VirtualBox

Ticket #17143: VBoxHardering.log

File VBoxHardering.log, 285.2 KB (added by lvesel, 7 years ago)
Line 
12b34.2b3c: Log file opened: 5.1.28r117968 g_hStartupLog=0000000000000068 g_uNtVerCombined=0xa03ad700
22b34.2b3c: \SystemRoot\System32\ntdll.dll:
32b34.2b3c: CreationTime: 2017-10-04T15:56:26.833702800Z
42b34.2b3c: LastWriteTime: 2017-10-04T15:56:26.849327400Z
52b34.2b3c: ChangeTime: 2017-10-04T15:57:52.061551700Z
62b34.2b3c: FileAttributes: 0x20
72b34.2b3c: Size: 0x1d7450
82b34.2b3c: NT Headers: 0xe0
92b34.2b3c: Timestamp: 0xa329d3a8
102b34.2b3c: Machine: 0x8664 - amd64
112b34.2b3c: Timestamp: 0xa329d3a8
122b34.2b3c: Image Version: 10.0
132b34.2b3c: SizeOfImage: 0x1db000 (1945600)
142b34.2b3c: Resource Dir: 0x170000 LB 0x69398
152b34.2b3c: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
162b34.2b3c: [Raw version resource data: 0x1700f0 LB 0x380, codepage 0x0 (reserved 0x0)]
172b34.2b3c: ProductName: Microsoft® Windows® Operating System
182b34.2b3c: ProductVersion: 10.0.15063.447
192b34.2b3c: FileVersion: 10.0.15063.447 (WinBuild.160101.0800)
202b34.2b3c: FileDescription: NT Layer DLL
212b34.2b3c: \SystemRoot\System32\kernel32.dll:
222b34.2b3c: CreationTime: 2017-06-07T21:05:44.747277200Z
232b34.2b3c: LastWriteTime: 2017-06-07T21:05:44.749936000Z
242b34.2b3c: ChangeTime: 2017-10-04T14:59:19.273103900Z
252b34.2b3c: FileAttributes: 0x20
262b34.2b3c: Size: 0xad068
272b34.2b3c: NT Headers: 0xf8
282b34.2b3c: Timestamp: 0xf5fa43df
292b34.2b3c: Machine: 0x8664 - amd64
302b34.2b3c: Timestamp: 0xf5fa43df
312b34.2b3c: Image Version: 10.0
322b34.2b3c: SizeOfImage: 0xae000 (712704)
332b34.2b3c: Resource Dir: 0xac000 LB 0x520
342b34.2b3c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
352b34.2b3c: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
362b34.2b3c: ProductName: Microsoft® Windows® Operating System
372b34.2b3c: ProductVersion: 10.0.15063.296
382b34.2b3c: FileVersion: 10.0.15063.296 (WinBuild.160101.0800)
392b34.2b3c: FileDescription: Windows NT BASE API Client DLL
402b34.2b3c: \SystemRoot\System32\KernelBase.dll:
412b34.2b3c: CreationTime: 2017-10-04T15:56:26.802446200Z
422b34.2b3c: LastWriteTime: 2017-10-04T15:56:26.802446200Z
432b34.2b3c: ChangeTime: 2017-10-04T14:59:19.417177800Z
442b34.2b3c: FileAttributes: 0x20
452b34.2b3c: Size: 0x249df0
462b34.2b3c: NT Headers: 0x100
472b34.2b3c: Timestamp: 0xaa6457d1
482b34.2b3c: Machine: 0x8664 - amd64
492b34.2b3c: Timestamp: 0xaa6457d1
502b34.2b3c: Image Version: 10.0
512b34.2b3c: SizeOfImage: 0x249000 (2396160)
522b34.2b3c: Resource Dir: 0x22a000 LB 0x548
532b34.2b3c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
542b34.2b3c: [Raw version resource data: 0x22a0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
552b34.2b3c: ProductName: Microsoft® Windows® Operating System
562b34.2b3c: ProductVersion: 10.0.15063.483
572b34.2b3c: FileVersion: 10.0.15063.483 (WinBuild.160101.0800)
582b34.2b3c: FileDescription: Windows NT BASE API Client DLL
592b34.2b3c: \SystemRoot\System32\apisetschema.dll:
602b34.2b3c: CreationTime: 2017-03-18T20:57:35.373527900Z
612b34.2b3c: LastWriteTime: 2017-03-18T20:57:35.373527900Z
622b34.2b3c: ChangeTime: 2017-10-04T15:44:07.676058500Z
632b34.2b3c: FileAttributes: 0x20
642b34.2b3c: Size: 0x1ada0
652b34.2b3c: NT Headers: 0xc0
662b34.2b3c: Timestamp: 0x76544b2
672b34.2b3c: Machine: 0x8664 - amd64
682b34.2b3c: Timestamp: 0x76544b2
692b34.2b3c: Image Version: 10.0
702b34.2b3c: SizeOfImage: 0x1b000 (110592)
712b34.2b3c: Resource Dir: 0x1a000 LB 0x408
722b34.2b3c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
732b34.2b3c: [Raw version resource data: 0x1a060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
742b34.2b3c: ProductName: Microsoft® Windows® Operating System
752b34.2b3c: ProductVersion: 10.0.15063.0
762b34.2b3c: FileVersion: 10.0.15063.0 (WinBuild.160101.0800)
772b34.2b3c: FileDescription: ApiSet Schema DLL
782b34.2b3c: NtOpenDirectoryObject failed on \Driver: 0xc0000022
792b34.2b3c: supR3HardenedWinFindAdversaries: 0x3
802b34.2b3c: \SystemRoot\System32\drivers\SysPlant.sys:
812b34.2b3c: CreationTime: 2017-10-04T05:32:50.570368000Z
822b34.2b3c: LastWriteTime: 2017-10-04T05:32:50.585986000Z
832b34.2b3c: ChangeTime: 2017-10-04T05:32:50.585986000Z
842b34.2b3c: FileAttributes: 0x20
852b34.2b3c: Size: 0x2bba8
862b34.2b3c: NT Headers: 0x100
872b34.2b3c: Timestamp: 0x5857e054
882b34.2b3c: Machine: 0x8664 - amd64
892b34.2b3c: Timestamp: 0x5857e054
902b34.2b3c: Image Version: 5.0
912b34.2b3c: SizeOfImage: 0x30000 (196608)
922b34.2b3c: Resource Dir: 0x2e000 LB 0x498
932b34.2b3c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
942b34.2b3c: [Raw version resource data: 0x2e0b8 LB 0x3e0, codepage 0x4e4 (reserved 0x0)]
952b34.2b3c: ProductName: Symantec CMC Firewall
962b34.2b3c: ProductVersion: 12.1.7166.6700
972b34.2b3c: FileVersion: 12.1.7166.6700
982b34.2b3c: FileDescription: Symantec CMC Firewall SysPlant
992b34.2b3c: \SystemRoot\System32\sysfer.dll:
1002b34.2b3c: CreationTime: 2017-10-04T05:32:50.523513000Z
1012b34.2b3c: LastWriteTime: 2017-10-04T05:32:50.554742500Z
1022b34.2b3c: ChangeTime: 2017-10-04T07:40:26.611804800Z
1032b34.2b3c: FileAttributes: 0x20
1042b34.2b3c: Size: 0x73728
1052b34.2b3c: NT Headers: 0xf0
1062b34.2b3c: Timestamp: 0x5857e05e
1072b34.2b3c: Machine: 0x8664 - amd64
1082b34.2b3c: Timestamp: 0x5857e05e
1092b34.2b3c: Image Version: 0.0
1102b34.2b3c: SizeOfImage: 0x89000 (561152)
1112b34.2b3c: Resource Dir: 0x87000 LB 0x630
1122b34.2b3c: [Version info resource found at 0xc8! (ID/Name: 0x1; SubID/SubName: 0x409)]
1132b34.2b3c: [Raw version resource data: 0x87100 LB 0x3d4, codepage 0x4e4 (reserved 0x0)]
1142b34.2b3c: ProductName: Symantec CMC Firewall
1152b34.2b3c: ProductVersion: 12.1.7166.6700
1162b34.2b3c: FileVersion: 12.1.7166.6700
1172b34.2b3c: FileDescription: Symantec CMC Firewall sysfer
1182b34.2b3c: \SystemRoot\System32\drivers\symevent64x86.sys:
1192b34.2b3c: CreationTime: 2017-10-04T05:34:59.922629100Z
1202b34.2b3c: LastWriteTime: 2017-10-04T05:34:59.641378900Z
1212b34.2b3c: ChangeTime: 2017-10-04T05:34:59.641378900Z
1222b34.2b3c: FileAttributes: 0x20
1232b34.2b3c: Size: 0x2ccf0
1242b34.2b3c: NT Headers: 0xf0
1252b34.2b3c: Timestamp: 0x57be5070
1262b34.2b3c: Machine: 0x8664 - amd64
1272b34.2b3c: Timestamp: 0x57be5070
1282b34.2b3c: Image Version: 6.0
1292b34.2b3c: SizeOfImage: 0x37000 (225280)
1302b34.2b3c: Resource Dir: 0x35000 LB 0x3c8
1312b34.2b3c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
1322b34.2b3c: [Raw version resource data: 0x350b8 LB 0x310, codepage 0x4e4 (reserved 0x0)]
1332b34.2b3c: ProductName: SYMEVENT
1342b34.2b3c: ProductVersion: 12.9.6.28
1352b34.2b3c: FileVersion: 12.9.6.28
1362b34.2b3c: FileDescription: Symantec Event Library
1372b34.2b3c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
1382b34.2b3c: Calling main()
1392b34.2b3c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
1402b34.2b3c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
1412b34.2b3c: SUPR3HardenedMain: Respawn #1
1422b34.2b3c: System32: \Device\HarddiskVolume3\Windows\System32
1432b34.2b3c: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
1442b34.2b3c: KnownDllPath: C:\windows\System32
1452b34.2b3c: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
1462b34.2b3c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe)
1472b34.2b3c: supR3HardNtEnableThreadCreation:
1482b34.2b3c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff9176c9ac0 pvNtTerminateThread=00007ff9176f5df0
1492b34.2b3c: supR3HardenedWinDoReSpawn(1): New child 2b5c.29f4 [kernel32].
1502b34.2b3c: supR3HardNtChildGatherData: PebBaseAddress=00000000010b4000 cbPeb=0x388
1512b34.2b3c: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff917650000 uNtDllChildAddr=00007ff917650000
1522b34.2b3c: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff9176c9ac0
1532b34.2b3c: supR3HardenedWinSetupChildInit: Start child.
1542b34.2b3c: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
1552b34.2b3c: supR3HardNtChildPurify: Startup delay kludge #1/0: 516 ms, 32 sleeps
1562b34.2b3c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
1572b34.2b3c: *0000000000000000-0000000000e3ffff 0x0001/0x0000 0x0000000
1582b34.2b3c: *0000000000e40000-0000000000e5ffff 0x0004/0x0004 0x0020000
1592b34.2b3c: *0000000000e60000-0000000000e77fff 0x0002/0x0002 0x0040000
1602b34.2b3c: 0000000000e78000-0000000000e7ffff 0x0001/0x0000 0x0000000
1612b34.2b3c: *0000000000e80000-0000000000f7afff 0x0000/0x0004 0x0020000
1622b34.2b3c: 0000000000f7b000-0000000000f7dfff 0x0104/0x0004 0x0020000
1632b34.2b3c: 0000000000f7e000-0000000000f7ffff 0x0004/0x0004 0x0020000
1642b34.2b3c: *0000000000f80000-0000000000f83fff 0x0002/0x0002 0x0040000
1652b34.2b3c: 0000000000f84000-0000000000f8ffff 0x0001/0x0000 0x0000000
1662b34.2b3c: *0000000000f90000-0000000000f90fff 0x0004/0x0004 0x0020000
1672b34.2b3c: 0000000000f91000-0000000000ffffff 0x0001/0x0000 0x0000000
1682b34.2b3c: *0000000001000000-00000000010b3fff 0x0000/0x0004 0x0020000
1692b34.2b3c: 00000000010b4000-00000000010b6fff 0x0004/0x0004 0x0020000
1702b34.2b3c: 00000000010b7000-00000000011fffff 0x0000/0x0004 0x0020000
1712b34.2b3c: 0000000001200000-000000007ffdffff 0x0001/0x0000 0x0000000
1722b34.2b3c: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
1732b34.2b3c: *000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
1742b34.2b3c: 000000007fff0000-00007ff6a9e0ffff 0x0001/0x0000 0x0000000
1752b34.2b3c: *00007ff6a9e10000-00007ff6a9e32fff 0x0002/0x0002 0x0040000
1762b34.2b3c: 00007ff6a9e33000-00007ff6a9feffff 0x0001/0x0000 0x0000000
1772b34.2b3c: *00007ff6a9ff0000-00007ff6a9ff0fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
1782b34.2b3c: 00007ff6a9ff1000-00007ff6aa060fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
1792b34.2b3c: 00007ff6aa061000-00007ff6aa061fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
1802b34.2b3c: 00007ff6aa062000-00007ff6aa0a7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
1812b34.2b3c: 00007ff6aa0a8000-00007ff6aa0a8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
1822b34.2b3c: 00007ff6aa0a9000-00007ff6aa0a9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
1832b34.2b3c: 00007ff6aa0aa000-00007ff6aa0aefff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
1842b34.2b3c: 00007ff6aa0af000-00007ff6aa0affff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
1852b34.2b3c: 00007ff6aa0b0000-00007ff6aa0b0fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
1862b34.2b3c: 00007ff6aa0b1000-00007ff6aa0b4fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
1872b34.2b3c: 00007ff6aa0b5000-00007ff6aa0fcfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
1882b34.2b3c: 00007ff6aa0fd000-00007ff6aa0fffff 0x0001/0x0000 0x0000000
1892b34.2b3c: *00007ff6aa100000-00007ff6aa100fff 0x0040/0x0040 0x0020000 !!
1902b34.2b3c: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 00007ff6aa100000 (LB 0x1000, 00007ff6aa100000 LB 0x1000)
1912b34.2b3c: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [00007ff6aa100000/00007ff6aa100000 LB 0/0x1000]
1922b34.2b3c: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/00007ff6aa100000 LB 0x26d550000 s=0x10000 ap=0x0 rp=0x00000000000001
1932b34.2b3c: 00007ff6aa101000-00007ff91764ffff 0x0001/0x0000 0x0000000
1942b34.2b3c: *00007ff917650000-00007ff917650fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1952b34.2b3c: 00007ff917651000-00007ff91775ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1962b34.2b3c: 00007ff917760000-00007ff9177a4fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1972b34.2b3c: 00007ff9177a5000-00007ff9177acfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1982b34.2b3c: 00007ff9177ad000-00007ff9177bafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1992b34.2b3c: 00007ff9177bb000-00007ff9177bbfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2002b34.2b3c: 00007ff9177bc000-00007ff9177befff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2012b34.2b3c: 00007ff9177bf000-00007ff91782afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2022b34.2b3c: 00007ff91782b000-00007ffffffdffff 0x0001/0x0000 0x0000000
2032b34.2b3c: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
2042b34.2b3c: VirtualBox.exe: timestamp 0x59b8f49b (rc=VINF_SUCCESS)
2052b34.2b3c: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
2062b34.2b3c: VirtualBox.exe: Differences in section #0 (headers) between file and memory:
2072b34.2b3c: 00007ff6a9ff0162 / 0x0000162: 00 != 11
2082b34.2b3c: 00007ff6a9ff0164 / 0x0000164: 00 != 14
2092b34.2b3c: Restored 0x400 bytes of original file content at 00007ff6a9ff0000
2102b34.2b3c: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
2112b34.2b3c: supR3HardNtChildPurify: cFixes=2 g_fSupAdversaries=0x3
2122b34.2b3c: supR3HardNtChildPurify: Startup delay kludge #1/1: 515 ms, 32 sleeps
2132b34.2b3c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
2142b34.2b3c: *0000000000000000-0000000000e3ffff 0x0001/0x0000 0x0000000
2152b34.2b3c: *0000000000e40000-0000000000e5ffff 0x0004/0x0004 0x0020000
2162b34.2b3c: *0000000000e60000-0000000000e77fff 0x0002/0x0002 0x0040000
2172b34.2b3c: 0000000000e78000-0000000000e7ffff 0x0001/0x0000 0x0000000
2182b34.2b3c: *0000000000e80000-0000000000f7afff 0x0000/0x0004 0x0020000
2192b34.2b3c: 0000000000f7b000-0000000000f7dfff 0x0104/0x0004 0x0020000
2202b34.2b3c: 0000000000f7e000-0000000000f7ffff 0x0004/0x0004 0x0020000
2212b34.2b3c: *0000000000f80000-0000000000f83fff 0x0002/0x0002 0x0040000
2222b34.2b3c: 0000000000f84000-0000000000f8ffff 0x0001/0x0000 0x0000000
2232b34.2b3c: *0000000000f90000-0000000000f90fff 0x0004/0x0004 0x0020000
2242b34.2b3c: 0000000000f91000-0000000000ffffff 0x0001/0x0000 0x0000000
2252b34.2b3c: *0000000001000000-00000000010b3fff 0x0000/0x0004 0x0020000
2262b34.2b3c: 00000000010b4000-00000000010b6fff 0x0004/0x0004 0x0020000
2272b34.2b3c: 00000000010b7000-00000000011fffff 0x0000/0x0004 0x0020000
2282b34.2b3c: 0000000001200000-000000007ffdffff 0x0001/0x0000 0x0000000
2292b34.2b3c: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
2302b34.2b3c: *000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
2312b34.2b3c: 000000007fff0000-00007ff6a9e0ffff 0x0001/0x0000 0x0000000
2322b34.2b3c: *00007ff6a9e10000-00007ff6a9e32fff 0x0002/0x0002 0x0040000
2332b34.2b3c: 00007ff6a9e33000-00007ff6a9feffff 0x0001/0x0000 0x0000000
2342b34.2b3c: *00007ff6a9ff0000-00007ff6a9ff0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
2352b34.2b3c: 00007ff6a9ff1000-00007ff6aa060fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
2362b34.2b3c: 00007ff6aa061000-00007ff6aa061fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
2372b34.2b3c: 00007ff6aa062000-00007ff6aa0a7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
2382b34.2b3c: 00007ff6aa0a8000-00007ff6aa0b4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
2392b34.2b3c: 00007ff6aa0b5000-00007ff6aa0fcfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
2402b34.2b3c: 00007ff6aa0fd000-00007ff91764ffff 0x0001/0x0000 0x0000000
2412b34.2b3c: *00007ff917650000-00007ff917650fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2422b34.2b3c: 00007ff917651000-00007ff91775ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2432b34.2b3c: 00007ff917760000-00007ff9177a4fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2442b34.2b3c: 00007ff9177a5000-00007ff9177a8fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2452b34.2b3c: 00007ff9177a9000-00007ff9177acfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2462b34.2b3c: 00007ff9177ad000-00007ff9177bafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2472b34.2b3c: 00007ff9177bb000-00007ff9177bbfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2482b34.2b3c: 00007ff9177bc000-00007ff9177befff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2492b34.2b3c: 00007ff9177bf000-00007ff91782afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2502b34.2b3c: 00007ff91782b000-00007ffffffdffff 0x0001/0x0000 0x0000000
2512b34.2b3c: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
2522b34.2b3c: supR3HardNtChildPurify: Done after 1062 ms and 2 fixes (loop #1).
2532b34.2b3c: supR3HardNtEnableThreadCreation:
2542b5c.29f4: Log file opened: 5.1.28r117968 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa03ad700
2552b5c.29f4: supR3HardenedVmProcessInit: uNtDllAddr=00007ff917650000 g_uNtVerCombined=0xa03ad700
2562b5c.29f4: ntdll.dll: timestamp 0xa329d3a8 (rc=VINF_SUCCESS)
2572b5c.29f4: New simple heap: #1 0000000001300000 LB 0x400000 (for 1945600 allocation)
2582b5c.29f4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
2592b5c.29f4: System32: \Device\HarddiskVolume3\Windows\System32
2602b5c.29f4: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
2612b5c.29f4: KnownDllPath: C:\windows\System32
2622b5c.29f4: supR3HardenedVmProcessInit: Opening vboxdrv stub...
2632b5c.29f4: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
2642b5c.29f4: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
2652b5c.29f4: Registered Dll notification callback with NTDLL.
2662b5c.29f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
2672b5c.29f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
2682b5c.29f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
2692b5c.29f4: supR3HardenedDllNotificationCallback: load 00007ff914600000 LB 0x00249000 C:\windows\System32\KERNELBASE.dll [fFlags=0x0]
2702b5c.29f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
2712b5c.29f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
2722b5c.29f4: supR3HardenedDllNotificationCallback: load 00007ff914bb0000 LB 0x000ae000 C:\windows\System32\KERNEL32.DLL [fFlags=0x0]
2732b5c.29f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
2742b5c.29f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914bb0000 'C:\windows\System32\KERNEL32.DLL'
2752b5c.29f4: supR3HardenedDllNotificationCallback: load 00007ff6a9ff0000 LB 0x0010d000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
2762b5c.29f4: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
2772b5c.29f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe)
2782b5c.29f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
2792b5c.29f4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff9176c9ac0 pvNtTerminateThread=00007ff9176f5df0
2802b34.2b3c: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 110 ms.
2812b5c.29f4: \SystemRoot\System32\ntdll.dll:
2822b5c.29f4: CreationTime: 2017-10-04T15:56:26.833702800Z
2832b5c.29f4: LastWriteTime: 2017-10-04T15:56:26.849327400Z
2842b5c.29f4: ChangeTime: 2017-10-04T15:57:52.061551700Z
2852b5c.29f4: FileAttributes: 0x20
2862b5c.29f4: Size: 0x1d7450
2872b5c.29f4: NT Headers: 0xe0
2882b5c.29f4: Timestamp: 0xa329d3a8
2892b5c.29f4: Machine: 0x8664 - amd64
2902b5c.29f4: Timestamp: 0xa329d3a8
2912b5c.29f4: Image Version: 10.0
2922b5c.29f4: SizeOfImage: 0x1db000 (1945600)
2932b5c.29f4: Resource Dir: 0x170000 LB 0x69398
2942b5c.29f4: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
2952b5c.29f4: [Raw version resource data: 0x1700f0 LB 0x380, codepage 0x0 (reserved 0x0)]
2962b5c.29f4: ProductName: Microsoft® Windows® Operating System
2972b5c.29f4: ProductVersion: 10.0.15063.447
2982b5c.29f4: FileVersion: 10.0.15063.447 (WinBuild.160101.0800)
2992b5c.29f4: FileDescription: NT Layer DLL
3002b5c.29f4: \SystemRoot\System32\kernel32.dll:
3012b5c.29f4: CreationTime: 2017-06-07T21:05:44.747277200Z
3022b5c.29f4: LastWriteTime: 2017-06-07T21:05:44.749936000Z
3032b5c.29f4: ChangeTime: 2017-10-04T14:59:19.273103900Z
3042b5c.29f4: FileAttributes: 0x20
3052b5c.29f4: Size: 0xad068
3062b5c.29f4: NT Headers: 0xf8
3072b5c.29f4: Timestamp: 0xf5fa43df
3082b5c.29f4: Machine: 0x8664 - amd64
3092b5c.29f4: Timestamp: 0xf5fa43df
3102b5c.29f4: Image Version: 10.0
3112b5c.29f4: SizeOfImage: 0xae000 (712704)
3122b5c.29f4: Resource Dir: 0xac000 LB 0x520
3132b5c.29f4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
3142b5c.29f4: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
3152b5c.29f4: ProductName: Microsoft® Windows® Operating System
3162b5c.29f4: ProductVersion: 10.0.15063.296
3172b5c.29f4: FileVersion: 10.0.15063.296 (WinBuild.160101.0800)
3182b5c.29f4: FileDescription: Windows NT BASE API Client DLL
3192b5c.29f4: \SystemRoot\System32\KernelBase.dll:
3202b5c.29f4: CreationTime: 2017-10-04T15:56:26.802446200Z
3212b5c.29f4: LastWriteTime: 2017-10-04T15:56:26.802446200Z
3222b5c.29f4: ChangeTime: 2017-10-04T14:59:19.417177800Z
3232b5c.29f4: FileAttributes: 0x20
3242b5c.29f4: Size: 0x249df0
3252b5c.29f4: NT Headers: 0x100
3262b5c.29f4: Timestamp: 0xaa6457d1
3272b5c.29f4: Machine: 0x8664 - amd64
3282b5c.29f4: Timestamp: 0xaa6457d1
3292b5c.29f4: Image Version: 10.0
3302b5c.29f4: SizeOfImage: 0x249000 (2396160)
3312b5c.29f4: Resource Dir: 0x22a000 LB 0x548
3322b5c.29f4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
3332b5c.29f4: [Raw version resource data: 0x22a0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
3342b5c.29f4: ProductName: Microsoft® Windows® Operating System
3352b5c.29f4: ProductVersion: 10.0.15063.483
3362b5c.29f4: FileVersion: 10.0.15063.483 (WinBuild.160101.0800)
3372b5c.29f4: FileDescription: Windows NT BASE API Client DLL
3382b5c.29f4: \SystemRoot\System32\apisetschema.dll:
3392b5c.29f4: CreationTime: 2017-03-18T20:57:35.373527900Z
3402b5c.29f4: LastWriteTime: 2017-03-18T20:57:35.373527900Z
3412b5c.29f4: ChangeTime: 2017-10-04T15:44:07.676058500Z
3422b5c.29f4: FileAttributes: 0x20
3432b5c.29f4: Size: 0x1ada0
3442b5c.29f4: NT Headers: 0xc0
3452b5c.29f4: Timestamp: 0x76544b2
3462b5c.29f4: Machine: 0x8664 - amd64
3472b5c.29f4: Timestamp: 0x76544b2
3482b5c.29f4: Image Version: 10.0
3492b5c.29f4: SizeOfImage: 0x1b000 (110592)
3502b5c.29f4: Resource Dir: 0x1a000 LB 0x408
3512b5c.29f4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
3522b5c.29f4: [Raw version resource data: 0x1a060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
3532b5c.29f4: ProductName: Microsoft® Windows® Operating System
3542b5c.29f4: ProductVersion: 10.0.15063.0
3552b5c.29f4: FileVersion: 10.0.15063.0 (WinBuild.160101.0800)
3562b5c.29f4: FileDescription: ApiSet Schema DLL
3572b5c.29f4: NtOpenDirectoryObject failed on \Driver: 0xc0000022
3582b5c.29f4: supR3HardenedWinFindAdversaries: 0x3
3592b5c.29f4: \SystemRoot\System32\drivers\SysPlant.sys:
3602b5c.29f4: CreationTime: 2017-10-04T05:32:50.570368000Z
3612b5c.29f4: LastWriteTime: 2017-10-04T05:32:50.585986000Z
3622b5c.29f4: ChangeTime: 2017-10-04T05:32:50.585986000Z
3632b5c.29f4: FileAttributes: 0x20
3642b5c.29f4: Size: 0x2bba8
3652b5c.29f4: NT Headers: 0x100
3662b5c.29f4: Timestamp: 0x5857e054
3672b5c.29f4: Machine: 0x8664 - amd64
3682b5c.29f4: Timestamp: 0x5857e054
3692b5c.29f4: Image Version: 5.0
3702b5c.29f4: SizeOfImage: 0x30000 (196608)
3712b5c.29f4: Resource Dir: 0x2e000 LB 0x498
3722b5c.29f4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
3732b5c.29f4: [Raw version resource data: 0x2e0b8 LB 0x3e0, codepage 0x4e4 (reserved 0x0)]
3742b5c.29f4: ProductName: Symantec CMC Firewall
3752b5c.29f4: ProductVersion: 12.1.7166.6700
3762b5c.29f4: FileVersion: 12.1.7166.6700
3772b5c.29f4: FileDescription: Symantec CMC Firewall SysPlant
3782b5c.29f4: \SystemRoot\System32\sysfer.dll:
3792b5c.29f4: CreationTime: 2017-10-04T05:32:50.523513000Z
3802b5c.29f4: LastWriteTime: 2017-10-04T05:32:50.554742500Z
3812b5c.29f4: ChangeTime: 2017-10-04T07:40:26.611804800Z
3822b5c.29f4: FileAttributes: 0x20
3832b5c.29f4: Size: 0x73728
3842b5c.29f4: NT Headers: 0xf0
3852b5c.29f4: Timestamp: 0x5857e05e
3862b5c.29f4: Machine: 0x8664 - amd64
3872b5c.29f4: Timestamp: 0x5857e05e
3882b5c.29f4: Image Version: 0.0
3892b5c.29f4: SizeOfImage: 0x89000 (561152)
3902b5c.29f4: Resource Dir: 0x87000 LB 0x630
3912b5c.29f4: [Version info resource found at 0xc8! (ID/Name: 0x1; SubID/SubName: 0x409)]
3922b5c.29f4: [Raw version resource data: 0x87100 LB 0x3d4, codepage 0x4e4 (reserved 0x0)]
3932b5c.29f4: ProductName: Symantec CMC Firewall
3942b5c.29f4: ProductVersion: 12.1.7166.6700
3952b5c.29f4: FileVersion: 12.1.7166.6700
3962b5c.29f4: FileDescription: Symantec CMC Firewall sysfer
3972b5c.29f4: \SystemRoot\System32\drivers\symevent64x86.sys:
3982b5c.29f4: CreationTime: 2017-10-04T05:34:59.922629100Z
3992b5c.29f4: LastWriteTime: 2017-10-04T05:34:59.641378900Z
4002b5c.29f4: ChangeTime: 2017-10-04T05:34:59.641378900Z
4012b5c.29f4: FileAttributes: 0x20
4022b5c.29f4: Size: 0x2ccf0
4032b5c.29f4: NT Headers: 0xf0
4042b5c.29f4: Timestamp: 0x57be5070
4052b5c.29f4: Machine: 0x8664 - amd64
4062b5c.29f4: Timestamp: 0x57be5070
4072b5c.29f4: Image Version: 6.0
4082b5c.29f4: SizeOfImage: 0x37000 (225280)
4092b5c.29f4: Resource Dir: 0x35000 LB 0x3c8
4102b5c.29f4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
4112b5c.29f4: [Raw version resource data: 0x350b8 LB 0x310, codepage 0x4e4 (reserved 0x0)]
4122b5c.29f4: ProductName: SYMEVENT
4132b5c.29f4: ProductVersion: 12.9.6.28
4142b5c.29f4: FileVersion: 12.9.6.28
4152b5c.29f4: FileDescription: Symantec Event Library
4162b5c.29f4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
4172b5c.29f4: Calling main()
4182b5c.29f4: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
4192b5c.29f4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
4202b5c.29f4: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
4212b5c.29f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe)
4222b5c.29f4: SUPR3HardenedMain: Respawn #2
4232b5c.29f4: supR3HardNtEnableThreadCreation:
4242b5c.29f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
4252b5c.29f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'sechost.dll'.
4262b5c.29f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
4272b5c.29f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\advapi32.dll)
4282b5c.29f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\advapi32.dll
4292b5c.29f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
4302b5c.29f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
4312b5c.29f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll)
4322b5c.29f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
4332b5c.29f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
4342b5c.29f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume3\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
4352b5c.29f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
4362b5c.29f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\sechost.dll)
4372b5c.29f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sechost.dll
4382b5c.29f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
4392b5c.29f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
4402b5c.29f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcrt.dll)
4412b5c.29f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
4422b5c.29f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
4432b5c.29f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
4442b5c.29f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
4452b5c.29f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x1000 pwszSearchPath=0000000000000000:<flags> [calling]
4462b5c.29f4: supR3HardenedDllNotificationCallback: load 00007ff915ba0000 LB 0x0009d000 C:\windows\System32\msvcrt.dll [fFlags=0x0]
4472b5c.29f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
4482b5c.29f4: supR3HardenedDllNotificationCallback: load 00007ff915110000 LB 0x00125000 C:\windows\System32\RPCRT4.dll [fFlags=0x0]
4492b5c.29f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
4502b5c.29f4: supR3HardenedDllNotificationCallback: load 00007ff914e20000 LB 0x00059000 C:\windows\System32\sechost.dll [fFlags=0x0]
4512b5c.29f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\sechost.dll [lacks WinVerifyTrust]
4522b5c.29f4: supR3HardenedDllNotificationCallback: load 00007ff915af0000 LB 0x000a1000 C:\windows\System32\ADVAPI32.DLL [fFlags=0x0]
4532b5c.29f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
4542b5c.29f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff915af0000 'C:\windows\System32\ADVAPI32.DLL'
4552b5c.29f4: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
4562b5c.29f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntdll.dll)
4572b5c.29f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntdll.dll
4582b5c.29f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
4592b5c.29f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff917650000 'C:\windows\System32\ntdll.dll'
4602b5c.29f4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff9176c9ac0 pvNtTerminateThread=00007ff9176f5df0
4612b5c.29f4: supR3HardenedWinDoReSpawn(2): New child 2b90.2b84 [kernel32].
4622b5c.29f4: supR3HardNtChildGatherData: PebBaseAddress=00000000009b9000 cbPeb=0x388
4632b5c.29f4: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff917650000 uNtDllChildAddr=00007ff917650000
4642b5c.29f4: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff9176c9ac0
4652b5c.29f4: supR3HardenedWinSetupChildInit: Start child.
4662b5c.29f4: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
4672b5c.29f4: supR3HardNtChildPurify: Startup delay kludge #1/0: 516 ms, 32 sleeps
4682b5c.29f4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
4692b5c.29f4: *0000000000000000-000000000073ffff 0x0001/0x0000 0x0000000
4702b5c.29f4: *0000000000740000-000000000075ffff 0x0004/0x0004 0x0020000
4712b5c.29f4: *0000000000760000-0000000000777fff 0x0002/0x0002 0x0040000
4722b5c.29f4: 0000000000778000-000000000077ffff 0x0001/0x0000 0x0000000
4732b5c.29f4: *0000000000780000-0000000000783fff 0x0002/0x0002 0x0040000
4742b5c.29f4: 0000000000784000-000000000078ffff 0x0001/0x0000 0x0000000
4752b5c.29f4: *0000000000790000-0000000000790fff 0x0004/0x0004 0x0020000
4762b5c.29f4: 0000000000791000-00000000007fffff 0x0001/0x0000 0x0000000
4772b5c.29f4: *0000000000800000-00000000009b8fff 0x0000/0x0004 0x0020000
4782b5c.29f4: 00000000009b9000-00000000009bbfff 0x0004/0x0004 0x0020000
4792b5c.29f4: 00000000009bc000-00000000009fffff 0x0000/0x0004 0x0020000
4802b5c.29f4: *0000000000a00000-0000000000afafff 0x0000/0x0004 0x0020000
4812b5c.29f4: 0000000000afb000-0000000000afdfff 0x0104/0x0004 0x0020000
4822b5c.29f4: 0000000000afe000-0000000000afffff 0x0004/0x0004 0x0020000
4832b5c.29f4: 0000000000b00000-000000007ffdffff 0x0001/0x0000 0x0000000
4842b5c.29f4: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
4852b5c.29f4: *000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
4862b5c.29f4: 000000007fff0000-00007ff6a936ffff 0x0001/0x0000 0x0000000
4872b5c.29f4: *00007ff6a9370000-00007ff6a9392fff 0x0002/0x0002 0x0040000
4882b5c.29f4: 00007ff6a9393000-00007ff6a9feffff 0x0001/0x0000 0x0000000
4892b5c.29f4: *00007ff6a9ff0000-00007ff6a9ff0fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
4902b5c.29f4: 00007ff6a9ff1000-00007ff6aa060fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
4912b5c.29f4: 00007ff6aa061000-00007ff6aa061fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
4922b5c.29f4: 00007ff6aa062000-00007ff6aa0a7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
4932b5c.29f4: 00007ff6aa0a8000-00007ff6aa0a8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
4942b5c.29f4: 00007ff6aa0a9000-00007ff6aa0a9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
4952b5c.29f4: 00007ff6aa0aa000-00007ff6aa0aefff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
4962b5c.29f4: 00007ff6aa0af000-00007ff6aa0affff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
4972b5c.29f4: 00007ff6aa0b0000-00007ff6aa0b0fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
4982b5c.29f4: 00007ff6aa0b1000-00007ff6aa0b4fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
4992b5c.29f4: 00007ff6aa0b5000-00007ff6aa0fcfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
5002b5c.29f4: 00007ff6aa0fd000-00007ff6aa0fffff 0x0001/0x0000 0x0000000
5012b5c.29f4: *00007ff6aa100000-00007ff6aa100fff 0x0040/0x0040 0x0020000 !!
5022b5c.29f4: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 00007ff6aa100000 (LB 0x1000, 00007ff6aa100000 LB 0x1000)
5032b5c.29f4: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [00007ff6aa100000/00007ff6aa100000 LB 0/0x1000]
5042b5c.29f4: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/00007ff6aa100000 LB 0x26d550000 s=0x10000 ap=0x0 rp=0x00000000000001
5052b5c.29f4: 00007ff6aa101000-00007ff91764ffff 0x0001/0x0000 0x0000000
5062b5c.29f4: *00007ff917650000-00007ff917650fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
5072b5c.29f4: 00007ff917651000-00007ff91775ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
5082b5c.29f4: 00007ff917760000-00007ff9177a4fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
5092b5c.29f4: 00007ff9177a5000-00007ff9177acfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
5102b5c.29f4: 00007ff9177ad000-00007ff9177bafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
5112b5c.29f4: 00007ff9177bb000-00007ff9177bbfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
5122b5c.29f4: 00007ff9177bc000-00007ff9177befff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
5132b5c.29f4: 00007ff9177bf000-00007ff91782afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
5142b5c.29f4: 00007ff91782b000-00007ffffffdffff 0x0001/0x0000 0x0000000
5152b5c.29f4: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
5162b5c.29f4: VirtualBox.exe: timestamp 0x59b8f49b (rc=VINF_SUCCESS)
5172b5c.29f4: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
5182b5c.29f4: VirtualBox.exe: Differences in section #0 (headers) between file and memory:
5192b5c.29f4: 00007ff6a9ff0162 / 0x0000162: 00 != 11
5202b5c.29f4: 00007ff6a9ff0164 / 0x0000164: 00 != 14
5212b5c.29f4: Restored 0x400 bytes of original file content at 00007ff6a9ff0000
5222b5c.29f4: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
5232b5c.29f4: supR3HardNtChildPurify: cFixes=2 g_fSupAdversaries=0x3
5242b5c.29f4: supR3HardNtChildPurify: Startup delay kludge #1/1: 516 ms, 33 sleeps
5252b5c.29f4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
5262b5c.29f4: *0000000000000000-000000000073ffff 0x0001/0x0000 0x0000000
5272b5c.29f4: *0000000000740000-000000000075ffff 0x0004/0x0004 0x0020000
5282b5c.29f4: *0000000000760000-0000000000777fff 0x0002/0x0002 0x0040000
5292b5c.29f4: 0000000000778000-000000000077ffff 0x0001/0x0000 0x0000000
5302b5c.29f4: *0000000000780000-0000000000783fff 0x0002/0x0002 0x0040000
5312b5c.29f4: 0000000000784000-000000000078ffff 0x0001/0x0000 0x0000000
5322b5c.29f4: *0000000000790000-0000000000790fff 0x0004/0x0004 0x0020000
5332b5c.29f4: 0000000000791000-00000000007fffff 0x0001/0x0000 0x0000000
5342b5c.29f4: *0000000000800000-00000000009b8fff 0x0000/0x0004 0x0020000
5352b5c.29f4: 00000000009b9000-00000000009bbfff 0x0004/0x0004 0x0020000
5362b5c.29f4: 00000000009bc000-00000000009fffff 0x0000/0x0004 0x0020000
5372b5c.29f4: *0000000000a00000-0000000000afafff 0x0000/0x0004 0x0020000
5382b5c.29f4: 0000000000afb000-0000000000afdfff 0x0104/0x0004 0x0020000
5392b5c.29f4: 0000000000afe000-0000000000afffff 0x0004/0x0004 0x0020000
5402b5c.29f4: 0000000000b00000-000000007ffdffff 0x0001/0x0000 0x0000000
5412b5c.29f4: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
5422b5c.29f4: *000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
5432b5c.29f4: 000000007fff0000-00007ff6a936ffff 0x0001/0x0000 0x0000000
5442b5c.29f4: *00007ff6a9370000-00007ff6a9392fff 0x0002/0x0002 0x0040000
5452b5c.29f4: 00007ff6a9393000-00007ff6a9feffff 0x0001/0x0000 0x0000000
5462b5c.29f4: *00007ff6a9ff0000-00007ff6a9ff0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
5472b5c.29f4: 00007ff6a9ff1000-00007ff6aa060fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
5482b5c.29f4: 00007ff6aa061000-00007ff6aa061fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
5492b5c.29f4: 00007ff6aa062000-00007ff6aa0a7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
5502b5c.29f4: 00007ff6aa0a8000-00007ff6aa0b4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
5512b5c.29f4: 00007ff6aa0b5000-00007ff6aa0fcfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
5522b5c.29f4: 00007ff6aa0fd000-00007ff91764ffff 0x0001/0x0000 0x0000000
5532b5c.29f4: *00007ff917650000-00007ff917650fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
5542b5c.29f4: 00007ff917651000-00007ff91775ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
5552b5c.29f4: 00007ff917760000-00007ff9177a4fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
5562b5c.29f4: 00007ff9177a5000-00007ff9177a8fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
5572b5c.29f4: 00007ff9177a9000-00007ff9177acfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
5582b5c.29f4: 00007ff9177ad000-00007ff9177bafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
5592b5c.29f4: 00007ff9177bb000-00007ff9177bbfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
5602b5c.29f4: 00007ff9177bc000-00007ff9177befff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
5612b5c.29f4: 00007ff9177bf000-00007ff91782afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
5622b5c.29f4: 00007ff91782b000-00007ffffffdffff 0x0001/0x0000 0x0000000
5632b5c.29f4: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
5642b5c.29f4: supR3HardNtChildPurify: Done after 1063 ms and 2 fixes (loop #1).
5652b5c.29f4: supR3HardenedEarlyCompact: Removed heap 1 (0x00000001300000 LB 0x400000)
5662b5c.29f4: supR3HardNtEnableThreadCreation:
5672b90.2b84: Log file opened: 5.1.28r117968 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa03ad700
5682b90.2b84: supR3HardenedVmProcessInit: uNtDllAddr=00007ff917650000 g_uNtVerCombined=0xa03ad700
5692b90.2b84: ntdll.dll: timestamp 0xa329d3a8 (rc=VINF_SUCCESS)
5702b90.2b84: New simple heap: #1 0000000000c00000 LB 0x400000 (for 1945600 allocation)
5712b90.2b84: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
5722b90.2b84: System32: \Device\HarddiskVolume3\Windows\System32
5732b90.2b84: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
5742b90.2b84: KnownDllPath: C:\windows\System32
5752b90.2b84: supR3HardenedVmProcessInit: Opening vboxdrv...
5762b90.2b84: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
5772b90.2b84: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
5782b90.2b84: Registered Dll notification callback with NTDLL.
5792b90.2b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
5802b90.2b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
5812b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
5822b90.2b84: supR3HardenedDllNotificationCallback: load 00007ff914600000 LB 0x00249000 C:\windows\System32\KERNELBASE.dll [fFlags=0x0]
5832b90.2b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
5842b90.2b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
5852b90.2b84: supR3HardenedDllNotificationCallback: load 00007ff914bb0000 LB 0x000ae000 C:\windows\System32\KERNEL32.DLL [fFlags=0x0]
5862b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
5872b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914bb0000 'C:\windows\System32\KERNEL32.DLL'
5882b90.2b84: supR3HardenedDllNotificationCallback: load 00007ff6a9ff0000 LB 0x0010d000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
5892b90.2b84: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
5902b90.2b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe)
5912b90.2b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
5922b90.2b84: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff9176c9ac0 pvNtTerminateThread=00007ff9176f5df0
5932b5c.29f4: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 109 ms.
5942b90.2b84: \SystemRoot\System32\ntdll.dll:
5952b90.2b84: CreationTime: 2017-10-04T15:56:26.833702800Z
5962b90.2b84: LastWriteTime: 2017-10-04T15:56:26.849327400Z
5972b90.2b84: ChangeTime: 2017-10-04T15:57:52.061551700Z
5982b90.2b84: FileAttributes: 0x20
5992b90.2b84: Size: 0x1d7450
6002b90.2b84: NT Headers: 0xe0
6012b90.2b84: Timestamp: 0xa329d3a8
6022b90.2b84: Machine: 0x8664 - amd64
6032b90.2b84: Timestamp: 0xa329d3a8
6042b90.2b84: Image Version: 10.0
6052b90.2b84: SizeOfImage: 0x1db000 (1945600)
6062b90.2b84: Resource Dir: 0x170000 LB 0x69398
6072b90.2b84: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
6082b90.2b84: [Raw version resource data: 0x1700f0 LB 0x380, codepage 0x0 (reserved 0x0)]
6092b90.2b84: ProductName: Microsoft® Windows® Operating System
6102b90.2b84: ProductVersion: 10.0.15063.447
6112b90.2b84: FileVersion: 10.0.15063.447 (WinBuild.160101.0800)
6122b90.2b84: FileDescription: NT Layer DLL
6132b90.2b84: \SystemRoot\System32\kernel32.dll:
6142b90.2b84: CreationTime: 2017-06-07T21:05:44.747277200Z
6152b90.2b84: LastWriteTime: 2017-06-07T21:05:44.749936000Z
6162b90.2b84: ChangeTime: 2017-10-04T14:59:19.273103900Z
6172b90.2b84: FileAttributes: 0x20
6182b90.2b84: Size: 0xad068
6192b90.2b84: NT Headers: 0xf8
6202b90.2b84: Timestamp: 0xf5fa43df
6212b90.2b84: Machine: 0x8664 - amd64
6222b90.2b84: Timestamp: 0xf5fa43df
6232b90.2b84: Image Version: 10.0
6242b90.2b84: SizeOfImage: 0xae000 (712704)
6252b90.2b84: Resource Dir: 0xac000 LB 0x520
6262b90.2b84: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
6272b90.2b84: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
6282b90.2b84: ProductName: Microsoft® Windows® Operating System
6292b90.2b84: ProductVersion: 10.0.15063.296
6302b90.2b84: FileVersion: 10.0.15063.296 (WinBuild.160101.0800)
6312b90.2b84: FileDescription: Windows NT BASE API Client DLL
6322b90.2b84: \SystemRoot\System32\KernelBase.dll:
6332b90.2b84: CreationTime: 2017-10-04T15:56:26.802446200Z
6342b90.2b84: LastWriteTime: 2017-10-04T15:56:26.802446200Z
6352b90.2b84: ChangeTime: 2017-10-04T14:59:19.417177800Z
6362b90.2b84: FileAttributes: 0x20
6372b90.2b84: Size: 0x249df0
6382b90.2b84: NT Headers: 0x100
6392b90.2b84: Timestamp: 0xaa6457d1
6402b90.2b84: Machine: 0x8664 - amd64
6412b90.2b84: Timestamp: 0xaa6457d1
6422b90.2b84: Image Version: 10.0
6432b90.2b84: SizeOfImage: 0x249000 (2396160)
6442b90.2b84: Resource Dir: 0x22a000 LB 0x548
6452b90.2b84: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
6462b90.2b84: [Raw version resource data: 0x22a0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
6472b90.2b84: ProductName: Microsoft® Windows® Operating System
6482b90.2b84: ProductVersion: 10.0.15063.483
6492b90.2b84: FileVersion: 10.0.15063.483 (WinBuild.160101.0800)
6502b90.2b84: FileDescription: Windows NT BASE API Client DLL
6512b90.2b84: \SystemRoot\System32\apisetschema.dll:
6522b90.2b84: CreationTime: 2017-03-18T20:57:35.373527900Z
6532b90.2b84: LastWriteTime: 2017-03-18T20:57:35.373527900Z
6542b90.2b84: ChangeTime: 2017-10-04T15:44:07.676058500Z
6552b90.2b84: FileAttributes: 0x20
6562b90.2b84: Size: 0x1ada0
6572b90.2b84: NT Headers: 0xc0
6582b90.2b84: Timestamp: 0x76544b2
6592b90.2b84: Machine: 0x8664 - amd64
6602b90.2b84: Timestamp: 0x76544b2
6612b90.2b84: Image Version: 10.0
6622b90.2b84: SizeOfImage: 0x1b000 (110592)
6632b90.2b84: Resource Dir: 0x1a000 LB 0x408
6642b90.2b84: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
6652b90.2b84: [Raw version resource data: 0x1a060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
6662b90.2b84: ProductName: Microsoft® Windows® Operating System
6672b90.2b84: ProductVersion: 10.0.15063.0
6682b90.2b84: FileVersion: 10.0.15063.0 (WinBuild.160101.0800)
6692b90.2b84: FileDescription: ApiSet Schema DLL
6702b90.2b84: NtOpenDirectoryObject failed on \Driver: 0xc0000022
6712b90.2b84: supR3HardenedWinFindAdversaries: 0x3
6722b90.2b84: \SystemRoot\System32\drivers\SysPlant.sys:
6732b90.2b84: CreationTime: 2017-10-04T05:32:50.570368000Z
6742b90.2b84: LastWriteTime: 2017-10-04T05:32:50.585986000Z
6752b90.2b84: ChangeTime: 2017-10-04T05:32:50.585986000Z
6762b90.2b84: FileAttributes: 0x20
6772b90.2b84: Size: 0x2bba8
6782b90.2b84: NT Headers: 0x100
6792b90.2b84: Timestamp: 0x5857e054
6802b90.2b84: Machine: 0x8664 - amd64
6812b90.2b84: Timestamp: 0x5857e054
6822b90.2b84: Image Version: 5.0
6832b90.2b84: SizeOfImage: 0x30000 (196608)
6842b90.2b84: Resource Dir: 0x2e000 LB 0x498
6852b90.2b84: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
6862b90.2b84: [Raw version resource data: 0x2e0b8 LB 0x3e0, codepage 0x4e4 (reserved 0x0)]
6872b90.2b84: ProductName: Symantec CMC Firewall
6882b90.2b84: ProductVersion: 12.1.7166.6700
6892b90.2b84: FileVersion: 12.1.7166.6700
6902b90.2b84: FileDescription: Symantec CMC Firewall SysPlant
6912b90.2b84: \SystemRoot\System32\sysfer.dll:
6922b90.2b84: CreationTime: 2017-10-04T05:32:50.523513000Z
6932b90.2b84: LastWriteTime: 2017-10-04T05:32:50.554742500Z
6942b90.2b84: ChangeTime: 2017-10-04T07:40:26.611804800Z
6952b90.2b84: FileAttributes: 0x20
6962b90.2b84: Size: 0x73728
6972b90.2b84: NT Headers: 0xf0
6982b90.2b84: Timestamp: 0x5857e05e
6992b90.2b84: Machine: 0x8664 - amd64
7002b90.2b84: Timestamp: 0x5857e05e
7012b90.2b84: Image Version: 0.0
7022b90.2b84: SizeOfImage: 0x89000 (561152)
7032b90.2b84: Resource Dir: 0x87000 LB 0x630
7042b90.2b84: [Version info resource found at 0xc8! (ID/Name: 0x1; SubID/SubName: 0x409)]
7052b90.2b84: [Raw version resource data: 0x87100 LB 0x3d4, codepage 0x4e4 (reserved 0x0)]
7062b90.2b84: ProductName: Symantec CMC Firewall
7072b90.2b84: ProductVersion: 12.1.7166.6700
7082b90.2b84: FileVersion: 12.1.7166.6700
7092b90.2b84: FileDescription: Symantec CMC Firewall sysfer
7102b90.2b84: \SystemRoot\System32\drivers\symevent64x86.sys:
7112b90.2b84: CreationTime: 2017-10-04T05:34:59.922629100Z
7122b90.2b84: LastWriteTime: 2017-10-04T05:34:59.641378900Z
7132b90.2b84: ChangeTime: 2017-10-04T05:34:59.641378900Z
7142b90.2b84: FileAttributes: 0x20
7152b90.2b84: Size: 0x2ccf0
7162b90.2b84: NT Headers: 0xf0
7172b90.2b84: Timestamp: 0x57be5070
7182b90.2b84: Machine: 0x8664 - amd64
7192b90.2b84: Timestamp: 0x57be5070
7202b90.2b84: Image Version: 6.0
7212b90.2b84: SizeOfImage: 0x37000 (225280)
7222b90.2b84: Resource Dir: 0x35000 LB 0x3c8
7232b90.2b84: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
7242b90.2b84: [Raw version resource data: 0x350b8 LB 0x310, codepage 0x4e4 (reserved 0x0)]
7252b90.2b84: ProductName: SYMEVENT
7262b90.2b84: ProductVersion: 12.9.6.28
7272b90.2b84: FileVersion: 12.9.6.28
7282b90.2b84: FileDescription: Symantec Event Library
7292b90.2b84: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
7302b90.2b84: Calling main()
7312b90.2b84: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
7322b90.2b84: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
7332b90.2b84: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
7342b90.2b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe)
7352b90.2b84: SUPR3HardenedMain: Final process, opening VBoxDrv...
7362b90.2b84: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000c00000 LB 0x400000)
7372b90.2b84: supR3HardNtEnableThreadCreation:
7382b90.2b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
7392b90.2b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
7402b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
7412b90.2b84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
7422b90.2b84: supR3HardenedDllNotificationCallback: load 00007ff90aae0000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
7432b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
7442b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
7452b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7462b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90aae0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
7472b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
7482b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7492b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90aae0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
7502b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90aae0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
7512b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
7522b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
7532b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
7542b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
7552b90.2b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wintrust.dll)
7562b90.2b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wintrust.dll
7572b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
7582b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
7592b90.2b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll)
7602b90.2b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
7612b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
7622b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
7632b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'msasn1.dll'.
7642b90.2b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\crypt32.dll)
7652b90.2b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\crypt32.dll
7662b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
7672b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
7682b90.2b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msasn1.dll)
7692b90.2b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msasn1.dll
7702b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
7712b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
7722b90.2b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcrt.dll)
7732b90.2b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
7742b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
7752b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
7762b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
7772b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
7782b90.2b84: supR3HardenedDllNotificationCallback: load 00007ff915ba0000 LB 0x0009d000 C:\windows\System32\msvcrt.dll [fFlags=0x0]
7792b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
7802b90.2b84: supR3HardenedDllNotificationCallback: load 00007ff913b50000 LB 0x00011000 C:\windows\System32\MSASN1.dll [fFlags=0x0]
7812b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
7822b90.2b84: supR3HardenedDllNotificationCallback: load 00007ff914850000 LB 0x000f6000 C:\windows\System32\ucrtbase.dll [fFlags=0x0]
7832b90.2b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ucrtbase.dll)
7842b90.2b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ucrtbase.dll
7852b90.2b84: supR3HardenedDllNotificationCallback: load 00007ff914370000 LB 0x001c9000 C:\windows\System32\CRYPT32.dll [fFlags=0x0]
7862b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
7872b90.2b84: supR3HardenedDllNotificationCallback: load 00007ff915110000 LB 0x00125000 C:\windows\System32\RPCRT4.dll [fFlags=0x0]
7882b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
7892b90.2b84: supR3HardenedDllNotificationCallback: load 00007ff914e20000 LB 0x00059000 C:\windows\System32\sechost.dll [fFlags=0x0]
7902b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
7912b90.2b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\sechost.dll)
7922b90.2b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sechost.dll
7932b90.2b84: supR3HardenedDllNotificationCallback: load 00007ff915af0000 LB 0x000a1000 C:\windows\System32\advapi32.dll [fFlags=0x0]
7942b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
7952b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'sechost.dll'.
7962b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
7972b90.2b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\advapi32.dll)
7982b90.2b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\advapi32.dll
7992b90.2b84: supR3HardenedDllNotificationCallback: load 00007ff9149c0000 LB 0x00056000 C:\windows\System32\Wintrust.dll [fFlags=0x0]
8002b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
8012b90.2b84: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
8022b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
8032b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914600000 'api-ms-win-core-synch-l1-2-0'
8042b90.2b84: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
8052b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
8062b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914600000 'api-ms-win-core-fibers-l1-1-1'
8072b90.2b84: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
8082b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
8092b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914600000 'api-ms-win-core-fibers-l1-1-1'
8102b90.2b84: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
8112b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
8122b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914600000 'api-ms-win-core-synch-l1-2-0'
8132b90.2b84: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
8142b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
8152b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914600000 'api-ms-win-core-localization-l1-2-1'
8162b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9149c0000 'C:\windows\system32\Wintrust.dll'
8172b90.2b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcrypt.dll)
8182b90.2b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
8192b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8202b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8212b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
8222b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
8232b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume3\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
8242b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\sechost.dll [lacks WinVerifyTrust]
8252b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8262b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8272b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8282b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8292b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8302b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
8312b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
8322b90.2b84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
8332b90.2b84: supR3HardenedDllNotificationCallback: load 00007ff9138f0000 LB 0x00025000 C:\windows\system32\bcrypt.dll [fFlags=0x0]
8342b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
8352b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9138f0000 'C:\windows\system32\bcrypt.dll'
8362b90.2b84: bcrypt.dll loaded at 00007ff9138f0000, BCryptOpenAlgorithmProvider at 00007ff9138f4aa0, preloading providers:
8372b90.2b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll)
8382b90.2b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
8392b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8402b90.2b84: supR3HardenedDllNotificationCallback: load 00007ff914950000 LB 0x0006a000 C:\windows\System32\bcryptprimitives.dll [fFlags=0x0]
8412b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
8422b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914950000 'C:\windows\system32\bcryptprimitives.dll'
8432b90.2b84: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=000000000104dc20)
8442b90.2b84: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=000000000104ea40)
8452b90.2b84: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=000000000104f520)
8462b90.2b84: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=000000000104f7f0)
8472b90.2b84: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=000000000104fac0)
8482b90.2b84: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=000000000104fd90)
8492b90.2b84: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000001050060)
8502b90.2b84: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000001050330)
8512b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
8522b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8532b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9149c0000 'C:\Windows\System32\WINTRUST.DLL'
8542b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
8552b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8562b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9149c0000 'C:\Windows\System32\WINTRUST.DLL'
8572b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
8582b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8592b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9149c0000 'C:\Windows\System32\WINTRUST.DLL'
8602b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
8612b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8622b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9149c0000 'C:\Windows\System32\WINTRUST.DLL'
8632b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
8642b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8652b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9149c0000 'C:\Windows\System32\WINTRUST.DLL'
8662b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
8672b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8682b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9149c0000 'C:\Windows\System32\WINTRUST.DLL'
8692b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
8702b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8712b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9149c0000 'C:\Windows\System32\WINTRUST.DLL'
8722b90.2b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptsp.dll)
8732b90.2b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptsp.dll
8742b90.2b84: supR3HardenedDllNotificationCallback: load 00007ff913560000 LB 0x00017000 C:\windows\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
8752b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
8762b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'bcrypt.dll'.
8772b90.2b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rsaenh.dll)
8782b90.2b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
8792b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
8802b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
8812b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
8822b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8832b90.2b84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8842b90.2b84: supR3HardenedDllNotificationCallback: load 00007ff912fc0000 LB 0x00034000 C:\windows\system32\rsaenh.dll [fFlags=0x0]
8852b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8862b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
8872b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
8882b90.2b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptbase.dll)
8892b90.2b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptbase.dll
8902b90.2b84: supR3HardenedDllNotificationCallback: load 00007ff913540000 LB 0x0000b000 C:\windows\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
8912b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
8922b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
8932b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
8942b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
8952b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
8962b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8972b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914bb0000 'C:\windows\System32\kernel32.dll'
8982b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
8992b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9149c0000 'C:\Windows\System32\WINTRUST.DLL'
9002b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
9012b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
9022b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914370000 'C:\windows\System32\CRYPT32.dll'
9032b90.2b84: supR3HardenedDllNotificationCallback: load 00007ff916150000 LB 0x0001d000 C:\windows\System32\imagehlp.dll [fFlags=0x0]
9042b90.2b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\imagehlp.dll)
9052b90.2b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imagehlp.dll
9062b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9072b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9082b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
9092b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
9102b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
9112b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'crypt32.dll'.
9122b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'bcrypt.dll'.
9132b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'ncrypt.dll'.
9142b90.2b84: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\ngcrecovery.dll)
9152b90.2b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ngcrecovery.dll
9162b90.2b84: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000000200 (hFile=00000000000001f4) with 0xc0000022 -> STATUS_TRUST_FAILURE
9172b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9182b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
9192b90.2b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gpapi.dll)
9202b90.2b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gpapi.dll
9212b90.2b84: supR3HardenedDllNotificationCallback: load 00007ff912870000 LB 0x00022000 C:\windows\SYSTEM32\gpapi.dll [fFlags=0x0]
9222b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
9232b90.2b84: supR3HardenedDllNotificationCallback: load 00007ff913b10000 LB 0x00015000 C:\windows\System32\profapi.dll [fFlags=0x0]
9242b90.2b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\profapi.dll)
9252b90.2b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\profapi.dll
9262b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9272b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
9282b90.2b84: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\cryptnet.dll)
9292b90.2b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptnet.dll
9302b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
9312b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
9322b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
9332b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9342b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9352b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9362b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9372b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9382b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
9392b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9402b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9412b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9422b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ncrypt.dll'...
9432b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'ncrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\ncrypt.dll' [rcNtRedir=0xc0150008]
9442b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcrypt.dll'.
9452b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'ntasn1.dll'.
9462b90.2b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ncrypt.dll)
9472b90.2b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ncrypt.dll
9482b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
9492b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
9502b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
9512b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
9522b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
9532b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
9542b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9552b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9562b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
9572b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
9582b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
9592b90.2b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll)
9602b90.2b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
9612b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntasn1.dll'...
9622b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\ntasn1.dll' [rcNtRedir=0xc0150008]
9632b90.2b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntasn1.dll)
9642b90.2b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntasn1.dll
9652b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
9662b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
9672b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
9682b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9692b90.2b84: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9702b90.2b84: supR3HardenedDllNotificationCallback: load 00007ff904d50000 LB 0x0002f000 C:\windows\System32\cryptnet.dll [fFlags=0x0]
9712b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9722b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9732b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
9742b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904d50000 'C:\windows\System32\cryptnet.dll'
9752b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9762b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
9772b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904d50000 'C:\windows\System32\cryptnet.dll'
9782b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9792b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
9802b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904d50000 'C:\windows\System32\cryptnet.dll'
9812b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9822b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
9832b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904d50000 'C:\windows\System32\cryptnet.dll'
9842b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9852b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
9862b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904d50000 'C:\windows\System32\cryptnet.dll'
9872b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9882b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
9892b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904d50000 'C:\windows\System32\cryptnet.dll'
9902b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9912b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904d50000 'C:\windows\System32\cryptnet.dll'
9922b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9932b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904d50000 'C:\windows\System32\cryptnet.dll'
9942b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9952b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904d50000 'C:\windows\System32\cryptnet.dll'
9962b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9972b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904d50000 'C:\windows\System32\cryptnet.dll'
9982b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9992b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904d50000 'C:\windows\System32\cryptnet.dll'
10002b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904d50000 'C:\windows\System32\cryptnet.dll'
10012b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
10022b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff904d50000 'C:\Windows\System32\cryptnet.dll'
10032b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10042b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10052b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
10062b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
10072b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10082b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914370000 'C:\windows\System32\crypt32.dll'
10092b90.2b84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
10102b90.2b84: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000010e0520
10112b90.2b84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010e0520
10122b90.2b84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8B20614B43CC15BF412F46E920338E687B9EB4BD
10132b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
10142b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10152b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff915110000 'C:\windows\System32\rpcrt4.dll'
10162b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
10172b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9149c0000 'C:\Windows\System32\WINTRUST.DLL'
10182b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
10192b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9149c0000 'C:\Windows\System32\WINTRUST.DLL'
10202b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
10212b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9149c0000 'C:\Windows\System32\WINTRUST.DLL'
10222b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
10232b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9149c0000 'C:\Windows\System32\WINTRUST.DLL'
10242b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
10252b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9149c0000 'C:\Windows\System32\WINTRUST.DLL'
10262b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
10272b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9149c0000 'C:\Windows\System32\WINTRUST.DLL'
10282b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
10292b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10302b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9149c0000 'C:\Windows\System32\WINTRUST.DLL'
10312b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10322b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10332b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
10342b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
10352b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10362b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914370000 'C:\windows\System32\crypt32.dll'
10372b90.2b84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1109_for_KB4025342~31bf3856ad364e35~amd64~~10.0.1.13.cat'; file='\SystemRoot\System32\ntdll.dll'
10382b90.2b84: g_pfnWinVerifyTrust=00007ff9149cd3e0
10392b90.2b84: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
10402b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10412b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10422b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
10432b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
10442b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10452b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914370000 'C:\windows\System32\crypt32.dll'
10462b90.2b84: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\crypt32.dll'
10472b90.2b84: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
10482b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10492b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10502b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
10512b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914370000 'C:\windows\System32\crypt32.dll'
10522b90.2b84: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\wintrust.dll'
10532b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10542b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10552b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
10562b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914370000 'C:\windows\System32\crypt32.dll'
10572b90.2b84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ntasn1.dll'
10582b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10592b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
10602b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914370000 'C:\windows\System32\crypt32.dll'
10612b90.2b84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'
10622b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10632b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
10642b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914370000 'C:\windows\System32\crypt32.dll'
10652b90.2b84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ncrypt.dll'
10662b90.2b84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000039c pwszName=\Device\HarddiskVolume3\Windows\System32\cryptnet.dll
10672b90.2b84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010e0520
10682b90.2b84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010e0520
10692b90.2b84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=30DAE41220776EDDC1F05DDBB10EE8379CC41546
10702b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10712b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
10722b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914370000 'C:\windows\System32\crypt32.dll'
10732b90.2b84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-CoreSystem-onecore-Package~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\cryptnet.dll'
10742b90.2b84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10752b90.2b84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptnet.dll'
10762b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10772b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
10782b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914370000 'C:\windows\System32\crypt32.dll'
10792b90.2b84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\profapi.dll'
10802b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10812b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
10822b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914370000 'C:\windows\System32\crypt32.dll'
10832b90.2b84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gpapi.dll'
10842b90.2b84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001fc pwszName=\Device\HarddiskVolume3\Windows\System32\ngcrecovery.dll
10852b90.2b84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010e0520
10862b90.2b84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010e0520
10872b90.2b84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6FF31F66ACC1741364CE15D70DCEA891F87E6083
10882b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10892b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
10902b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
10912b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10922b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914370000 'C:\windows\System32\crypt32.dll'
10932b90.2b84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-Security-Ngc-Package~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\ngcrecovery.dll'
10942b90.2b84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10952b90.2b84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ngcrecovery.dll'
10962b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10972b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
10982b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914370000 'C:\windows\System32\crypt32.dll'
10992b90.2b84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imagehlp.dll'
11002b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
11012b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11022b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
11032b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914370000 'C:\windows\System32\crypt32.dll'
11042b90.2b84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptbase.dll'
11052b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
11062b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
11072b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914370000 'C:\windows\System32\crypt32.dll'
11082b90.2b84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rsaenh.dll'
11092b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
11102b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914370000 'C:\windows\System32\crypt32.dll'
11112b90.2b84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptsp.dll'
11122b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
11132b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914370000 'C:\windows\System32\crypt32.dll'
11142b90.2b84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll'
11152b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
11162b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914370000 'C:\windows\System32\crypt32.dll'
11172b90.2b84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll'
11182b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
11192b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914370000 'C:\windows\System32\crypt32.dll'
11202b90.2b84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\advapi32.dll'
11212b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
11222b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914370000 'C:\windows\System32\crypt32.dll'
11232b90.2b84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\sechost.dll'
11242b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
11252b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914370000 'C:\windows\System32\crypt32.dll'
11262b90.2b84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ucrtbase.dll'
11272b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
11282b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914370000 'C:\windows\System32\crypt32.dll'
11292b90.2b84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll'
11302b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
11312b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914370000 'C:\windows\System32\crypt32.dll'
11322b90.2b84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msasn1.dll'
11332b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
11342b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914370000 'C:\windows\System32\crypt32.dll'
11352b90.2b84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll'
11362b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
11372b90.2b84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
11382b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
11392b90.2b84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe'
11402b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
11412b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914370000 'C:\windows\System32\crypt32.dll'
11422b90.2b84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\KernelBase.dll'
11432b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
11442b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914370000 'C:\windows\System32\crypt32.dll'
11452b90.2b84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\kernel32.dll'
11462b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914370000 'C:\windows\system32\crypt32.dll'
11472b90.2b84: supR3HardenedWinIsDesiredRootCA: Adding 0xb1d8ec7b88faa300 CN=CZCHOWS3760.prg-dc.dhl.com
11482b90.2b84: supR3HardenedWinIsDesiredRootCA: Adding 0x5f59d6d2057eb000 CN=RUMOWWN3016799.prg-dc.dhl.com
11492b90.2b84: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
11502b90.2b84: supR3HardenedWinIsDesiredRootCA: Adding 0x2335b909e9c4d500 CN=MININT-4FT3K5G
11512b90.2b84: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
11522b90.2b84: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
11532b90.2b84: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
11542b90.2b84: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
11552b90.2b84: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
11562b90.2b84: supR3HardenedWinIsDesiredRootCA: Adding 0xda2f1ade6b76b100 C=US, ST=California, L=Burlingame, O=DHL, OU=Systems, CN=DHL Global CA
11572b90.2b84: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
11582b90.2b84: supR3HardenedWinIsDesiredRootCA: Adding 0xa2236048dacac200 CN=MININT-4FT3K5G
11592b90.2b84: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
11602b90.2b84: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
11612b90.2b84: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
11622b90.2b84: supR3HardenedWinIsDesiredRootCA: Adding 0x353be883fea3c900 CN=RUMOWWN3016799
11632b90.2b84: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
11642b90.2b84: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
11652b90.2b84: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
11662b90.2b84: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
11672b90.2b84: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
11682b90.2b84: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
11692b90.2b84: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
11702b90.2b84: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
11712b90.2b84: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
11722b90.2b84: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
11732b90.2b84: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
11742b90.2b84: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
11752b90.2b84: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
11762b90.2b84: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
11772b90.2b84: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
11782b90.2b84: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
11792b90.2b84: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
11802b90.2b84: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
11812b90.2b84: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
11822b90.2b84: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
11832b90.2b84: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
11842b90.2b84: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
11852b90.2b84: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
11862b90.2b84: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
11872b90.2b84: supR3HardenedWinIsDesiredRootCA: Adding 0x6e545ef37db69da4 DC=com, DC=dhl, DC=prg-dc, CN=DPDHL DSC WIFI CA I3
11882b90.2b84: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
11892b90.2b84: supR3HardenedWinIsDesiredRootCA: Adding 0xa59705fab012da00 DC=com, DC=dhl, DC=prg-dc, CN=DPDHL Machine CA I3
11902b90.2b84: supR3HardenedWinIsDesiredRootCA: Adding 0xa59705fab012da00 DC=com, DC=dhl, DC=prg-dc, CN=DPDHL Machine CA I3
11912b90.2b84: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
11922b90.2b84: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=45
11932b90.2b84: SUPR3HardenedMain: Load Runtime...
11942b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
11952b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
11962b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
11972b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
11982b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
11992b90.2b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
12002b90.2b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
12012b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
12022b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
12032b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
12042b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
12052b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
12062b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
12072b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12082b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
12092b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
12102b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12112b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914370000 'C:\windows\System32\crypt32.dll'
12122b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
12132b90.2b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ws2_32.dll) WinVerifyTrust
12142b90.2b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
12152b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
12162b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
12172b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
12182b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
12192b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
12202b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
12212b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
12222b90.2b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
12232b90.2b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
12242b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
12252b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
12262b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
12272b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
12282b90.2b84: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12292b90.2b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll)
12302b90.2b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
12312b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
12322b90.2b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
12332b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
12342b90.2b84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
12352b90.2b84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
12362b90.2b84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
12372b90.2b84: supR3HardenedDllNotificationCallback: load 0000000061bf0000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
12382b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
12392b90.2b84: supR3HardenedDllNotificationCallback: load 0000000061cd0000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
12402b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
12412b90.2b84: supR3HardenedDllNotificationCallback: load 00007ff914db0000 LB 0x0006c000 C:\windows\System32\WS2_32.dll [fFlags=0x0]
12422b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
12432b90.2b84: supR3HardenedDllNotificationCallback: load 00007ff8e9290000 LB 0x0053f000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
12442b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
12452b90.2b84: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12462b90.2b84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12472b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
12482b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12492b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e9290000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12502b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
12512b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12522b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e9290000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12532b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
12542b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12552b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e9290000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12562b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
12572b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12582b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e9290000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12592b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
12602b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12612b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e9290000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12622b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
12632b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12642b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e9290000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12652b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e9290000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12662b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e9290000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12672b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e9290000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12682b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e9290000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12692b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e9290000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12702b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e9290000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12712b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e9290000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12722b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
12732b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12742b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e9290000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12752b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e9290000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12762b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e9290000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12772b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e9290000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12782b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e9290000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12792b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e9290000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12802b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e9290000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12812b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e9290000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12822b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e9290000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12832b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e9290000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12842b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e9290000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12852b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e9290000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12862b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e9290000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12872b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e9290000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12882b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e9290000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12892b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e9290000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12902b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
12912b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12922b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e9290000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12932b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e9290000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12942b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e9290000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12952b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e9290000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12962b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9149c0000 'C:\windows\system32\Wintrust.dll'
12972b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
12982b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914370000 'C:\windows\System32\crypt32.dll'
12992b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
13002b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914370000 'C:\windows\System32\crypt32.dll'
13012b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914370000 'C:\windows\system32\crypt32.dll'
13022b90.2b84: SUPR3HardenedMain: Load TrustedMain...
13032b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
13042b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
13052b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
13062b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
13072b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
13082b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
13092b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5guivbox.dll'.
13102b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5widgetsvbox.dll'.
13112b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5printsupportvbox.dll'.
13122b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
13132b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
13142b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
13152b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
13162b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
13172b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
13182b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'.
13192b90.2b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
13202b90.2b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.dll
13212b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
13222b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
13232b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
13242b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914370000 'C:\windows\System32\crypt32.dll'
13252b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
13262b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
13272b90.2b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winmm.dll) WinVerifyTrust
13282b90.2b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winmm.dll
13292b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
13302b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
13312b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13322b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13332b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
13342b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
13352b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
13362b90.2b84: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'.
13372b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
13382b90.2b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winmmbase.dll)
13392b90.2b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winmmbase.dll
13402b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13412b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13422b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
13432b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
13442b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914370000 'C:\windows\System32\crypt32.dll'
13452b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
13462b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
13472b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
13482b90.2b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\oleaut32.dll) WinVerifyTrust
13492b90.2b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
13502b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
13512b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
13522b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
13532b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
13542b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
13552b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
13562b90.2b84: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
13572b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
13582b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'bcryptprimitives.dll'.
13592b90.2b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\combase.dll)
13602b90.2b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\combase.dll
13612b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
13622b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
13632b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
13642b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
13652b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
13662b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
13672b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
13682b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
13692b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
13702b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914370000 'C:\windows\System32\crypt32.dll'
13712b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'rpcrt4.dll'.
13722b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'gdi32.dll'.
13732b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'user32.dll'.
13742b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'combase.dll'.
13752b90.2b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ole32.dll) WinVerifyTrust
13762b90.2b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ole32.dll
13772b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
13782b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
13792b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
13802b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
13812b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [lacks WinVerifyTrust]
13822b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13832b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13842b90.2b84: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
13852b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
13862b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'gdi32.dll'.
13872b90.2b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\user32.dll)
13882b90.2b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\user32.dll
13892b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13902b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13912b90.2b84: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
13922b90.2b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32.dll)
13932b90.2b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32.dll
13942b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
13952b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
13962b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13972b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13982b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
13992b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
14002b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
14012b90.2b84: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
14022b90.2b84: '\Device\HarddiskVolume3\Windows\System32\win32u.dll' has no imports
14032b90.2b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\win32u.dll)
14042b90.2b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\win32u.dll
14052b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
14062b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914370000 'C:\windows\System32\crypt32.dll'
14072b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14082b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #67 'user32.dll'.
14092b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #69 'gdi32.dll'.
14102b90.2b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shell32.dll) WinVerifyTrust
14112b90.2b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shell32.dll
14122b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
14132b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
14142b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
14152b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14162b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14172b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [redoing WinVerifyTrust]
14182b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
14192b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
14202b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
14212b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14222b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14232b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
14242b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
14252b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
14262b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
14272b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
14282b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914370000 'C:\windows\System32\crypt32.dll'
14292b90.2b84: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\user32.dll'
14302b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
14312b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
14322b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
14332b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
14342b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
14352b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
14362b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
14372b90.2b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
14382b90.2b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
14392b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5printsupportvbox.dll'...
14402b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5printsupportvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5printsupportvbox.dll' [rcNtRedir=0xc0150008]
14412b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
14422b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
14432b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
14442b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
14452b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
14462b90.2b84: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'.
14472b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
14482b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
14492b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
14502b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
14512b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
14522b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
14532b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
14542b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
14552b90.2b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll)
14562b90.2b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
14572b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
14582b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
14592b90.2b84: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'.
14602b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
14612b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
14622b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
14632b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
14642b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
14652b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
14662b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
14672b90.2b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll)
14682b90.2b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
14692b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
14702b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
14712b90.2b84: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
14722b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
14732b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
14742b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
14752b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
14762b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
14772b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
14782b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
14792b90.2b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll)
14802b90.2b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
14812b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
14822b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
14832b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
14842b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
14852b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
14862b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
14872b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
14882b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
14892b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
14902b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
14912b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
14922b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
14932b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
14942b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
14952b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
14962b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14972b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14982b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
14992b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15002b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15012b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
15022b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
15032b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
15042b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
15052b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
15062b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
15072b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
15082b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
15092b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
15102b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
15112b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15122b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15132b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
15142b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15152b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15162b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
15172b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
15182b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
15192b90.2b84: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\opengl32.dll'.
15202b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
15212b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
15222b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
15232b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
15242b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'glu32.dll'.
15252b90.2b84: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\opengl32.dll)
15262b90.2b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\opengl32.dll
15272b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
15282b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
15292b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
15302b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
15312b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
15322b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
15332b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
15342b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
15352b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
15362b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
15372b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
15382b90.2b84: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
15392b90.2b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\mpr.dll)
15402b90.2b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\mpr.dll
15412b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
15422b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
15432b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
15442b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
15452b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
15462b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
15472b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
15482b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
15492b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
15502b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
15512b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
15522b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
15532b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15542b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15552b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
15562b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
15572b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
15582b90.2b84: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
15592b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
15602b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
15612b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'opengl32.dll'.
15622b90.2b84: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\glu32.dll)
15632b90.2b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\glu32.dll
15642b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15652b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15662b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
15672b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15682b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15692b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
15702b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
15712b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
15722b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
15732b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15742b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15752b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
15762b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
15772b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
15782b90.2b84: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
15792b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15802b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15812b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
15822b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15832b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15842b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
15852b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
15862b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
15872b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5widgetsvbox.dll'.
15882b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
15892b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
15902b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
15912b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'comdlg32.dll'.
15922b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcr100.dll'.
15932b90.2b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll) WinVerifyTrust
15942b90.2b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
15952b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
15962b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
15972b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [redoing WinVerifyTrust]
15982b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
15992b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
16002b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
16012b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
16022b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume3\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
16032b90.2b84: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\comdlg32.dll'.
16042b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16052b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'user32.dll'.
16062b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'shlwapi.dll'.
16072b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
16082b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'comctl32.dll'.
16092b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'shell32.dll'.
16102b90.2b84: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\comdlg32.dll)
16112b90.2b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\comdlg32.dll
16122b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
16132b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume3\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
16142b90.2b84: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\winspool.drv'.
16152b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16162b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'bcrypt.dll'.
16172b90.2b84: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\winspool.drv)
16182b90.2b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winspool.drv
16192b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
16202b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
16212b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
16222b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
16232b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
16242b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
16252b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
16262b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
16272b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust]
16282b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16292b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16302b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
16312b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16322b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16332b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
16342b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
16352b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
16362b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
16372b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16382b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16392b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
16402b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
16412b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
16422b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
16432b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
16442b90.2b84: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\comctl32.dll'.
16452b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
16462b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
16472b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
16482b90.2b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\comctl32.dll)
16492b90.2b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\comctl32.dll
16502b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16512b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16522b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
16532b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
16542b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
16552b90.2b84: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'.
16562b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
16572b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'gdi32.dll'.
16582b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'user32.dll'.
16592b90.2b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shlwapi.dll)
16602b90.2b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
16612b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16622b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16632b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16642b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16652b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16662b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16672b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16682b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16692b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
16702b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16712b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16722b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16732b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16742b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16752b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16762b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
16772b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
16782b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
16792b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
16802b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
16812b90.2b84: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'
16822b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
16832b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
16842b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust]
16852b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
16862b90.2b84: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'
16872b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
16882b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
16892b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust]
16902b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
16912b90.2b84: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'
16922b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
16932b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
16942b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [redoing WinVerifyTrust]
16952b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
16962b90.2b84: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'
16972b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
16982b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
16992b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
17002b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
17012b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
17022b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
17032b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
17042b90.2b84: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
17052b90.2b84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000540 pwszName=\Device\HarddiskVolume3\Windows\System32\opengl32.dll
17062b90.2b84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010e0520
17072b90.2b84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010e0520
17082b90.2b84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3C84CAE716539BA897604EBDDBAB05F52E4868A0
17092b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
17102b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914370000 'C:\windows\System32\crypt32.dll'
17112b90.2b84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecoreuap~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\opengl32.dll'
17122b90.2b84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17132b90.2b84: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\opengl32.dll'
17142b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
17152b90.2b84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.dll
17162b90.2b84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
17172b90.2b84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
17182b90.2b84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
17192b90.2b84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
17202b90.2b84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
17212b90.2b84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
17222b90.2b84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
17232b90.2b84: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
17242b90.2b84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
17252b90.2b84: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
17262b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
17272b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
17282b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
17292b90.2b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_0e0f5dcc67adff4e\comctl32.dll)
17302b90.2b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_0e0f5dcc67adff4e\comctl32.dll
17312b90.2b84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
17322b90.2b84: supR3HardenedDllNotificationCallback: load 00007ff914540000 LB 0x0001e000 C:\windows\System32\win32u.dll [fFlags=0x0]
17332b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [avoiding WinVerifyTrust]
17342b90.2b84: supR3HardenedDllNotificationCallback: load 00007ff914560000 LB 0x0009a000 C:\windows\System32\msvcp_win.dll [fFlags=0x0]
17352b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
17362b90.2b84: supR3HardenedDllNotificationCallback: load 00007ff914a20000 LB 0x00188000 C:\windows\System32\gdi32full.dll [fFlags=0x0]
17372b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
17382b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'gdi32.dll'.
17392b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'user32.dll'.
17402b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'win32u.dll'.
17412b90.2b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32full.dll)
17422b90.2b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32full.dll
17432b90.2b84: supR3HardenedDllNotificationCallback: load 00007ff915240000 LB 0x00027000 C:\windows\System32\GDI32.dll [fFlags=0x0]
17442b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [avoiding WinVerifyTrust]
17452b90.2b84: supR3HardenedDllNotificationCallback: load 00007ff914c60000 LB 0x0014a000 C:\windows\System32\USER32.dll [fFlags=0x0]
17462b90.2b84: supR3HardenedDllNotificationCallback: load 00007ff8fa340000 LB 0x0002c000 C:\windows\SYSTEM32\GLU32.dll [fFlags=0x0]
17472b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
17482b90.2b84: supR3HardenedDllNotificationCallback: load 00007ff8f3100000 LB 0x00121000 C:\windows\SYSTEM32\OPENGL32.dll [fFlags=0x0]
17492b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
17502b90.2b84: supR3HardenedDllNotificationCallback: load 00007ff914320000 LB 0x00049000 C:\windows\System32\cfgmgr32.dll [fFlags=0x0]
17512b90.2b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll)
17522b90.2b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
17532b90.2b84: supR3HardenedDllNotificationCallback: load 00007ff9153c0000 LB 0x002f9000 C:\windows\System32\combase.dll [fFlags=0x0]
17542b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [avoiding WinVerifyTrust]
17552b90.2b84: supR3HardenedDllNotificationCallback: load 00007ff915a40000 LB 0x000aa000 C:\windows\System32\shcore.dll [fFlags=0x0]
17562b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17572b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'rpcrt4.dll'.
17582b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'combase.dll'.
17592b90.2b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\SHCore.dll)
17602b90.2b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\SHCore.dll
17612b90.2b84: supR3HardenedDllNotificationCallback: load 00007ff914e80000 LB 0x00051000 C:\windows\System32\shlwapi.dll [fFlags=0x0]
17622b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll [avoiding WinVerifyTrust]
17632b90.2b84: supR3HardenedDllNotificationCallback: load 00007ff913b30000 LB 0x00011000 C:\windows\System32\kernel.appcore.dll [fFlags=0x0]
17642b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'.
17652b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
17662b90.2b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll)
17672b90.2b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll
17682b90.2b84: supR3HardenedDllNotificationCallback: load 00007ff913ac0000 LB 0x0004c000 C:\windows\System32\powrprof.dll [fFlags=0x0]
17692b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
17702b90.2b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\powrprof.dll)
17712b90.2b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\powrprof.dll
17722b90.2b84: supR3HardenedDllNotificationCallback: load 00007ff913b70000 LB 0x006f2000 C:\windows\System32\windows.storage.dll [fFlags=0x0]
17732b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17742b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
17752b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #50 'combase.dll'.
17762b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #63 'profapi.dll'.
17772b90.2b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\windows.storage.dll)
17782b90.2b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\windows.storage.dll
17792b90.2b84: supR3HardenedDllNotificationCallback: load 00007ff916170000 LB 0x01437000 C:\windows\System32\SHELL32.dll [fFlags=0x0]
17802b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
17812b90.2b84: supR3HardenedDllNotificationCallback: load 00007ff915270000 LB 0x00145000 C:\windows\System32\ole32.dll [fFlags=0x0]
17822b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
17832b90.2b84: supR3HardenedDllNotificationCallback: load 00007ff903200000 LB 0x0001b000 C:\windows\SYSTEM32\MPR.dll [fFlags=0x0]
17842b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
17852b90.2b84: supR3HardenedDllNotificationCallback: load 0000000061680000 LB 0x00565000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
17862b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
17872b90.2b84: supR3HardenedDllNotificationCallback: load 00007ff8e8c90000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
17882b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
17892b90.2b84: supR3HardenedDllNotificationCallback: load 0000000061110000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
17902b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
17912b90.2b84: supR3HardenedDllNotificationCallback: load 00007ff909180000 LB 0x0008a000 C:\windows\SYSTEM32\WINSPOOL.DRV [fFlags=0x0]
17922b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
17932b90.2b84: supR3HardenedDllNotificationCallback: load 00007ff8e7500000 LB 0x000a6000 C:\windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_0e0f5dcc67adff4e\COMCTL32.dll [fFlags=0x0]
17942b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_0e0f5dcc67adff4e\comctl32.dll [avoiding WinVerifyTrust]
17952b90.2b84: supR3HardenedDllNotificationCallback: load 00007ff9156c0000 LB 0x00108000 C:\windows\System32\COMDLG32.dll [fFlags=0x0]
17962b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\comdlg32.dll [avoiding WinVerifyTrust]
17972b90.2b84: supR3HardenedDllNotificationCallback: load 00007ff8fd730000 LB 0x00051000 C:\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll [fFlags=0x0]
17982b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
17992b90.2b84: supR3HardenedDllNotificationCallback: load 00000000610b0000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
18002b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
18012b90.2b84: supR3HardenedDllNotificationCallback: load 00007ff916080000 LB 0x000c0000 C:\windows\System32\OLEAUT32.dll [fFlags=0x0]
18022b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
18032b90.2b84: supR3HardenedDllNotificationCallback: load 00007ff910bb0000 LB 0x0002b000 C:\windows\SYSTEM32\WINMMBASE.dll [fFlags=0x0]
18042b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
18052b90.2b84: supR3HardenedDllNotificationCallback: load 00007ff910be0000 LB 0x00023000 C:\windows\SYSTEM32\WINMM.dll [fFlags=0x0]
18062b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
18072b90.2b84: supR3HardenedDllNotificationCallback: load 00007ff8df800000 LB 0x008eb000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
18082b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.dll
18092b90.2b84: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'.
18102b90.2b84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' [rescheduled]
18112b90.2b84: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'.
18122b90.2b84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled]
18132b90.2b84: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'.
18142b90.2b84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll' [rescheduled]
18152b90.2b84: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'.
18162b90.2b84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' [rescheduled]
18172b90.2b84: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'.
18182b90.2b84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rescheduled]
18192b90.2b84: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
18202b90.2b84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
18212b90.2b84: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_0e0f5dcc67adff4e\comctl32.dll'.
18222b90.2b84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_0e0f5dcc67adff4e\comctl32.dll' [rescheduled]
18232b90.2b84: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'.
18242b90.2b84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rescheduled]
18252b90.2b84: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\comctl32.dll'.
18262b90.2b84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\comctl32.dll' [rescheduled]
18272b90.2b84: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\winspool.drv'.
18282b90.2b84: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winspool.drv' [rescheduled]
18292b90.2b84: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\comdlg32.dll'.
18302b90.2b84: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\comdlg32.dll' [rescheduled]
18312b90.2b84: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
18322b90.2b84: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
18332b90.2b84: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
18342b90.2b84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
18352b90.2b84: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
18362b90.2b84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
18372b90.2b84: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
18382b90.2b84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
18392b90.2b84: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
18402b90.2b84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
18412b90.2b84: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'.
18422b90.2b84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled]
18432b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
18442b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
18452b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
18462b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\profapi.dll
18472b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
18482b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
18492b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [redoing WinVerifyTrust]
18502b90.2b84: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
18512b90.2b84: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\combase.dll
18522b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
18532b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
18542b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18552b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18562b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
18572b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
18582b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
18592b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
18602b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18612b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18622b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
18632b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
18642b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [redoing WinVerifyTrust]
18652b90.2b84: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
18662b90.2b84: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\combase.dll
18672b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
18682b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
18692b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18702b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18712b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
18722b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
18732b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [redoing WinVerifyTrust]
18742b90.2b84: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
18752b90.2b84: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\win32u.dll
18762b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18772b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18782b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18792b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18802b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
18812b90.2b84: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
18822b90.2b84: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\gdi32.dll
18832b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
18842b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
18852b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
18862b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18872b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18882b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18892b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18902b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
18912b90.2b84: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
18922b90.2b84: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\gdi32.dll
18932b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
18942b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
18952b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
18962b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
18972b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914bb0000 'C:\windows\System32\kernel32.dll'
18982b90.2b84: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
18992b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
19002b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914600000 'api-ms-win-core-string-l1-1-0'
19012b90.2b84: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
19022b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
19032b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914600000 'api-ms-win-core-datetime-l1-1-1'
19042b90.2b84: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
19052b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
19062b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914600000 'api-ms-win-core-localization-obsolete-l1-2-0'
19072b90.2b84: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
19082b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
19092b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'win32u.dll'.
19102b90.2b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\imm32.dll)
19112b90.2b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imm32.dll
19122b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
19132b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
19142b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [redoing WinVerifyTrust]
19152b90.2b84: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
19162b90.2b84: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\win32u.dll
19172b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19182b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19192b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
19202b90.2b84: supR3HardenedDllNotificationCallback: load 00007ff915830000 LB 0x0002d000 C:\windows\System32\IMM32.DLL [fFlags=0x0]
19212b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
19222b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff915830000 'C:\windows\system32\IMM32.DLL'
19232b90.2b84: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
19242b90.2b84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rescheduled]
19252b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [redoing WinVerifyTrust]
19262b90.2b84: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
19272b90.2b84: supR3HardenedScreenImage/LdrLoadDll: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\imm32.dll
19282b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
19292b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff915830000 'C:\windows\System32\imm32.dll'
19302b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
19312b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
19322b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff915af0000 'C:\windows\System32\ADVAPI32.DLL'
19332b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8df800000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
19342b90.2b84: SUPR3HardenedMain: Calling TrustedMain (00007ff8df801610)...
19352b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
19362b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
19372b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
19382b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
19392b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
19402b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
19412b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
19422b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
19432b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
19442b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
19452b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
19462b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
19472b90.2b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
19482b90.2b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
19492b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
19502b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
19512b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
19522b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
19532b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
19542b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
19552b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
19562b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
19572b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
19582b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
19592b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
19602b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
19612b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
19622b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
19632b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
19642b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
19652b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
19662b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
19672b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
19682b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
19692b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
19702b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
19712b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [redoing WinVerifyTrust]
19722b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
19732b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914370000 'C:\windows\System32\crypt32.dll'
19742b90.2b84: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll'
19752b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19762b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19772b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
19782b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
19792b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
19802b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
19812b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
19822b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
19832b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
19842b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
19852b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914370000 'C:\windows\System32\crypt32.dll'
19862b90.2b84: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'
19872b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
19882b90.2b84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
19892b90.2b84: supR3HardenedDllNotificationCallback: load 00007ff8df6d0000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
19902b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
19912b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8df6d0000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
19922b90.2b84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000006b4 pwszName=\Device\HarddiskVolume3\Windows\System32\uxtheme.dll
19932b90.2b84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010e0520
19942b90.2b84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010e0520
19952b90.2b84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B531FF2B0DDEF1474B5898F2B0278778FD6901AD
19962b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
19972b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914370000 'C:\windows\System32\crypt32.dll'
19982b90.2b84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-shell~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\uxtheme.dll'
19992b90.2b84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20002b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20012b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'gdi32.dll'.
20022b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'user32.dll'.
20032b90.2b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\uxtheme.dll) WinVerifyTrust
20042b90.2b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
20052b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20062b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20072b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
20082b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
20092b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20102b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20112b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
20122b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
20132b90.2b84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
20142b90.2b84: supR3HardenedDllNotificationCallback: load 00007ff9121e0000 LB 0x00095000 C:\windows\system32\uxtheme.dll [fFlags=0x0]
20152b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
20162b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9121e0000 'C:\windows\system32\uxtheme.dll'
20172b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914c60000 'C:\windows\system32\user32.dll'
20182b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
20192b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20202b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916170000 'C:\windows\system32\shell32.dll'
20212b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll [redoing WinVerifyTrust]
20222b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
20232b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914370000 'C:\windows\System32\crypt32.dll'
20242b90.2b84: supR3HardenedScreenImage/LdrLoadDll: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'
20252b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\SHCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20262b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff915a40000 'C:\windows\system32\SHCore.dll'
20272b90.2b84: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\windows\system32\wintab32.dll': 0 (NtPath=\??\C:\windows\system32\wintab32.dll; Input=C:\windows\system32\wintab32.dll; rcNtGetDll=0x0
20282b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\windows\system32\wintab32.dll'
20292b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20302b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'win32u.dll'.
20312b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'user32.dll'.
20322b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'gdi32.dll'.
20332b90.2b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dwmapi.dll)
20342b90.2b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dwmapi.dll
20352b90.2b84: supR3HardenedDllNotificationCallback: load 00007ff910870000 LB 0x0002a000 C:\windows\system32\dwmapi.dll [fFlags=0x0]
20362b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
20372b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
20382b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
20392b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20402b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20412b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
20422b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
20432b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
20442b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20452b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20462b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
20472b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914370000 'C:\windows\System32\crypt32.dll'
20482b90.2b84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dwmapi.dll'
20492b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
20502b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20512b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff910be0000 'C:\windows\system32\winmm.dll'
20522b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
20532b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20542b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff910be0000 'C:\windows\system32\winmm.dll'
20552b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
20562b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20572b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916170000 'C:\windows\system32\shell32.dll'
20582b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
20592b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20602b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9121e0000 'C:\windows\system32\uxtheme.dll'
20612b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
20622b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20632b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff915af0000 'C:\windows\system32\advapi32.dll'
20642b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
20652b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914370000 'C:\windows\System32\crypt32.dll'
20662b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
20672b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'profapi.dll'.
20682b90.2b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\userenv.dll) WinVerifyTrust
20692b90.2b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\userenv.dll
20702b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
20712b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
20722b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\profapi.dll
20732b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
20742b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
20752b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
20762b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20772b90.2b84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll
20782b90.2b84: supR3HardenedDllNotificationCallback: load 00007ff9139c0000 LB 0x00029000 C:\windows\system32\userenv.dll [fFlags=0x0]
20792b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll
20802b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9139c0000 'C:\windows\system32\userenv.dll'
20812b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
20822b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20832b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914bb0000 'C:\windows\System32\kernel32.dll'
20842b90.2b84: supR3HardenedDllNotificationCallback: load 00007ff9175b0000 LB 0x0009e000 C:\windows\System32\clbcatq.dll [fFlags=0x0]
20852b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20862b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
20872b90.2b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\clbcatq.dll)
20882b90.2b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\clbcatq.dll
20892b90.2b6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
20902b90.2b6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
20912b90.2b6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20922b90.2b6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20932b90.2b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
20942b90.2b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914370000 'C:\windows\System32\crypt32.dll'
20952b90.2b6c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\clbcatq.dll'
20962b90.2b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
20972b90.2b6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
20982b90.2b6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
20992b90.2b6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
21002b90.2b6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
21012b90.2b6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
21022b90.2b6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
21032b90.2b6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
21042b90.2b6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
21052b90.2b6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
21062b90.2b6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
21072b90.2b6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
21082b90.2b6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
21092b90.2b6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
21102b90.2b6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
21112b90.2b6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
21122b90.2b6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
21132b90.2b6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
21142b90.2b6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
21152b90.2b6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
21162b90.2b6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
21172b90.2b6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
21182b90.2b6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
21192b90.2b6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
21202b90.2b6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
21212b90.2b6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
21222b90.2b6c: supR3HardenedDllNotificationCallback: load 00007ff8df1d0000 LB 0x004f7000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
21232b90.2b6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
21242b90.2b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8df1d0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
21252b90.2b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
21262b90.2b6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
21272b90.2b6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
21282b90.2b6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
21292b90.2b6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
21302b90.2b6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
21312b90.2b6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
21322b90.2b6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
21332b90.2b6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
21342b90.2b6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
21352b90.2b6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
21362b90.2b6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
21372b90.2b6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
21382b90.2b6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
21392b90.2b6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
21402b90.2b6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
21412b90.2b6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
21422b90.2b6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
21432b90.2b6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
21442b90.2b6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
21452b90.2b6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll [redoing WinVerifyTrust]
21462b90.2b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
21472b90.2b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914370000 'C:\windows\System32\crypt32.dll'
21482b90.2b6c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'
21492b90.2b6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
21502b90.2b6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
21512b90.2b6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
21522b90.2b6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
21532b90.2b6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
21542b90.2b6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
21552b90.2b6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
21562b90.2b6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
21572b90.2b6c: supR3HardenedDllNotificationCallback: load 00007ff8e8bd0000 LB 0x000b5000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
21582b90.2b6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
21592b90.2b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e8bd0000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
21602b90.2b6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
21612b90.2b6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
21622b90.2b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916080000 'C:\Windows\System32\oleaut32.dll'
21632b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll
21642b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\gdi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21652b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff915240000 'C:\windows\system32\gdi32.dll'
21662b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
21672b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21682b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916170000 'C:\windows\system32\shell32.dll'
21692b90.2b84: supR3HardenedDllNotificationCallback: load 00007ff9158d0000 LB 0x00166000 C:\windows\System32\MSCTF.dll [fFlags=0x0]
21702b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21712b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'oleaut32.dll'.
21722b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'user32.dll'.
21732b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'gdi32.dll'.
21742b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'imm32.dll'.
21752b90.2b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msctf.dll)
21762b90.2b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msctf.dll
21772b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
21782b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
21792b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll
21802b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
21812b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
21822b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
21832b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
21842b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
21852b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
21862b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
21872b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21882b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21892b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
21902b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914370000 'C:\windows\System32\crypt32.dll'
21912b90.2b84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msctf.dll'
21922b90.2b84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009ac pwszName=\Device\HarddiskVolume3\Windows\System32\DataExchange.dll
21932b90.2b84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010e0520
21942b90.2b84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010e0520
21952b90.2b84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=61683FE342024A9B1FED0572E599EB6BBE8FAFAD
21962b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
21972b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914370000 'C:\windows\System32\crypt32.dll'
21982b90.2b84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecoreuap~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\DataExchange.dll'
21992b90.2b84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
22002b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22012b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shcore.dll'.
22022b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'combase.dll'.
22032b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'd3d11.dll'.
22042b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'dcomp.dll'.
22052b90.2b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\DataExchange.dll) WinVerifyTrust
22062b90.2b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\DataExchange.dll
22072b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'...
22082b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume3\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008]
22092b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
22102b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914370000 'C:\windows\System32\crypt32.dll'
22112b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
22122b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
22132b90.2b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dcomp.dll) WinVerifyTrust
22142b90.2b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dcomp.dll
22152b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
22162b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume3\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
22172b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
22182b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22192b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22202b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
22212b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
22222b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
22232b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22242b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
22252b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914370000 'C:\windows\System32\crypt32.dll'
22262b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22272b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'dxgi.dll'.
22282b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'win32u.dll'.
22292b90.2b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\d3d11.dll) WinVerifyTrust
22302b90.2b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\d3d11.dll
22312b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
22322b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
22332b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [redoing WinVerifyTrust]
22342b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
22352b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
22362b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
22372b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
22382b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume3\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
22392b90.2b84: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\dxgi.dll'.
22402b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22412b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'win32u.dll'.
22422b90.2b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dxgi.dll)
22432b90.2b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dxgi.dll
22442b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22452b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22462b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
22472b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
22482b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
22492b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22502b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22512b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
22522b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914370000 'C:\windows\System32\crypt32.dll'
22532b90.2b84: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\combase.dll'
22542b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
22552b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume3\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
22562b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll
22572b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22582b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22592b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
22602b90.2b84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DataExchange.dll
22612b90.2b84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d11.dll
22622b90.2b84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dcomp.dll
22632b90.2b84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
22642b90.2b84: supR3HardenedDllNotificationCallback: load 00007ff9128f0000 LB 0x000a4000 C:\windows\system32\dxgi.dll [fFlags=0x0]
22652b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
22662b90.2b84: supR3HardenedDllNotificationCallback: load 00007ff9116b0000 LB 0x002df000 C:\windows\system32\d3d11.dll [fFlags=0x0]
22672b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d11.dll
22682b90.2b84: supR3HardenedDllNotificationCallback: load 00007ff911a80000 LB 0x00122000 C:\windows\system32\dcomp.dll [fFlags=0x0]
22692b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dcomp.dll
22702b90.2b84: supR3HardenedDllNotificationCallback: load 00007ff8f46f0000 LB 0x00047000 C:\windows\system32\dataexchange.dll [fFlags=0x0]
22712b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DataExchange.dll
22722b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f46f0000 'C:\windows\system32\dataexchange.dll'
22732b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
22742b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914370000 'C:\windows\System32\crypt32.dll'
22752b90.2b84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dxgi.dll'
22762b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22772b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
22782b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'bcrypt.dll'.
22792b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'combase.dll'.
22802b90.2b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll)
22812b90.2b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll
22822b90.2b84: supR3HardenedDllNotificationCallback: load 00007ff912400000 LB 0x00170000 C:\windows\system32\twinapi.appcore.dll [fFlags=0x0]
22832b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust]
22842b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22852b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'coreuicomponents.dll'.
22862b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'coremessaging.dll'.
22872b90.2b84: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll)
22882b90.2b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll
22892b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22902b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'coremessaging.dll'.
22912b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'shcore.dll'.
22922b90.2b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll)
22932b90.2b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll
22942b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22952b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'.
22962b90.2b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll)
22972b90.2b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll
22982b90.2b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntmarta.dll)
22992b90.2b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntmarta.dll
23002b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'combase.dll'.
23012b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
23022b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'bcryptprimitives.dll'.
23032b90.2b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\WinTypes.dll)
23042b90.2b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\WinTypes.dll
23052b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23062b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
23072b90.2b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\usermgrcli.dll)
23082b90.2b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\usermgrcli.dll
23092b90.2b84: supR3HardenedDllNotificationCallback: load 00007ff912d90000 LB 0x00031000 C:\windows\SYSTEM32\ntmarta.dll [fFlags=0x0]
23102b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntmarta.dll [avoiding WinVerifyTrust]
23112b90.2b84: supR3HardenedDllNotificationCallback: load 00007ff911990000 LB 0x000e3000 C:\windows\System32\CoreMessaging.dll [fFlags=0x0]
23122b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [avoiding WinVerifyTrust]
23132b90.2b84: supR3HardenedDllNotificationCallback: load 00007ff910100000 LB 0x00139000 C:\windows\SYSTEM32\wintypes.dll [fFlags=0x0]
23142b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust]
23152b90.2b84: supR3HardenedDllNotificationCallback: load 00007ff9100e0000 LB 0x00015000 C:\windows\SYSTEM32\usermgrcli.dll [fFlags=0x0]
23162b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\usermgrcli.dll [avoiding WinVerifyTrust]
23172b90.2b84: supR3HardenedDllNotificationCallback: load 00007ff910240000 LB 0x002d2000 C:\windows\System32\CoreUIComponents.dll [fFlags=0x0]
23182b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll [avoiding WinVerifyTrust]
23192b90.2b84: supR3HardenedDllNotificationCallback: load 00007ff910520000 LB 0x00082000 C:\windows\System32\TextInputFramework.dll [fFlags=0x0]
23202b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll [avoiding WinVerifyTrust]
23212b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
23222b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
23232b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23242b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23252b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
23262b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
23272b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
23282b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
23292b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
23302b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
23312b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
23322b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll
23332b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
23342b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
23352b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23362b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23372b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
23382b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume3\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
23392b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll
23402b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
23412b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume3\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
23422b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
23432b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23442b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23452b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
23462b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume3\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
23472b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
23482b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coreuicomponents.dll'...
23492b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'coreuicomponents.dll' -> '\Device\HarddiskVolume3\Windows\System32\coreuicomponents.dll' [rcNtRedir=0xc0150008]
23502b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll [lacks WinVerifyTrust]
23512b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23522b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23532b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
23542b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
23552b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll
23562b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
23572b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
23582b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
23592b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
23602b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
23612b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23622b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23632b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
23642b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914370000 'C:\windows\System32\crypt32.dll'
23652b90.2b84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\usermgrcli.dll'
23662b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
23672b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914370000 'C:\windows\System32\crypt32.dll'
23682b90.2b84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\WinTypes.dll'
23692b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
23702b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914370000 'C:\windows\System32\crypt32.dll'
23712b90.2b84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ntmarta.dll'
23722b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
23732b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914370000 'C:\windows\System32\crypt32.dll'
23742b90.2b84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll'
23752b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
23762b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914370000 'C:\windows\System32\crypt32.dll'
23772b90.2b84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll'
23782b90.2b84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009e8 pwszName=\Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll
23792b90.2b84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010e0520
23802b90.2b84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010e0520
23812b90.2b84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5D9F6A1B151CF57E6DCA07996124AC68D7674C81
23822b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
23832b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914370000 'C:\windows\System32\crypt32.dll'
23842b90.2b84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-InputService-Package~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll'
23852b90.2b84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
23862b90.2b84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll'
23872b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
23882b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914370000 'C:\windows\System32\crypt32.dll'
23892b90.2b84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll'
23902b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
23912b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\OLEAUT32.DLL (Input=OLEAUT32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23922b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916080000 'C:\windows\System32\OLEAUT32.DLL'
23932b90.2b84: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll) -> 0x0, fPresent=1
23942b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23952b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914c60000 'ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll'
23962b90.2b84: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll) -> 0x0, fPresent=1
23972b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23982b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914c60000 'ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll'
23992b90.2b84: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\windows\System32\secruntime.dll': 0 (NtPath=\??\C:\windows\System32\secruntime.dll; Input=secruntime.dll; rcNtGetDll=0xc0000135
24002b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\windows\System32\secruntime.dll'
24012b90.2b84: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-com-l1-1-1.dll) -> 0x0, fPresent=1
24022b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-com-l1-1-1.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24032b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9153c0000 'api-ms-win-core-com-l1-1-1.dll'
24042b90.2b84: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\windows\System32\secruntime.dll': 0 (NtPath=\??\C:\windows\System32\secruntime.dll; Input=secruntime.dll; rcNtGetDll=0xc0000135
24052b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\windows\System32\secruntime.dll'
24062b90.2b84: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\windows\System32\secruntime.dll': 0 (NtPath=\??\C:\windows\System32\secruntime.dll; Input=secruntime.dll; rcNtGetDll=0xc0000135
24072b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\windows\System32\secruntime.dll'
24082b90.2b84: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\windows\System32\secruntime.dll': 0 (NtPath=\??\C:\windows\System32\secruntime.dll; Input=secruntime.dll; rcNtGetDll=0xc0000135
24092b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\windows\System32\secruntime.dll'
24102b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msctf.dll
24112b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
24122b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9158d0000 'C:\windows\System32\MSCTF.dll'
24132b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916170000 'C:\windows\system32\shell32.dll'
24142b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916170000 'C:\windows\system32\shell32.dll'
24152b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
24162b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24172b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff915270000 'C:\windows\System32\ole32.dll'
24182b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
24192b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24202b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916080000 'C:\windows\System32\OLEAUT32.dll'
24212b90.2b84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ab4 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
24222b90.2b84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010e0520
24232b90.2b84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010e0520
24242b90.2b84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C153C1EEAC2C5A257F8D6DAC54A4EBBA9125F07E
24252b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
24262b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914370000 'C:\windows\System32\crypt32.dll'
24272b90.2b84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecore~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll'
24282b90.2b84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24292b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24302b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
24312b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
24322b90.2b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
24332b90.2b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
24342b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
24352b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
24362b90.2b84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000abc pwszName=\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
24372b90.2b84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010e0520
24382b90.2b84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010e0520
24392b90.2b84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5C2FDDA9E0EDB4F1E87D406924BA16734871BCEF
24402b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
24412b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
24422b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24432b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914370000 'C:\windows\System32\crypt32.dll'
24442b90.2b84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecore~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll'
24452b90.2b84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24462b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24472b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'bcrypt.dll'.
24482b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'ws2_32.dll'.
24492b90.2b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll) WinVerifyTrust
24502b90.2b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
24512b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
24522b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
24532b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
24542b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24552b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24562b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
24572b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
24582b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
24592b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
24602b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
24612b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
24622b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24632b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24642b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
24652b90.2b84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
24662b90.2b84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
24672b90.2b84: supR3HardenedDllNotificationCallback: load 00007ff907a80000 LB 0x00082000 C:\windows\SYSTEM32\wbemcomn.dll [fFlags=0x0]
24682b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
24692b90.2b84: supR3HardenedDllNotificationCallback: load 00007ff907000000 LB 0x00010000 C:\windows\system32\wbem\wbemprox.dll [fFlags=0x0]
24702b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
24712b90.2b84: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(API-MS-Win-Core-LocalRegistry-L1-1-0.dll) -> 0x0, fPresent=1
24722b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
24732b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914600000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
24742b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff907000000 'C:\windows\system32\wbem\wbemprox.dll'
24752b90.2b84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ac4 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
24762b90.2b84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010e0520
24772b90.2b84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010e0520
24782b90.2b84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=559C24F928E5CCE94C1894759931445FEFCE69FF
24792b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
24802b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914370000 'C:\windows\System32\crypt32.dll'
24812b90.2b84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecore~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll'
24822b90.2b84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24832b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24842b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
24852b90.2b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
24862b90.2b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
24872b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
24882b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
24892b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24902b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24912b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
24922b90.2b84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
24932b90.2b84: supR3HardenedDllNotificationCallback: load 00007ff9068b0000 LB 0x00014000 C:\windows\system32\wbem\wbemsvc.dll [fFlags=0x0]
24942b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
24952b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9068b0000 'C:\windows\system32\wbem\wbemsvc.dll'
24962b90.2b84: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-0.dll) -> 0x0, fPresent=1
24972b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
24982b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914600000 'api-ms-win-core-localization-l1-2-0.dll'
24992b90.2b84: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-1-0.dll) -> 0x0, fPresent=1
25002b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
25012b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914600000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
25022b90.2b84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b28 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
25032b90.2b84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010e0520
25042b90.2b84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010e0520
25052b90.2b84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3FF6EDA0EE7AAFEFF666CD9B9BCCFAF342DB5470
25062b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
25072b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914370000 'C:\windows\System32\crypt32.dll'
25082b90.2b84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecore~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll'
25092b90.2b84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
25102b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25112b90.2b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
25122b90.2b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
25132b90.2b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
25142b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
25152b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
25162b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
25172b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25182b90.2b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25192b90.2b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
25202b90.2b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
25212b90.2b84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
25222b90.2b84: supR3HardenedDllNotificationCallback: load 00007ff9069a0000 LB 0x000f0000 C:\windows\system32\wbem\fastprox.dll [fFlags=0x0]
25232b90.2b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
25242b90.2b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9069a0000 'C:\windows\system32\wbem\fastprox.dll'
25252b90.2254: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
25262b90.2254: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
25272b90.2254: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
25282b90.2254: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
25292b90.2254: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
25302b90.2254: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
25312b90.2254: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
25322b90.2254: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
25332b90.2254: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
25342b90.2254: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
25352b90.2254: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
25362b90.2254: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
25372b90.2254: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
25382b90.2254: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
25392b90.2254: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
25402b90.2254: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll
25412b90.2254: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
25422b90.2254: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
25432b90.2254: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25442b90.2254: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25452b90.2254: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
25462b90.2254: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
25472b90.2254: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
25482b90.2254: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
25492b90.2254: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
25502b90.2254: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25512b90.2254: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
25522b90.2254: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll
25532b90.2254: supR3HardenedDllNotificationCallback: load 0000000060fa0000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
25542b90.2254: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll
25552b90.2254: supR3HardenedDllNotificationCallback: load 00007ff8def10000 LB 0x002be000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
25562b90.2254: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
25572b90.2254: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8def10000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
25582b90.2b74: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
25592b90.2394: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
25602b90.2394: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
25612b90.2394: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
25622b90.2394: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
25632b90.2394: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
25642b90.2394: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
25652b90.2394: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
25662b90.2394: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
25672b90.2394: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
25682b90.2394: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
25692b90.2394: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
25702b90.2394: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
25712b90.2394: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
25722b90.2394: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
25732b90.2394: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
25742b90.2394: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
25752b90.2394: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25762b90.2394: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
25772b90.2394: supR3HardenedDllNotificationCallback: load 00007ff8fef50000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
25782b90.2394: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
25792b90.2394: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fef50000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
25802b90.2394: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff914c60000 'C:\windows\system32\User32.dll'
25812b90.1acc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
25822b90.1acc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
25832b90.1acc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
25842b90.1acc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
25852b90.1acc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
25862b90.1acc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
25872b90.1acc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
25882b90.1acc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
25892b90.1acc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
25902b90.1acc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
25912b90.1acc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
25922b90.1acc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
25932b90.1acc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
25942b90.1acc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25952b90.1acc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
25962b90.1acc: supR3HardenedDllNotificationCallback: load 00007ff8fa630000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
25972b90.1acc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
25982b90.1acc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa630000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
25992b90.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
26002b90.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
26012b90.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
26022b90.28b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
26032b90.28b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
26042b90.28b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
26052b90.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
26062b90.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
26072b90.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
26082b90.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
26092b90.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
26102b90.28b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
26112b90.28b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26122b90.28b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
26132b90.28b4: supR3HardenedDllNotificationCallback: load 00007ff8fa4a0000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
26142b90.28b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
26152b90.28b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa4a0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
26162b90.29ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
26172b90.29ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
26182b90.29ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
26192b90.29ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
26202b90.29ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
26212b90.29ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
26222b90.29ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
26232b90.29ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
26242b90.29ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
26252b90.29ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
26262b90.29ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
26272b90.29ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
26282b90.29ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
26292b90.29ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26302b90.29ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
26312b90.29ac: supR3HardenedDllNotificationCallback: load 00007ff8fa490000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
26322b90.29ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
26332b90.29ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa490000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
26342b90.2b74: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916170000 'C:\windows\system32\Shell32.dll'
26352b90.2b74: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'
26362b90.2b74: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff912fc0000 'C:\windows\system32\rsaenh.dll'

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy