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust]
2262268c.1ae0: supR3HardenedDllNotificationCallback: load 00007ffc389f0000 LB 0x00015000 C:\WINDOWS\SYSTEM32\usermgrcli.dll [fFlags=0x0]
2263268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\usermgrcli.dll [avoiding WinVerifyTrust]
2264268c.1ae0: supR3HardenedDllNotificationCallback: load 00007ffc381b0000 LB 0x002d2000 C:\WINDOWS\System32\CoreUIComponents.dll [fFlags=0x0]
2265268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll [avoiding WinVerifyTrust]
2266268c.1ae0: supR3HardenedDllNotificationCallback: load 00007ffc34e40000 LB 0x00082000 C:\WINDOWS\System32\TextInputFramework.dll [fFlags=0x0]
2267268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll [avoiding WinVerifyTrust]
2268268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2269268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2270268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2271268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2272268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
2273268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
2274268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
2275268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2276268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2277268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
2278268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
2279268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll
2280268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2281268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2282268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2283268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2284268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
2285268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume3\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
2286268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll
2287268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
2288268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume3\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
2289268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
2290268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2291268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2292268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
2293268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume3\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
2294268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
2295268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coreuicomponents.dll'...
2296268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'coreuicomponents.dll' -> '\Device\HarddiskVolume3\Windows\System32\coreuicomponents.dll' [rcNtRedir=0xc0150008]
2297268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll [lacks WinVerifyTrust]
2298268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2299268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2300268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
2301268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
2302268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll
2303268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
2304268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
2305268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
2306268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2307268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2308268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2309268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2310268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
2311268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
2312268c.1ae0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\usermgrcli.dll'
2313268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
2314268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
2315268c.1ae0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\WinTypes.dll'
2316268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
2317268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
2318268c.1ae0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ntmarta.dll'
2319268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
2320268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
2321268c.1ae0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll'
2322268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
2323268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
2324268c.1ae0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll'
2325268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
2326268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
2327268c.1ae0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll'
2328268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
2329268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
2330268c.1ae0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll'
2331268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
2332268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\OLEAUT32.DLL (Input=OLEAUT32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2333268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d420000 'C:\WINDOWS\System32\OLEAUT32.DLL'
2334268c.1ae0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll) -> 0x0, fPresent=1
2335268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2336268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3f910000 'ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll'
2337268c.1ae0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll) -> 0x0, fPresent=1
2338268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2339268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3f910000 'ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll'
2340268c.1ae0: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\System32\secruntime.dll': 0 (NtPath=\??\C:\WINDOWS\System32\secruntime.dll; Input=secruntime.dll; rcNtGetDll=0xc0000135
2341268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\System32\secruntime.dll'
2342268c.1ae0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-com-l1-1-1.dll) -> 0x0, fPresent=1
2343268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-com-l1-1-1.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2344268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d4e0000 'api-ms-win-core-com-l1-1-1.dll'
2345268c.1ae0: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\System32\secruntime.dll': 0 (NtPath=\??\C:\WINDOWS\System32\secruntime.dll; Input=secruntime.dll; rcNtGetDll=0xc0000135
2346268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\System32\secruntime.dll'
2347268c.1ae0: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\System32\secruntime.dll': 0 (NtPath=\??\C:\WINDOWS\System32\secruntime.dll; Input=secruntime.dll; rcNtGetDll=0xc0000135
2348268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\System32\secruntime.dll'
2349268c.1ae0: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\System32\secruntime.dll': 0 (NtPath=\??\C:\WINDOWS\System32\secruntime.dll; Input=secruntime.dll; rcNtGetDll=0xc0000135
2350268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\System32\secruntime.dll'
2351268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msctf.dll
2352268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2353268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3da50000 'C:\WINDOWS\System32\MSCTF.dll'
2354268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
2355268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2356268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3f230000 'C:\WINDOWS\System32\ole32.dll'
2357268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
2358268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2359268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d420000 'C:\WINDOWS\System32\OLEAUT32.dll'
2360268c.1ae0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b3c pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
2361268c.1ae0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000be92e0
2362268c.1ae0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000be92e0
2363268c.1ae0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C153C1EEAC2C5A257F8D6DAC54A4EBBA9125F07E
2364268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
2365268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
2366268c.1ae0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecore~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll'
2367268c.1ae0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2368268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2369268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
2370268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
2371268c.1ae0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
2372268c.1ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
2373268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
2374268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
2375268c.1ae0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b40 pwszName=\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
2376268c.1ae0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000be92e0
2377268c.1ae0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000be92e0
2378268c.1ae0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5C2FDDA9E0EDB4F1E87D406924BA16734871BCEF
2379268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
2380268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
2381268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2382268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
2383268c.1ae0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecore~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll'
2384268c.1ae0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2385268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2386268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'bcrypt.dll'.
2387268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'ws2_32.dll'.
2388268c.1ae0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll) WinVerifyTrust
2389268c.1ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
2390268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2391268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2392268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
2393268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2394268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2395268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2396268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2397268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
2398268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
2399268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
2400268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
2401268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2402268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2403268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2404268c.1ae0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
2405268c.1ae0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
2406268c.1ae0: supR3HardenedDllNotificationCallback: load 00007ffc33aa0000 LB 0x00082000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [fFlags=0x0]
2407268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
2408268c.1ae0: supR3HardenedDllNotificationCallback: load 00007ffc356c0000 LB 0x00010000 C:\WINDOWS\system32\wbem\wbemprox.dll [fFlags=0x0]
2409268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
2410268c.1ae0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(API-MS-Win-Core-LocalRegistry-L1-1-0.dll) -> 0x0, fPresent=1
2411268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2412268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3cdf0000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
2413268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc356c0000 'C:\WINDOWS\system32\wbem\wbemprox.dll'
2414268c.1ae0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bb8 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
2415268c.1ae0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000be92e0
2416268c.1ae0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000be92e0
2417268c.1ae0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=559C24F928E5CCE94C1894759931445FEFCE69FF
2418268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
2419268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
2420268c.1ae0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecore~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll'
2421268c.1ae0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2422268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2423268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
2424268c.1ae0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
2425268c.1ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
2426268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2427268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2428268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2429268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2430268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2431268c.1ae0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
2432268c.1ae0: supR3HardenedDllNotificationCallback: load 00007ffc32420000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [fFlags=0x0]
2433268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
2434268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc32420000 'C:\WINDOWS\system32\wbem\wbemsvc.dll'
2435268c.1ae0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-0.dll) -> 0x0, fPresent=1
2436268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2437268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3cdf0000 'api-ms-win-core-localization-l1-2-0.dll'
2438268c.1ae0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-1-0.dll) -> 0x0, fPresent=1
2439268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2440268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3cdf0000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
2441268c.1ae0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bc8 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
2442268c.1ae0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000be92e0
2443268c.1ae0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000be92e0
2444268c.1ae0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3FF6EDA0EE7AAFEFF666CD9B9BCCFAF342DB5470
2445268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
2446268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
2447268c.1ae0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecore~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll'
2448268c.1ae0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2449268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2450268c.1ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
2451268c.1ae0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
2452268c.1ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
2453268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
2454268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
2455268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
2456268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2457268c.1ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2458268c.1ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
2459268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2460268c.1ae0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
2461268c.1ae0: supR3HardenedDllNotificationCallback: load 00007ffc32c00000 LB 0x000f0000 C:\WINDOWS\system32\wbem\fastprox.dll [fFlags=0x0]
2462268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
2463268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc32c00000 'C:\WINDOWS\system32\wbem\fastprox.dll'
2464268c.1ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
2465268c.1ae0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\ole32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2466268c.1ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3f230000 'C:\WINDOWS\system32\ole32.dll'
2467268c.1cbc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
2468268c.1cbc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2469268c.1cbc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
2470268c.1cbc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2471268c.1cbc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
2472268c.1cbc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2473268c.1cbc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2474268c.1cbc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2475268c.1cbc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
2476268c.1cbc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
2477268c.1cbc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
2478268c.1cbc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
2479268c.1cbc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2480268c.1cbc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
2481268c.1cbc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
2482268c.1cbc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll
2483268c.1cbc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2484268c.1cbc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2485268c.1cbc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2486268c.1cbc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2487268c.1cbc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2488268c.1cbc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2489268c.1cbc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2490268c.1cbc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2491268c.1cbc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2492268c.1cbc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2493268c.1cbc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2494268c.1cbc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll
2495268c.1cbc: supR3HardenedDllNotificationCallback: load 0000000061e60000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
2496268c.1cbc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll
2497268c.1cbc: supR3HardenedDllNotificationCallback: load 00007ffc128e0000 LB 0x002be000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
2498268c.1cbc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2499268c.1cbc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc128e0000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
2500268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
2501268c.16b8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ad8 pwszName=\Device\HarddiskVolume3\Windows\System32\NetSetupShim.dll
2502268c.16b8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000be92e0
2503268c.16b8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000be92e0
2504268c.16b8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1E5A9ACAE97AEA2587277AEA0A8C325D8569A5A4
2505268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
2506268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
2507268c.16b8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecore~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\NetSetupShim.dll'
2508268c.16b8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2509268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
2510268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'rpcrt4.dll'.
2511268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'oleaut32.dll'.
2512268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'ws2_32.dll'.
2513268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'netsetupapi.dll'.
2514268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'setupapi.dll'.
2515268c.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\NetSetupShim.dll) WinVerifyTrust
2516268c.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\NetSetupShim.dll
2517268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2518268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2519268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
2520268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
2521268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2522268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
2523268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'cfgmgr32.dll'.
2524268c.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\setupapi.dll) WinVerifyTrust
2525268c.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\setupapi.dll
2526268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netsetupapi.dll'...
2527268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'netsetupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\netsetupapi.dll' [rcNtRedir=0xc0150008]
2528268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
2529268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
2530268c.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust]
2531268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2532268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2533268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2534268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2535268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
2536268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
2537268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2538268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
2539268c.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\NetSetupApi.dll) WinVerifyTrust
2540268c.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\NetSetupApi.dll
2541268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2542268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2543268c.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
2544268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2545268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2546268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2547268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2548268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
2549268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
2550268c.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
2551268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2552268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2553268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2554268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2555268c.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\NetSetupShim.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2556268c.16b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\NetSetupShim.dll
2557268c.16b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\NetSetupApi.dll
2558268c.16b8: supR3HardenedDllNotificationCallback: load 00007ffc2f3d0000 LB 0x00026000 C:\Windows\System32\NetSetupApi.dll [fFlags=0x0]
2559268c.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\NetSetupApi.dll
2560268c.16b8: supR3HardenedDllNotificationCallback: load 00007ffc3f380000 LB 0x0043b000 C:\WINDOWS\System32\setupapi.dll [fFlags=0x0]
2561268c.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
2562268c.16b8: supR3HardenedDllNotificationCallback: load 00007ffc2f510000 LB 0x0007b000 C:\Windows\System32\NetSetupShim.dll [fFlags=0x0]
2563268c.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\NetSetupShim.dll
2564268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc2f510000 'C:\Windows\System32\NetSetupShim.dll'
2565268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
2566268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
2567268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2568268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'.
2569268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'nsi.dll'.
2570268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'winnsi.dll'.
2571268c.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\NetSetupEngine.dll) WinVerifyTrust
2572268c.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\NetSetupEngine.dll
2573268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
2574268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
2575268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
2576268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
2577268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
2578268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'nsi.dll'.
2579268c.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winnsi.dll) WinVerifyTrust
2580268c.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winnsi.dll
2581268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2582268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2583268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2584268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2585268c.16b8: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\nsi.dll'.
2586268c.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\nsi.dll)
2587268c.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\nsi.dll
2588268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2589268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2590268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
2591268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
2592268c.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\nsi.dll) WinVerifyTrust
2593268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2594268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2595268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2596268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2597268c.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\NetSetupEngine.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2598268c.16b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\NetSetupEngine.dll
2599268c.16b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winnsi.dll
2600268c.16b8: supR3HardenedDllNotificationCallback: load 00007ffc3d410000 LB 0x00008000 C:\WINDOWS\System32\NSI.dll [fFlags=0x0]
2601268c.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll [avoiding WinVerifyTrust]
2602268c.16b8: supR3HardenedDllNotificationCallback: load 00007ffc356d0000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\WINNSI.DLL [fFlags=0x0]
2603268c.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winnsi.dll
2604268c.16b8: supR3HardenedDllNotificationCallback: load 00007ffc13800000 LB 0x000be000 C:\Windows\System32\NetSetupEngine.dll [fFlags=0x0]
2605268c.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\NetSetupEngine.dll
2606268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13800000 'C:\Windows\System32\NetSetupEngine.dll'
2607268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
2608268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
2609268c.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\nsi.dll'
2610268c.16b8: supR3HardenedDllNotificationCallback: Unload 00007ffc13800000 LB 0x000be000 C:\Windows\System32\NetSetupEngine.dll [flags=0x0]
2611268c.16b8: supR3HardenedDllNotificationCallback: Unload 00007ffc356d0000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\WINNSI.DLL [flags=0x0]
2612268c.16b8: supR3HardenedDllNotificationCallback: Unload 00007ffc3d410000 LB 0x00008000 C:\WINDOWS\System32\NSI.dll [flags=0x0]
2613268c.196c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
2614268c.196c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2615268c.196c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2616268c.196c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2617268c.196c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2618268c.196c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
2619268c.196c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2620268c.196c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2621268c.196c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2622268c.196c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2623268c.196c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2624268c.196c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2625268c.196c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2626268c.196c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2627268c.196c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2628268c.196c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2629268c.196c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2630268c.196c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2631268c.196c: supR3HardenedDllNotificationCallback: load 00007ffc302f0000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
2632268c.196c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2633268c.196c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc302f0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
2634268c.196c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3f910000 'C:\WINDOWS\system32\User32.dll'
2635268c.1974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
2636268c.1974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2637268c.1974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2638268c.1974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2639268c.1974: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
2640268c.1974: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2641268c.1974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2642268c.1974: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2643268c.1974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2644268c.1974: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2645268c.1974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
2646268c.1974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2647268c.1974: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2648268c.1974: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2649268c.1974: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2650268c.1974: supR3HardenedDllNotificationCallback: load 00007ffc302e0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
2651268c.1974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2652268c.1974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc302e0000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
2653268c.1964: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
2654268c.1964: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2655268c.1964: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2656268c.1964: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2657268c.1964: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
2658268c.1964: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2659268c.1964: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2660268c.1964: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2661268c.1964: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2662268c.1964: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2663268c.1964: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2664268c.1964: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2665268c.1964: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
2666268c.1964: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2667268c.1964: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2668268c.1964: supR3HardenedDllNotificationCallback: load 00007ffc302d0000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
2669268c.1964: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2670268c.1964: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc302d0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
2671268c.ac0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
2672268c.ac0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2673268c.ac0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2674268c.ac0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2675268c.ac0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
2676268c.ac0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2677268c.ac0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2678268c.ac0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2679268c.ac0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2680268c.ac0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2681268c.ac0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2682268c.ac0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2683268c.ac0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2684268c.ac0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2685268c.ac0: supR3HardenedDllNotificationCallback: load 00007ffc302c0000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
2686268c.ac0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2687268c.ac0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc302c0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
2688268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3dd30000 'C:\WINDOWS\system32\Shell32.dll'
2689268c.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2690268c.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2691268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc128e0000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
2692268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
2693268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2694268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2695268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2696268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
2697268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
2698268c.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll) WinVerifyTrust
2699268c.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2700268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2701268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2702268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2703268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2704268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2705268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2706268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2707268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2708268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2709268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2710268c.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2711268c.16b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2712268c.16b8: supR3HardenedDllNotificationCallback: load 00007ffc2d4e0000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
2713268c.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2714268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc2d4e0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
2715268c.16b8: supR3HardenedDllNotificationCallback: Unload 00007ffc2d4e0000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
2716268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
2717268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
2718268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
2719268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2720268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2721268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2722268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
2723268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
2724268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
2725268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
2726268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
2727268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
2728268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
2729268c.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
2730268c.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
2731268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
2732268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
2733268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
2734268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
2735268c.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
2736268c.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
2737268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2738268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2739268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2740268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2741268c.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
2742268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2743268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2744268c.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
2745268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2746268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2747268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
2748268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
2749268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
2750268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2751268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2752268c.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
2753268c.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2754268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
2755268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
2756268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2757268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2758268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2759268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2760268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
2761268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2762268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2763268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2764268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
2765268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
2766268c.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
2767268c.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2768268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2769268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2770268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2771268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2772268c.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2773268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2774268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2775268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2776268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2777268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2778268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2779268c.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
2780268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2781268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2782268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2783268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2784268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2785268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2786268c.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2787268c.16b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
2788268c.16b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2789268c.16b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2790268c.16b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
2791268c.16b8: supR3HardenedDllNotificationCallback: load 00007ffc165a0000 LB 0x00058000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
2792268c.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2793268c.16b8: supR3HardenedDllNotificationCallback: load 00007ffc15d40000 LB 0x0005d000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
2794268c.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2795268c.16b8: supR3HardenedDllNotificationCallback: load 00007ffc3b970000 LB 0x00037000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
2796268c.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
2797268c.16b8: supR3HardenedDllNotificationCallback: load 00007ffc00370000 LB 0x009b2000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
2798268c.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
2799268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc00370000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
2800268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
2801268c.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2802268c.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2803268c.16b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2804268c.16b8: supR3HardenedDllNotificationCallback: load 00007ffc15b70000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
2805268c.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2806268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc15b70000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
2807268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
2808268c.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
2809268c.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2810268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc02150000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
2811268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
2812268c.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2813268c.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2814268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc15d40000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
2815268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
2816268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
2817268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2818268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2819268c.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll) WinVerifyTrust
2820268c.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
2821268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2822268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2823268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2824268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2825268c.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2826268c.16b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
2827268c.16b8: supR3HardenedDllNotificationCallback: load 00007ffc2d4f0000 LB 0x0001e000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [fFlags=0x0]
2828268c.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
2829268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc2d4f0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL'
2830268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
2831268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
2832268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2833268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2834268c.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll) WinVerifyTrust
2835268c.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
2836268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2837268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2838268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2839268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2840268c.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2841268c.16b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
2842268c.16b8: supR3HardenedDllNotificationCallback: load 00007ffc2d4d0000 LB 0x00017000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL [fFlags=0x0]
2843268c.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
2844268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc2d4d0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL'
2845268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
2846268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
2847268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2848268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2849268c.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll) WinVerifyTrust
2850268c.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
2851268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2852268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2853268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2854268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2855268c.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2856268c.16b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
2857268c.16b8: supR3HardenedDllNotificationCallback: load 00007ffc2d420000 LB 0x00017000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [fFlags=0x0]
2858268c.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
2859268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc2d420000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL'
2860268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
2861268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
2862268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2863268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2864268c.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll) WinVerifyTrust
2865268c.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
2866268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2867268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2868268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2869268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2870268c.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2871268c.16b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
2872268c.16b8: supR3HardenedDllNotificationCallback: load 00007ffc28540000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [fFlags=0x0]
2873268c.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
2874268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc28540000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL'
2875268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
2876268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
2877268c.1914: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
2878268c.1914: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2879268c.1914: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2880268c.1914: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2881268c.1914: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
2882268c.1914: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2883268c.1914: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2884268c.1914: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2885268c.1914: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2886268c.1914: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2887268c.1914: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2888268c.1914: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2889268c.1914: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2890268c.1914: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2891268c.1914: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2892268c.1914: supR3HardenedDllNotificationCallback: load 00007ffc302b0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
2893268c.1914: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2894268c.1914: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc302b0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
2895268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
2896268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
2897268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2898268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2899268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2900268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
2901268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
2902268c.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll) WinVerifyTrust
2903268c.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
2904268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2905268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2906268c.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
2907268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2908268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2909268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2910268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2911268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2912268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2913268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2914268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2915268c.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2916268c.16b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
2917268c.16b8: supR3HardenedDllNotificationCallback: load 00007ffc163d0000 LB 0x000e5000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL [fFlags=0x0]
2918268c.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
2919268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc163d0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL'
2920268c.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
2921268c.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2922268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b970000 'C:\WINDOWS\system32\Iphlpapi.dll'
2923268c.16b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winnsi.dll
2924268c.16b8: supR3HardenedDllNotificationCallback: load 00007ffc3d410000 LB 0x00008000 C:\WINDOWS\System32\NSI.dll [fFlags=0x0]
2925268c.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll
2926268c.16b8: supR3HardenedDllNotificationCallback: load 00007ffc356d0000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\WINNSI.DLL [fFlags=0x0]
2927268c.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winnsi.dll
2928268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
2929268c.16b8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll)
2930268c.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll
2931268c.16b8: supR3HardenedDllNotificationCallback: load 00007ffc35210000 LB 0x00016000 C:\WINDOWS\SYSTEM32\dhcpcsvc6.DLL [fFlags=0x0]
2932268c.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll [avoiding WinVerifyTrust]
2933268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
2934268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
2935268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'nsi.dll'.
2936268c.16b8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll)
2937268c.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll
2938268c.16b8: supR3HardenedDllNotificationCallback: load 00007ffc351f0000 LB 0x0001a000 C:\WINDOWS\SYSTEM32\dhcpcsvc.DLL [fFlags=0x0]
2939268c.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll [avoiding WinVerifyTrust]
2940268c.16b8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ee4 pwszName=\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll
2941268c.16b8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000be92e0
2942268c.16b8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000be92e0
2943268c.16b8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DD77C0B8420B1E0725E0BAACB8F1F2821C7C9053
2944268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2945268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2946268c.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll
2947268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2948268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2949268c.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
2950268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2951268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2952268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2953268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2954268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
2955268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
2956268c.16b8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-CoreSystem-minio-Package~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll'
2957268c.16b8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2958268c.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll'
2959268c.16b8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f18 pwszName=\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll
2960268c.16b8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000be92e0
2961268c.16b8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000be92e0
2962268c.16b8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0462C999B5398941A444B13399F1AFCF2D9BD7ED
2963268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
2964268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
2965268c.16b8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-CoreSystem-minio-Package~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll'
2966268c.16b8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2967268c.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll'
2968268c.16b8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d98 pwszName=\Device\HarddiskVolume3\Windows\System32\dsound.dll
2969268c.16b8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000be92e0
2970268c.16b8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000be92e0
2971268c.16b8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BAF92974128C211D90A77B3D2A8F3BAD364910A5
2972268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
2973268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
2974268c.16b8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-multimedia~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\dsound.dll'
2975268c.16b8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2976268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2977268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'winmm.dll'.
2978268c.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dsound.dll) WinVerifyTrust
2979268c.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dsound.dll
2980268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
2981268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
2982268c.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
2983268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2984268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2985268c.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2986268c.16b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
2987268c.16b8: supR3HardenedDllNotificationCallback: load 00007ffc13830000 LB 0x0008c000 C:\WINDOWS\System32\dsound.dll [fFlags=0x0]
2988268c.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
2989268c.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
2990268c.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
2991268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\System32\dsound.dll'
2992268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\System32\dsound.dll'
2993268c.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
2994268c.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2995268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
2996268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
2997268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
2998268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2999268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
3000268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'devobj.dll'.
3001268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'propsys.dll'.
3002268c.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll) WinVerifyTrust
3003268c.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
3004268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
3005268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume3\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
3006268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
3007268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
3008268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3009268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
3010268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
3011268c.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\propsys.dll) WinVerifyTrust
3012268c.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\propsys.dll
3013268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
3014268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume3\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
3015268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3016268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3017268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
3018268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
3019268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3020268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3021268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
3022268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
3023268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'cfgmgr32.dll'.
3024268c.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\devobj.dll) WinVerifyTrust
3025268c.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\devobj.dll
3026268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3027268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3028268c.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
3029268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3030268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3031268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
3032268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
3033268c.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll [redoing WinVerifyTrust]
3034268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
3035268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
3036268c.16b8: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'
3037268c.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
3038268c.16b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
3039268c.16b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devobj.dll
3040268c.16b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\propsys.dll
3041268c.16b8: supR3HardenedDllNotificationCallback: load 00007ffc3ac70000 LB 0x00028000 C:\WINDOWS\System32\DEVOBJ.dll [fFlags=0x0]
3042268c.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devobj.dll
3043268c.16b8: supR3HardenedDllNotificationCallback: load 00007ffc3a0b0000 LB 0x00196000 C:\WINDOWS\System32\PROPSYS.dll [fFlags=0x0]
3044268c.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\propsys.dll
3045268c.16b8: supR3HardenedDllNotificationCallback: load 00007ffc34d20000 LB 0x00067000 C:\WINDOWS\System32\MMDevApi.dll [fFlags=0x0]
3046268c.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
3047268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc34d20000 'C:\WINDOWS\System32\MMDevApi.dll'
3048268c.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
3049268c.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3050268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc34d20000 'C:\WINDOWS\System32\MMDEVAPI.DLL'
3051268c.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
3052268c.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3053268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3054268c.16b8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000fec pwszName=\Device\HarddiskVolume3\Windows\System32\wdmaud.drv
3055268c.16b8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000be92e0
3056268c.16b8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000be92e0
3057268c.16b8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=70FC7883505DC83E14C72C8984C7562A04A6C6F0
3058268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
3059268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
3060268c.16b8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_935_for_KB4025342~31bf3856ad364e35~amd64~~10.0.1.13.cat'; file='\Device\HarddiskVolume3\Windows\System32\wdmaud.drv'
3061268c.16b8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3062268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3063268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'mmdevapi.dll'.
3064268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'ksuser.dll'.
3065268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'avrt.dll'.
3066268c.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wdmaud.drv) WinVerifyTrust
3067268c.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
3068268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
3069268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
3070268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
3071268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
3072268c.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\avrt.dll) WinVerifyTrust
3073268c.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\avrt.dll
3074268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
3075268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume3\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
3076268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
3077268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
3078268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3079268c.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ksuser.dll) WinVerifyTrust
3080268c.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ksuser.dll
3081268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
3082268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
3083268c.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
3084268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3085268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3086268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3087268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3088268c.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3089268c.16b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
3090268c.16b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ksuser.dll
3091268c.16b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\avrt.dll
3092268c.16b8: supR3HardenedDllNotificationCallback: load 00007ffc35a00000 LB 0x00009000 C:\WINDOWS\SYSTEM32\ksuser.dll [fFlags=0x0]
3093268c.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ksuser.dll
3094268c.16b8: supR3HardenedDllNotificationCallback: load 00007ffc38580000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\AVRT.dll [fFlags=0x0]
3095268c.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\avrt.dll
3096268c.16b8: supR3HardenedDllNotificationCallback: load 00007ffc15cc0000 LB 0x00041000 C:\WINDOWS\System32\wdmaud.drv [fFlags=0x0]
3097268c.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
3098268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc15cc0000 'C:\WINDOWS\System32\wdmaud.drv'
3099268c.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
3100268c.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3101268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc15cc0000 'C:\WINDOWS\System32\wdmaud.drv'
3102268c.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
3103268c.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3104268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc15cc0000 'C:\WINDOWS\System32\wdmaud.drv'
3105268c.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
3106268c.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3107268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc15cc0000 'C:\WINDOWS\System32\wdmaud.drv'
3108268c.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
3109268c.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3110268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc15cc0000 'C:\WINDOWS\System32\wdmaud.drv'
3111268c.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
3112268c.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3113268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
3114268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
3115268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
3116268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
3117268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'.
3118268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #47 'mmdevapi.dll'.
3119268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #48 'avrt.dll'.
3120268c.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\AudioSes.dll) WinVerifyTrust
3121268c.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\AudioSes.dll
3122268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
3123268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
3124268c.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\avrt.dll
3125268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
3126268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
3127268c.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
3128268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
3129268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
3130268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3131268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3132268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
3133268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
3134268c.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
3135268c.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3136268c.16b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\AudioSes.dll
3137268c.16b8: supR3HardenedDllNotificationCallback: load 00007ffc32a70000 LB 0x00105000 C:\WINDOWS\System32\AUDIOSES.DLL [fFlags=0x0]
3138268c.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\AudioSes.dll
3139268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc32a70000 'C:\WINDOWS\System32\AUDIOSES.DLL'
3140268c.16b8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f14 pwszName=\Device\HarddiskVolume3\Windows\System32\msacm32.drv
3141268c.16b8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000be92e0
3142268c.16b8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000be92e0
3143268c.16b8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=244FFD3779BB26E481FDDE1BCB7D66CB70669BE2
3144268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
3145268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
3146268c.16b8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-multimedia~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\msacm32.drv'
3147268c.16b8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3148268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3149268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'mmdevapi.dll'.
3150268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msacm32.dll'.
3151268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'winmmbase.dll'.
3152268c.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msacm32.drv) WinVerifyTrust
3153268c.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msacm32.drv
3154268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
3155268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
3156268c.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmmbase.dll [redoing WinVerifyTrust]
3157268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
3158268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
3159268c.16b8: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'
3160268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
3161268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
3162268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
3163268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
3164268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3165268c.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msacm32.dll) WinVerifyTrust
3166268c.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msacm32.dll
3167268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
3168268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
3169268c.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
3170268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3171268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3172268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3173268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3174268c.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3175268c.16b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
3176268c.16b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.dll
3177268c.16b8: supR3HardenedDllNotificationCallback: load 00007ffc15c90000 LB 0x0001c000 C:\WINDOWS\SYSTEM32\MSACM32.dll [fFlags=0x0]
3178268c.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.dll
3179268c.16b8: supR3HardenedDllNotificationCallback: load 00007ffc15cb0000 LB 0x0000d000 C:\WINDOWS\System32\msacm32.drv [fFlags=0x0]
3180268c.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
3181268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc15cb0000 'C:\WINDOWS\System32\msacm32.drv'
3182268c.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
3183268c.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3184268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc15cb0000 'C:\WINDOWS\System32\msacm32.drv'
3185268c.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
3186268c.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3187268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc15cb0000 'C:\WINDOWS\System32\msacm32.drv'
3188268c.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
3189268c.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3190268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc15cb0000 'C:\WINDOWS\System32\msacm32.drv'
3191268c.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
3192268c.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3193268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc15cb0000 'C:\WINDOWS\System32\msacm32.drv'
3194268c.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
3195268c.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3196268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc15cb0000 'C:\WINDOWS\System32\msacm32.drv'
3197268c.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
3198268c.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3199268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc15cb0000 'C:\WINDOWS\System32\msacm32.drv'
3200268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc15cb0000 'C:\WINDOWS\System32\msacm32.drv'
3201268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc15cb0000 'C:\WINDOWS\System32\msacm32.drv'
3202268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc15cb0000 'C:\WINDOWS\System32\msacm32.drv'
3203268c.16b8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001044 pwszName=\Device\HarddiskVolume3\Windows\System32\midimap.dll
3204268c.16b8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000be92e0
3205268c.16b8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000be92e0
3206268c.16b8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B59112F98815E2A8A155F681ED15AB1991951589
3207268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
3208268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
3209268c.16b8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-multimedia~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\midimap.dll'
3210268c.16b8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3211268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3212268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'winmm.dll'.
3213268c.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\midimap.dll) WinVerifyTrust
3214268c.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\midimap.dll
3215268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
3216268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
3217268c.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
3218268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3219268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3220268c.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3221268c.16b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
3222268c.16b8: supR3HardenedDllNotificationCallback: load 00007ffc15c80000 LB 0x0000a000 C:\WINDOWS\System32\midimap.dll [fFlags=0x0]
3223268c.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
3224268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc15c80000 'C:\WINDOWS\System32\midimap.dll'
3225268c.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
3226268c.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3227268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc15c80000 'C:\WINDOWS\System32\midimap.dll'
3228268c.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
3229268c.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3230268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc15c80000 'C:\WINDOWS\System32\midimap.dll'
3231268c.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
3232268c.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3233268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc15c80000 'C:\WINDOWS\System32\midimap.dll'
3234268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3235268c.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
3236268c.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3237268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3238268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3239268c.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
3240268c.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3241268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3242268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3243268c.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
3244268c.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3245268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc128e0000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
3246268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
3247268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
3248268c.13e4: '\Device\HarddiskVolume3\Windows\System32\tzres.dll' has no imports
3249268c.13e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\tzres.dll)
3250268c.13e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\tzres.dll
3251268c.13e4: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 00000000000013d4 (hFile=00000000000013d0) with 0xc0000022 -> STATUS_TRUST_FAILURE
3252268c.13e4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\tzres.dll [avoiding WinVerifyTrust]
3253268c.13e4: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 00000000000013d0 (hFile=00000000000013d4) with 0xc0000022 -> STATUS_TRUST_FAILURE
3254268c.16b8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000013d8 pwszName=\Device\HarddiskVolume3\Windows\System32\tzres.dll
3255268c.16b8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000be92e0
3256268c.16b8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000be92e0
3257268c.16b8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8867A3D506FE23E5881B28A9F704179D1A9B603A
3258268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
3259268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
3260268c.16b8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_733_for_KB4025342~31bf3856ad364e35~amd64~~10.0.1.13.cat'; file='\Device\HarddiskVolume3\Windows\System32\tzres.dll'
3261268c.16b8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3262268c.16b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\tzres.dll'
3263268c.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
3264268c.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3265268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3266268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3267268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
3268268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
3269268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3270268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
3271268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'combase.dll'.
3272268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'shcore.dll'.
3273268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'win32u.dll'.
3274268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'textinputframework.dll'.
3275268c.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'user32.dll'.
3276268c.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\Windows.UI.dll) WinVerifyTrust
3277268c.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\Windows.UI.dll
3278268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3279268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3280268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'textinputframework.dll'...
3281268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'textinputframework.dll' -> '\Device\HarddiskVolume3\Windows\System32\textinputframework.dll' [rcNtRedir=0xc0150008]
3282268c.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll
3283268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
3284268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
3285268c.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [redoing WinVerifyTrust]
3286268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
3287268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
3288268c.16b8: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll'
3289268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
3290268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume3\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
3291268c.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll
3292268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
3293268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
3294268c.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll
3295268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3296268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3297268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3298268c.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3299268c.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\Windows.UI.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
3300268c.16b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\Windows.UI.dll
3301268c.16b8: supR3HardenedDllNotificationCallback: load 00007ffc34f00000 LB 0x00106000 C:\Windows\System32\Windows.UI.dll [fFlags=0x0]
3302268c.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\Windows.UI.dll
3303268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc34f00000 'C:\Windows\System32\Windows.UI.dll'
3304268c.2b40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\avrt.dll
3305268c.2b40: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\avrt.dll (Input=avrt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3306268c.2b40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3307268c.13e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b7f0000 'C:\WINDOWS\system32\rsaenh.dll'
3308268c.13e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3d0f0000 'C:\WINDOWS\System32\crypt32.dll'
3309268c.13e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'ws2_32.dll'.
3310268c.13e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'rpcrt4.dll'.
3311268c.13e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\mswsock.dll) WinVerifyTrust
3312268c.13e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\mswsock.dll
3313268c.13e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3314268c.13e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3315268c.13e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
3316268c.13e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
3317268c.13e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\mswsock.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3318268c.13e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mswsock.dll
3319268c.13e4: supR3HardenedDllNotificationCallback: load 00007ffc3bbd0000 LB 0x0005c000 C:\WINDOWS\system32\mswsock.dll [fFlags=0x0]
3320268c.13e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mswsock.dll
3321268c.13e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3bbd0000 'C:\WINDOWS\system32\mswsock.dll'
3322268c.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
3323268c.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3324268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3325268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3326268c.28ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\avrt.dll
3327268c.28ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\avrt.dll (Input=avrt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3328268c.28ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3329268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3330268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3331268c.2a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\avrt.dll
3332268c.2a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\avrt.dll (Input=avrt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3333268c.2a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3334268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3335268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3336268c.26ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\avrt.dll
3337268c.26ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\avrt.dll (Input=avrt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3338268c.26ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3339268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3340268c.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
3341268c.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3342268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3343268c.2610: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\avrt.dll
3344268c.2610: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\avrt.dll (Input=avrt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3345268c.2610: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3346268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3347268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3348268c.5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3349268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3350268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3351268c.2a50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3352268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3353268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3354268c.14c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3355268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3356268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3357268c.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3358268c.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
3359268c.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3360268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3361268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3362268c.c10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3363268c.1308: supR3HardenedDllNotificationCallback: Unload 00007ffc2f510000 LB 0x0007b000 C:\Windows\System32\NetSetupShim.dll [flags=0x0]
3364268c.1308: supR3HardenedDllNotificationCallback: Unload 00007ffc2f3d0000 LB 0x00026000 C:\Windows\System32\NetSetupApi.dll [flags=0x0]
3365268c.1f18: supR3HardenedDllNotificationCallback: Unload 00007ffc34f00000 LB 0x00106000 C:\Windows\System32\Windows.UI.dll [flags=0x0]
3366268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3367268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3368268c.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\Windows.UI.dll
3369268c.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\Windows.UI.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
3370268c.16b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\Windows.UI.dll
3371268c.16b8: supR3HardenedDllNotificationCallback: load 00007ffc34f00000 LB 0x00106000 C:\Windows\System32\Windows.UI.dll [fFlags=0x0]
3372268c.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\Windows.UI.dll
3373268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc34f00000 'C:\Windows\System32\Windows.UI.dll'
3374268c.1c54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3375268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3376268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3377268c.1840: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3378268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3379268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3380268c.2004: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\avrt.dll
3381268c.2004: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\avrt.dll (Input=avrt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3382268c.2004: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3383268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3384268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3385268c.1380: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3386268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3387268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3388268c.edc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3389268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3390268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3391268c.bb0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3392268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3393268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3394268c.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3395268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3396268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3397268c.22d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3398268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3399268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3400268c.2148: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3401268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3402268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3403268c.26ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3404268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3405268c.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
3406268c.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3407268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3408268c.1f4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3409268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3410268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3411268c.22b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3412268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3413268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3414268c.49c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3415268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3416268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3417268c.17b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3418268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3419268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3420268c.1b14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3421268c.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
3422268c.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3423268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3424268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3425268c.1cd8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3426268c.1308: supR3HardenedDllNotificationCallback: Unload 00007ffc34f00000 LB 0x00106000 C:\Windows\System32\Windows.UI.dll [flags=0x0]
3427268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3428268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3429268c.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\Windows.UI.dll
3430268c.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\Windows.UI.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
3431268c.16b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\Windows.UI.dll
3432268c.16b8: supR3HardenedDllNotificationCallback: load 00007ffc34f00000 LB 0x00106000 C:\Windows\System32\Windows.UI.dll [fFlags=0x0]
3433268c.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\Windows.UI.dll
3434268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc34f00000 'C:\Windows\System32\Windows.UI.dll'
3435268c.28c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3436268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3437268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3438268c.290c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3439268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3440268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3441268c.bb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\avrt.dll
3442268c.bb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\avrt.dll (Input=avrt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3443268c.bb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3444268c.1fac: supR3HardenedDllNotificationCallback: Unload 00007ffc34f00000 LB 0x00106000 C:\Windows\System32\Windows.UI.dll [flags=0x0]
3445268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3446268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3447268c.16b8: supR3HardenedDllNotificationCallback: load 00007ffc34f00000 LB 0x00106000 C:\Windows\System32\Windows.UI.dll [fFlags=0x0]
3448268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc34f00000 'C:\Windows\System32\Windows.UI.dll'
3449268c.26d0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3450268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3451268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3452268c.18e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3453268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3454268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3455268c.1f40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3456268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3457268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3458268c.1a48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3459268c.1098: supR3HardenedDllNotificationCallback: Unload 00007ffc34f00000 LB 0x00106000 C:\Windows\System32\Windows.UI.dll [flags=0x0]
3460268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3461268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3462268c.16b8: supR3HardenedDllNotificationCallback: load 00007ffc34f00000 LB 0x00106000 C:\Windows\System32\Windows.UI.dll [fFlags=0x0]
3463268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc34f00000 'C:\Windows\System32\Windows.UI.dll'
3464268c.c4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3465268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3466268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3467268c.25f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3468268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3469268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3470268c.ec8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3471268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3472268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3473268c.1a10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3474268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3475268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3476268c.2250: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3477268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3478268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3479268c.1e94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3480268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3481268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3482268c.1ddc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3483268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3484268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3485268c.24f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3486268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3487268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3488268c.2824: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3489268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3490268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3491268c.a78: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3492268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3493268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3494268c.2228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3495268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3496268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3497268c.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3498268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3499268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3500268c.11a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3501268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3502268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3503268c.2458: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3504268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3505268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3506268c.cc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3507268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3508268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3509268c.1830: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3510268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3511268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3512268c.1f78: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3513268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3514268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3515268c.2228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3516268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3517268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3518268c.1254: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3519268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3520268c.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
3521268c.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3522268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3523268c.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3524268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3525268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3526268c.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3527268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3528268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3529268c.17a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3530268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3531268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3532268c.b60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3533268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3534268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3535268c.1038: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3536268c.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
3537268c.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3538268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3539268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3540268c.1db4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3541268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3542268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3543268c.1f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3544268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3545268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3546268c.2204: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3547268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3548268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3549268c.788: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\avrt.dll
3550268c.788: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\avrt.dll (Input=avrt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3551268c.788: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3552268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3553268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3554268c.f30: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3555268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3556268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3557268c.1614: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3558268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3559268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3560268c.1cac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3561268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3562268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3563268c.1dc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3564268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3565268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3566268c.28b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3567268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3568268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3569268c.814: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3570268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3571268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3572268c.1028: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3573268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3574268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3575268c.10dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3576268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3577268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3578268c.22f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3579268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3580268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3581268c.2230: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3582268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3583268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3584268c.15c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3585268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3586268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3587268c.1380: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3588268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3589268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3590268c.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3591268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3592268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3593268c.87c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3594268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3595268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3596268c.2270: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3597268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3598268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3599268c.2948: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3600268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3601268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3602268c.504: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3603268c.1f50: supR3HardenedDllNotificationCallback: Unload 00007ffc34f00000 LB 0x00106000 C:\Windows\System32\Windows.UI.dll [flags=0x0]
3604268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3605268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3606268c.16b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\Windows.UI.dll
3607268c.16b8: supR3HardenedDllNotificationCallback: load 00007ffc34f00000 LB 0x00106000 C:\Windows\System32\Windows.UI.dll [fFlags=0x0]
3608268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc34f00000 'C:\Windows\System32\Windows.UI.dll'
3609268c.1048: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3610268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3611268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3612268c.1d94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3613268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3614268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3615268c.a2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3616268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3617268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3618268c.6c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3619268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3620268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3621268c.219c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3622268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3623268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3624268c.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3625268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3626268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3627268c.2964: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3628268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3629268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3630268c.634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3631268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3632268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3633268c.1f60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3634268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3635268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3636268c.1c0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3637268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3638268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3639268c.1a30: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3640268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3641268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3642268c.4d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3643268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3644268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3645268c.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3646268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3647268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3648268c.2414: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3649268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3650268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3651268c.15f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3652268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3653268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3654268c.14c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3655268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3656268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3657268c.fc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3658268c.1570: supR3HardenedDllNotificationCallback: Unload 00007ffc34f00000 LB 0x00106000 C:\Windows\System32\Windows.UI.dll [flags=0x0]
3659268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3660268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3661268c.16b8: supR3HardenedDllNotificationCallback: load 00007ffc34f00000 LB 0x00106000 C:\Windows\System32\Windows.UI.dll [fFlags=0x0]
3662268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc34f00000 'C:\Windows\System32\Windows.UI.dll'
3663268c.203c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3664268c.2234: supR3HardenedDllNotificationCallback: Unload 00007ffc34f00000 LB 0x00106000 C:\Windows\System32\Windows.UI.dll [flags=0x0]
3665268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13830000 'C:\WINDOWS\system32\dsound.dll'
3666268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3a6d0000 'C:\WINDOWS\System32\winmm.dll'
3667268c.16b8: supR3HardenedDllNotificationCallback: load 00007ffc34f00000 LB 0x00106000 C:\Windows\System32\Windows.UI.dll [fFlags=0x0]
3668268c.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc34f00000 'C:\Windows\System32\Windows.UI.dll'
3669268c.2074: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38580000 'C:\WINDOWS\System32\avrt.dll'
3670268c.2234: supR3HardenedDllNotificationCallback: Unload 00007ffc34f00000 LB 0x00106000 C:\Windows\System32\Windows.UI.dll [flags=0x0]
36711f70.248c: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x40010004 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 29920972 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy