VirtualBox

Ticket #17307: VBoxHardening.log

File VBoxHardening.log, 354.6 KB (added by sgrassl, 7 years ago)
Line 
13368.25c4: Log file opened: 5.2.0r118431 g_hStartupLog=0000000000000068 g_uNtVerCombined=0xa03ad700
23368.25c4: \SystemRoot\System32\ntdll.dll:
33368.25c4: CreationTime: 2017-11-20T09:23:55.638381700Z
43368.25c4: LastWriteTime: 2017-09-05T05:26:19.169608500Z
53368.25c4: ChangeTime: 2017-11-20T10:58:40.402711000Z
63368.25c4: FileAttributes: 0x20
73368.25c4: Size: 0x1d7658
83368.25c4: NT Headers: 0xe0
93368.25c4: Timestamp: 0x8274fd8b
103368.25c4: Machine: 0x8664 - amd64
113368.25c4: Timestamp: 0x8274fd8b
123368.25c4: Image Version: 10.0
133368.25c4: SizeOfImage: 0x1db000 (1945600)
143368.25c4: Resource Dir: 0x170000 LB 0x69448
153368.25c4: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
163368.25c4: [Raw version resource data: 0x1700f0 LB 0x380, codepage 0x0 (reserved 0x0)]
173368.25c4: ProductName: Microsoft® Windows® Operating System
183368.25c4: ProductVersion: 10.0.15063.608
193368.25c4: FileVersion: 10.0.15063.608 (WinBuild.160101.0800)
203368.25c4: FileDescription: NT Layer DLL
213368.25c4: \SystemRoot\System32\kernel32.dll:
223368.25c4: CreationTime: 2017-08-28T10:58:48.794010700Z
233368.25c4: LastWriteTime: 2017-04-28T01:06:01.409897400Z
243368.25c4: ChangeTime: 2017-11-20T09:28:42.128776600Z
253368.25c4: FileAttributes: 0x20
263368.25c4: Size: 0xad068
273368.25c4: NT Headers: 0xf8
283368.25c4: Timestamp: 0xf5fa43df
293368.25c4: Machine: 0x8664 - amd64
303368.25c4: Timestamp: 0xf5fa43df
313368.25c4: Image Version: 10.0
323368.25c4: SizeOfImage: 0xae000 (712704)
333368.25c4: Resource Dir: 0xac000 LB 0x520
343368.25c4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
353368.25c4: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
363368.25c4: ProductName: Microsoft® Windows® Operating System
373368.25c4: ProductVersion: 10.0.15063.296
383368.25c4: FileVersion: 10.0.15063.296 (WinBuild.160101.0800)
393368.25c4: FileDescription: Windows NT BASE API Client DLL
403368.25c4: \SystemRoot\System32\KernelBase.dll:
413368.25c4: CreationTime: 2017-11-20T09:24:36.513944400Z
423368.25c4: LastWriteTime: 2017-09-30T05:48:26.662495200Z
433368.25c4: ChangeTime: 2017-11-20T10:58:39.722254100Z
443368.25c4: FileAttributes: 0x20
453368.25c4: Size: 0x249df0
463368.25c4: NT Headers: 0x100
473368.25c4: Timestamp: 0x93d2100b
483368.25c4: Machine: 0x8664 - amd64
493368.25c4: Timestamp: 0x93d2100b
503368.25c4: Image Version: 10.0
513368.25c4: SizeOfImage: 0x249000 (2396160)
523368.25c4: Resource Dir: 0x22a000 LB 0x548
533368.25c4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
543368.25c4: [Raw version resource data: 0x22a0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
553368.25c4: ProductName: Microsoft® Windows® Operating System
563368.25c4: ProductVersion: 10.0.15063.674
573368.25c4: FileVersion: 10.0.15063.674 (WinBuild.160101.0800)
583368.25c4: FileDescription: Windows NT BASE API Client DLL
593368.25c4: \SystemRoot\System32\apisetschema.dll:
603368.25c4: CreationTime: 2017-03-18T20:57:35.373527900Z
613368.25c4: LastWriteTime: 2017-03-18T20:57:35.373527900Z
623368.25c4: ChangeTime: 2017-08-11T13:24:58.427522100Z
633368.25c4: FileAttributes: 0x20
643368.25c4: Size: 0x1ada0
653368.25c4: NT Headers: 0xc0
663368.25c4: Timestamp: 0x76544b2
673368.25c4: Machine: 0x8664 - amd64
683368.25c4: Timestamp: 0x76544b2
693368.25c4: Image Version: 10.0
703368.25c4: SizeOfImage: 0x1b000 (110592)
713368.25c4: Resource Dir: 0x1a000 LB 0x408
723368.25c4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
733368.25c4: [Raw version resource data: 0x1a060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
743368.25c4: ProductName: Microsoft® Windows® Operating System
753368.25c4: ProductVersion: 10.0.15063.0
763368.25c4: FileVersion: 10.0.15063.0 (WinBuild.160101.0800)
773368.25c4: FileDescription: ApiSet Schema DLL
783368.25c4: NtOpenDirectoryObject failed on \Driver: 0xc0000022
793368.25c4: supR3HardenedWinFindAdversaries: 0x0
803368.25c4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
813368.25c4: Calling main()
823368.25c4: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
833368.25c4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
843368.25c4: SUPR3HardenedMain: Respawn #1
853368.25c4: System32: \Device\HarddiskVolume3\Windows\System32
863368.25c4: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
873368.25c4: KnownDllPath: C:\WINDOWS\System32
883368.25c4: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
893368.25c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe)
903368.25c4: supR3HardNtEnableThreadCreation:
913368.25c4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffc1ece9ac0 pvNtTerminateThread=00007ffc1ed15df0
923368.25c4: supR3HardenedWinDoReSpawn(1): New child 2308.1fb8 [kernel32].
933368.25c4: supR3HardNtChildGatherData: PebBaseAddress=0000000000f05000 cbPeb=0x388
943368.25c4: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffc1ec70000 uNtDllChildAddr=00007ffc1ec70000
953368.25c4: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffc1ece9ac0
963368.25c4: supR3HardenedWinSetupChildInit: Start child.
973368.25c4: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
983368.25c4: supR3HardNtChildPurify: Startup delay kludge #1/0: 260 ms, 31 sleeps
993368.25c4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
1003368.25c4: *0000000000000000-0000000000d9ffff 0x0001/0x0000 0x0000000
1013368.25c4: *0000000000da0000-0000000000dbffff 0x0004/0x0004 0x0020000
1023368.25c4: *0000000000dc0000-0000000000dd7fff 0x0002/0x0002 0x0040000
1033368.25c4: 0000000000dd8000-0000000000ddffff 0x0001/0x0000 0x0000000
1043368.25c4: *0000000000de0000-0000000000de3fff 0x0002/0x0002 0x0040000
1053368.25c4: 0000000000de4000-0000000000deffff 0x0001/0x0000 0x0000000
1063368.25c4: *0000000000df0000-0000000000df0fff 0x0004/0x0004 0x0020000
1073368.25c4: 0000000000df1000-0000000000dfffff 0x0001/0x0000 0x0000000
1083368.25c4: *0000000000e00000-0000000000f04fff 0x0000/0x0004 0x0020000
1093368.25c4: 0000000000f05000-0000000000f07fff 0x0004/0x0004 0x0020000
1103368.25c4: 0000000000f08000-0000000000ffffff 0x0000/0x0004 0x0020000
1113368.25c4: *0000000001000000-00000000010fafff 0x0000/0x0004 0x0020000
1123368.25c4: 00000000010fb000-00000000010fdfff 0x0104/0x0004 0x0020000
1133368.25c4: 00000000010fe000-00000000010fffff 0x0004/0x0004 0x0020000
1143368.25c4: 0000000001100000-000000007ffdffff 0x0001/0x0000 0x0000000
1153368.25c4: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
1163368.25c4: *000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
1173368.25c4: 000000007fff0000-00007ff64110ffff 0x0001/0x0000 0x0000000
1183368.25c4: *00007ff641110000-00007ff641132fff 0x0002/0x0002 0x0040000
1193368.25c4: 00007ff641133000-00007ff641eaffff 0x0001/0x0000 0x0000000
1203368.25c4: *00007ff641eb0000-00007ff641eb0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
1213368.25c4: 00007ff641eb1000-00007ff641f21fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
1223368.25c4: 00007ff641f22000-00007ff641f22fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
1233368.25c4: 00007ff641f23000-00007ff641f68fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
1243368.25c4: 00007ff641f69000-00007ff641f69fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
1253368.25c4: 00007ff641f6a000-00007ff641f6afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
1263368.25c4: 00007ff641f6b000-00007ff641f6ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
1273368.25c4: 00007ff641f70000-00007ff641f70fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
1283368.25c4: 00007ff641f71000-00007ff641f71fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
1293368.25c4: 00007ff641f72000-00007ff641f75fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
1303368.25c4: 00007ff641f76000-00007ff641fbdfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
1313368.25c4: 00007ff641fbe000-00007ffc1ec6ffff 0x0001/0x0000 0x0000000
1323368.25c4: *00007ffc1ec70000-00007ffc1ec70fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1333368.25c4: 00007ffc1ec71000-00007ffc1ed7ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1343368.25c4: 00007ffc1ed80000-00007ffc1edc4fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1353368.25c4: 00007ffc1edc5000-00007ffc1edccfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1363368.25c4: 00007ffc1edcd000-00007ffc1eddafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1373368.25c4: 00007ffc1eddb000-00007ffc1eddbfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1383368.25c4: 00007ffc1eddc000-00007ffc1eddefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1393368.25c4: 00007ffc1eddf000-00007ffc1ee4afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1403368.25c4: 00007ffc1ee4b000-00007ffffffdffff 0x0001/0x0000 0x0000000
1413368.25c4: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
1423368.25c4: VirtualBox.exe: timestamp 0x59e6e5d5 (rc=VINF_SUCCESS)
1433368.25c4: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
1443368.25c4: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
1453368.25c4: supR3HardNtChildPurify: Done after 287 ms and 0 fixes (loop #0).
1462308.1fb8: Log file opened: 5.2.0r118431 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa03ad700
1472308.1fb8: supR3HardenedVmProcessInit: uNtDllAddr=00007ffc1ec70000 g_uNtVerCombined=0xa03ad700
1483368.25c4: supR3HardNtEnableThreadCreation:
1492308.1fb8: ntdll.dll: timestamp 0x8274fd8b (rc=VINF_SUCCESS)
1502308.1fb8: New simple heap: #1 0000000001200000 LB 0x400000 (for 1945600 allocation)
1512308.1fb8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
1522308.1fb8: System32: \Device\HarddiskVolume3\Windows\System32
1532308.1fb8: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
1542308.1fb8: KnownDllPath: C:\WINDOWS\System32
1552308.1fb8: supR3HardenedVmProcessInit: Opening vboxdrv stub...
1562308.1fb8: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
1572308.1fb8: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
1582308.1fb8: Registered Dll notification callback with NTDLL.
1592308.1fb8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
1602308.1fb8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
1612308.1fb8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
1622308.1fb8: supR3HardenedDllNotificationCallback: load 00007ffc1b860000 LB 0x00249000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
1632308.1fb8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
1642308.1fb8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
1652308.1fb8: supR3HardenedDllNotificationCallback: load 00007ffc1cd00000 LB 0x000ae000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
1662308.1fb8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
1672308.1fb8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1cd00000 'C:\WINDOWS\System32\KERNEL32.DLL'
1682308.1fb8: supR3HardenedDllNotificationCallback: load 00007ff641eb0000 LB 0x0010e000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
1692308.1fb8: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
1702308.1fb8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe)
1712308.1fb8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
1722308.1fb8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffc1ece9ac0 pvNtTerminateThread=00007ffc1ed15df0
1733368.25c4: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 67 ms.
1742308.1fb8: \SystemRoot\System32\ntdll.dll:
1752308.1fb8: CreationTime: 2017-11-20T09:23:55.638381700Z
1762308.1fb8: LastWriteTime: 2017-09-05T05:26:19.169608500Z
1772308.1fb8: ChangeTime: 2017-11-20T10:58:40.402711000Z
1782308.1fb8: FileAttributes: 0x20
1792308.1fb8: Size: 0x1d7658
1802308.1fb8: NT Headers: 0xe0
1812308.1fb8: Timestamp: 0x8274fd8b
1822308.1fb8: Machine: 0x8664 - amd64
1832308.1fb8: Timestamp: 0x8274fd8b
1842308.1fb8: Image Version: 10.0
1852308.1fb8: SizeOfImage: 0x1db000 (1945600)
1862308.1fb8: Resource Dir: 0x170000 LB 0x69448
1872308.1fb8: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
1882308.1fb8: [Raw version resource data: 0x1700f0 LB 0x380, codepage 0x0 (reserved 0x0)]
1892308.1fb8: ProductName: Microsoft® Windows® Operating System
1902308.1fb8: ProductVersion: 10.0.15063.608
1912308.1fb8: FileVersion: 10.0.15063.608 (WinBuild.160101.0800)
1922308.1fb8: FileDescription: NT Layer DLL
1932308.1fb8: \SystemRoot\System32\kernel32.dll:
1942308.1fb8: CreationTime: 2017-08-28T10:58:48.794010700Z
1952308.1fb8: LastWriteTime: 2017-04-28T01:06:01.409897400Z
1962308.1fb8: ChangeTime: 2017-11-20T09:28:42.128776600Z
1972308.1fb8: FileAttributes: 0x20
1982308.1fb8: Size: 0xad068
1992308.1fb8: NT Headers: 0xf8
2002308.1fb8: Timestamp: 0xf5fa43df
2012308.1fb8: Machine: 0x8664 - amd64
2022308.1fb8: Timestamp: 0xf5fa43df
2032308.1fb8: Image Version: 10.0
2042308.1fb8: SizeOfImage: 0xae000 (712704)
2052308.1fb8: Resource Dir: 0xac000 LB 0x520
2062308.1fb8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
2072308.1fb8: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
2082308.1fb8: ProductName: Microsoft® Windows® Operating System
2092308.1fb8: ProductVersion: 10.0.15063.296
2102308.1fb8: FileVersion: 10.0.15063.296 (WinBuild.160101.0800)
2112308.1fb8: FileDescription: Windows NT BASE API Client DLL
2122308.1fb8: \SystemRoot\System32\KernelBase.dll:
2132308.1fb8: CreationTime: 2017-11-20T09:24:36.513944400Z
2142308.1fb8: LastWriteTime: 2017-09-30T05:48:26.662495200Z
2152308.1fb8: ChangeTime: 2017-11-20T10:58:39.722254100Z
2162308.1fb8: FileAttributes: 0x20
2172308.1fb8: Size: 0x249df0
2182308.1fb8: NT Headers: 0x100
2192308.1fb8: Timestamp: 0x93d2100b
2202308.1fb8: Machine: 0x8664 - amd64
2212308.1fb8: Timestamp: 0x93d2100b
2222308.1fb8: Image Version: 10.0
2232308.1fb8: SizeOfImage: 0x249000 (2396160)
2242308.1fb8: Resource Dir: 0x22a000 LB 0x548
2252308.1fb8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
2262308.1fb8: [Raw version resource data: 0x22a0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
2272308.1fb8: ProductName: Microsoft® Windows® Operating System
2282308.1fb8: ProductVersion: 10.0.15063.674
2292308.1fb8: FileVersion: 10.0.15063.674 (WinBuild.160101.0800)
2302308.1fb8: FileDescription: Windows NT BASE API Client DLL
2312308.1fb8: \SystemRoot\System32\apisetschema.dll:
2322308.1fb8: CreationTime: 2017-03-18T20:57:35.373527900Z
2332308.1fb8: LastWriteTime: 2017-03-18T20:57:35.373527900Z
2342308.1fb8: ChangeTime: 2017-08-11T13:24:58.427522100Z
2352308.1fb8: FileAttributes: 0x20
2362308.1fb8: Size: 0x1ada0
2372308.1fb8: NT Headers: 0xc0
2382308.1fb8: Timestamp: 0x76544b2
2392308.1fb8: Machine: 0x8664 - amd64
2402308.1fb8: Timestamp: 0x76544b2
2412308.1fb8: Image Version: 10.0
2422308.1fb8: SizeOfImage: 0x1b000 (110592)
2432308.1fb8: Resource Dir: 0x1a000 LB 0x408
2442308.1fb8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
2452308.1fb8: [Raw version resource data: 0x1a060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
2462308.1fb8: ProductName: Microsoft® Windows® Operating System
2472308.1fb8: ProductVersion: 10.0.15063.0
2482308.1fb8: FileVersion: 10.0.15063.0 (WinBuild.160101.0800)
2492308.1fb8: FileDescription: ApiSet Schema DLL
2502308.1fb8: NtOpenDirectoryObject failed on \Driver: 0xc0000022
2512308.1fb8: supR3HardenedWinFindAdversaries: 0x0
2522308.1fb8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
2532308.1fb8: Calling main()
2542308.1fb8: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
2552308.1fb8: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
2562308.1fb8: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
2572308.1fb8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe)
2582308.1fb8: SUPR3HardenedMain: Respawn #2
2592308.1fb8: supR3HardNtEnableThreadCreation:
2602308.1fb8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2612308.1fb8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'sechost.dll'.
2622308.1fb8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
2632308.1fb8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\advapi32.dll)
2642308.1fb8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\advapi32.dll
2652308.1fb8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2662308.1fb8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2672308.1fb8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll)
2682308.1fb8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
2692308.1fb8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
2702308.1fb8: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume3\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
2712308.1fb8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
2722308.1fb8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\sechost.dll)
2732308.1fb8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sechost.dll
2742308.1fb8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2752308.1fb8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2762308.1fb8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcrt.dll)
2772308.1fb8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
2782308.1fb8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2792308.1fb8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2802308.1fb8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
2812308.1fb8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x1000 pwszSearchPath=0000000000000000:<flags> [calling]
2822308.1fb8: supR3HardenedDllNotificationCallback: load 00007ffc1c350000 LB 0x0009d000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0]
2832308.1fb8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
2842308.1fb8: supR3HardenedDllNotificationCallback: load 00007ffc1e5d0000 LB 0x00125000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
2852308.1fb8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
2862308.1fb8: supR3HardenedDllNotificationCallback: load 00007ffc1ce40000 LB 0x00059000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
2872308.1fb8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\sechost.dll [lacks WinVerifyTrust]
2882308.1fb8: supR3HardenedDllNotificationCallback: load 00007ffc1e8c0000 LB 0x000a1000 C:\WINDOWS\System32\ADVAPI32.DLL [fFlags=0x0]
2892308.1fb8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
2902308.1fb8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e8c0000 'C:\WINDOWS\System32\ADVAPI32.DLL'
2912308.1fb8: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
2922308.1fb8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntdll.dll)
2932308.1fb8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2942308.1fb8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
2952308.1fb8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1ec70000 'C:\WINDOWS\System32\ntdll.dll'
2962308.1fb8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffc1ece9ac0 pvNtTerminateThread=00007ffc1ed15df0
2972308.1fb8: supR3HardenedWinDoReSpawn(2): New child 3f78.2740 [kernel32].
2982308.1fb8: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
2992308.1fb8: supR3HardNtChildGatherData: PebBaseAddress=00000000006af000 cbPeb=0x388
3002308.1fb8: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffc1ec70000 uNtDllChildAddr=00007ffc1ec70000
3012308.1fb8: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffc1ece9ac0
3022308.1fb8: supR3HardenedWinSetupChildInit: Start child.
3032308.1fb8: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
3042308.1fb8: supR3HardNtChildPurify: Startup delay kludge #1/0: 259 ms, 30 sleeps
3052308.1fb8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
3062308.1fb8: *0000000000000000-000000000055ffff 0x0001/0x0000 0x0000000
3072308.1fb8: *0000000000560000-000000000057ffff 0x0004/0x0004 0x0020000
3082308.1fb8: *0000000000580000-0000000000597fff 0x0002/0x0002 0x0040000
3092308.1fb8: 0000000000598000-000000000059ffff 0x0001/0x0000 0x0000000
3102308.1fb8: *00000000005a0000-00000000005a3fff 0x0002/0x0002 0x0040000
3112308.1fb8: 00000000005a4000-00000000005affff 0x0001/0x0000 0x0000000
3122308.1fb8: *00000000005b0000-00000000005b0fff 0x0004/0x0004 0x0020000
3132308.1fb8: 00000000005b1000-00000000005fffff 0x0001/0x0000 0x0000000
3142308.1fb8: *0000000000600000-00000000006aefff 0x0000/0x0004 0x0020000
3152308.1fb8: 00000000006af000-00000000006b1fff 0x0004/0x0004 0x0020000
3162308.1fb8: 00000000006b2000-00000000007fffff 0x0000/0x0004 0x0020000
3172308.1fb8: *0000000000800000-00000000008fafff 0x0000/0x0004 0x0020000
3182308.1fb8: 00000000008fb000-00000000008fdfff 0x0104/0x0004 0x0020000
3192308.1fb8: 00000000008fe000-00000000008fffff 0x0004/0x0004 0x0020000
3202308.1fb8: 0000000000900000-000000007ffdffff 0x0001/0x0000 0x0000000
3212308.1fb8: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
3222308.1fb8: *000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
3232308.1fb8: 000000007fff0000-00007ff64102ffff 0x0001/0x0000 0x0000000
3242308.1fb8: *00007ff641030000-00007ff641052fff 0x0002/0x0002 0x0040000
3252308.1fb8: 00007ff641053000-00007ff641eaffff 0x0001/0x0000 0x0000000
3262308.1fb8: *00007ff641eb0000-00007ff641eb0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
3272308.1fb8: 00007ff641eb1000-00007ff641f21fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
3282308.1fb8: 00007ff641f22000-00007ff641f22fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
3292308.1fb8: 00007ff641f23000-00007ff641f68fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
3302308.1fb8: 00007ff641f69000-00007ff641f69fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
3312308.1fb8: 00007ff641f6a000-00007ff641f6afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
3322308.1fb8: 00007ff641f6b000-00007ff641f6ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
3332308.1fb8: 00007ff641f70000-00007ff641f70fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
3342308.1fb8: 00007ff641f71000-00007ff641f71fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
3352308.1fb8: 00007ff641f72000-00007ff641f75fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
3362308.1fb8: 00007ff641f76000-00007ff641fbdfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
3372308.1fb8: 00007ff641fbe000-00007ffc1ec6ffff 0x0001/0x0000 0x0000000
3382308.1fb8: *00007ffc1ec70000-00007ffc1ec70fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3392308.1fb8: 00007ffc1ec71000-00007ffc1ed7ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3402308.1fb8: 00007ffc1ed80000-00007ffc1edc4fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3412308.1fb8: 00007ffc1edc5000-00007ffc1edccfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3422308.1fb8: 00007ffc1edcd000-00007ffc1eddafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3432308.1fb8: 00007ffc1eddb000-00007ffc1eddbfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3442308.1fb8: 00007ffc1eddc000-00007ffc1eddefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3452308.1fb8: 00007ffc1eddf000-00007ffc1ee4afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3462308.1fb8: 00007ffc1ee4b000-00007ffffffdffff 0x0001/0x0000 0x0000000
3472308.1fb8: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
3482308.1fb8: VirtualBox.exe: timestamp 0x59e6e5d5 (rc=VINF_SUCCESS)
3492308.1fb8: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
3502308.1fb8: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
3512308.1fb8: supR3HardNtChildPurify: Done after 284 ms and 0 fixes (loop #0).
3523f78.2740: Log file opened: 5.2.0r118431 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa03ad700
3533f78.2740: supR3HardenedVmProcessInit: uNtDllAddr=00007ffc1ec70000 g_uNtVerCombined=0xa03ad700
3542308.1fb8: supR3HardenedEarlyCompact: Removed heap 1 (0x00000001200000 LB 0x400000)
3552308.1fb8: supR3HardNtEnableThreadCreation:
3563f78.2740: ntdll.dll: timestamp 0x8274fd8b (rc=VINF_SUCCESS)
3573f78.2740: New simple heap: #1 0000000000a00000 LB 0x400000 (for 1945600 allocation)
3583f78.2740: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
3593f78.2740: System32: \Device\HarddiskVolume3\Windows\System32
3603f78.2740: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
3613f78.2740: KnownDllPath: C:\WINDOWS\System32
3623f78.2740: supR3HardenedVmProcessInit: Opening vboxdrv...
3633f78.2740: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
3643f78.2740: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
3653f78.2740: Registered Dll notification callback with NTDLL.
3663f78.2740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
3673f78.2740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
3683f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
3693f78.2740: supR3HardenedDllNotificationCallback: load 00007ffc1b860000 LB 0x00249000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
3703f78.2740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
3713f78.2740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
3723f78.2740: supR3HardenedDllNotificationCallback: load 00007ffc1cd00000 LB 0x000ae000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
3733f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
3743f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1cd00000 'C:\WINDOWS\System32\KERNEL32.DLL'
3753f78.2740: supR3HardenedDllNotificationCallback: load 00007ff641eb0000 LB 0x0010e000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
3763f78.2740: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
3773f78.2740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe)
3783f78.2740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
3793f78.2740: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffc1ece9ac0 pvNtTerminateThread=00007ffc1ed15df0
3802308.1fb8: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 77 ms.
3813f78.2740: \SystemRoot\System32\ntdll.dll:
3823f78.2740: CreationTime: 2017-11-20T09:23:55.638381700Z
3833f78.2740: LastWriteTime: 2017-09-05T05:26:19.169608500Z
3843f78.2740: ChangeTime: 2017-11-20T10:58:40.402711000Z
3853f78.2740: FileAttributes: 0x20
3863f78.2740: Size: 0x1d7658
3873f78.2740: NT Headers: 0xe0
3883f78.2740: Timestamp: 0x8274fd8b
3893f78.2740: Machine: 0x8664 - amd64
3903f78.2740: Timestamp: 0x8274fd8b
3913f78.2740: Image Version: 10.0
3923f78.2740: SizeOfImage: 0x1db000 (1945600)
3933f78.2740: Resource Dir: 0x170000 LB 0x69448
3943f78.2740: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
3953f78.2740: [Raw version resource data: 0x1700f0 LB 0x380, codepage 0x0 (reserved 0x0)]
3963f78.2740: ProductName: Microsoft® Windows® Operating System
3973f78.2740: ProductVersion: 10.0.15063.608
3983f78.2740: FileVersion: 10.0.15063.608 (WinBuild.160101.0800)
3993f78.2740: FileDescription: NT Layer DLL
4003f78.2740: \SystemRoot\System32\kernel32.dll:
4013f78.2740: CreationTime: 2017-08-28T10:58:48.794010700Z
4023f78.2740: LastWriteTime: 2017-04-28T01:06:01.409897400Z
4033f78.2740: ChangeTime: 2017-11-20T09:28:42.128776600Z
4043f78.2740: FileAttributes: 0x20
4053f78.2740: Size: 0xad068
4063f78.2740: NT Headers: 0xf8
4073f78.2740: Timestamp: 0xf5fa43df
4083f78.2740: Machine: 0x8664 - amd64
4093f78.2740: Timestamp: 0xf5fa43df
4103f78.2740: Image Version: 10.0
4113f78.2740: SizeOfImage: 0xae000 (712704)
4123f78.2740: Resource Dir: 0xac000 LB 0x520
4133f78.2740: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
4143f78.2740: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
4153f78.2740: ProductName: Microsoft® Windows® Operating System
4163f78.2740: ProductVersion: 10.0.15063.296
4173f78.2740: FileVersion: 10.0.15063.296 (WinBuild.160101.0800)
4183f78.2740: FileDescription: Windows NT BASE API Client DLL
4193f78.2740: \SystemRoot\System32\KernelBase.dll:
4203f78.2740: CreationTime: 2017-11-20T09:24:36.513944400Z
4213f78.2740: LastWriteTime: 2017-09-30T05:48:26.662495200Z
4223f78.2740: ChangeTime: 2017-11-20T10:58:39.722254100Z
4233f78.2740: FileAttributes: 0x20
4243f78.2740: Size: 0x249df0
4253f78.2740: NT Headers: 0x100
4263f78.2740: Timestamp: 0x93d2100b
4273f78.2740: Machine: 0x8664 - amd64
4283f78.2740: Timestamp: 0x93d2100b
4293f78.2740: Image Version: 10.0
4303f78.2740: SizeOfImage: 0x249000 (2396160)
4313f78.2740: Resource Dir: 0x22a000 LB 0x548
4323f78.2740: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
4333f78.2740: [Raw version resource data: 0x22a0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
4343f78.2740: ProductName: Microsoft® Windows® Operating System
4353f78.2740: ProductVersion: 10.0.15063.674
4363f78.2740: FileVersion: 10.0.15063.674 (WinBuild.160101.0800)
4373f78.2740: FileDescription: Windows NT BASE API Client DLL
4383f78.2740: \SystemRoot\System32\apisetschema.dll:
4393f78.2740: CreationTime: 2017-03-18T20:57:35.373527900Z
4403f78.2740: LastWriteTime: 2017-03-18T20:57:35.373527900Z
4413f78.2740: ChangeTime: 2017-08-11T13:24:58.427522100Z
4423f78.2740: FileAttributes: 0x20
4433f78.2740: Size: 0x1ada0
4443f78.2740: NT Headers: 0xc0
4453f78.2740: Timestamp: 0x76544b2
4463f78.2740: Machine: 0x8664 - amd64
4473f78.2740: Timestamp: 0x76544b2
4483f78.2740: Image Version: 10.0
4493f78.2740: SizeOfImage: 0x1b000 (110592)
4503f78.2740: Resource Dir: 0x1a000 LB 0x408
4513f78.2740: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
4523f78.2740: [Raw version resource data: 0x1a060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
4533f78.2740: ProductName: Microsoft® Windows® Operating System
4543f78.2740: ProductVersion: 10.0.15063.0
4553f78.2740: FileVersion: 10.0.15063.0 (WinBuild.160101.0800)
4563f78.2740: FileDescription: ApiSet Schema DLL
4573f78.2740: NtOpenDirectoryObject failed on \Driver: 0xc0000022
4583f78.2740: supR3HardenedWinFindAdversaries: 0x0
4593f78.2740: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
4603f78.2740: Calling main()
4613f78.2740: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
4623f78.2740: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
4633f78.2740: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
4643f78.2740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe)
4653f78.2740: SUPR3HardenedMain: Final process, opening VBoxDrv...
4663f78.2740: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000a00000 LB 0x400000)
4673f78.2740: supR3HardNtEnableThreadCreation:
4683f78.2740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
4693f78.2740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
4703f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
4713f78.2740: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
4723f78.2740: supR3HardenedDllNotificationCallback: load 00007ffc19800000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
4733f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
4743f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
4753f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
4763f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc19800000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
4773f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
4783f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
4793f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc19800000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
4803f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc19800000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
4813f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
4823f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
4833f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
4843f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
4853f78.2740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wintrust.dll)
4863f78.2740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wintrust.dll
4873f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
4883f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
4893f78.2740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll)
4903f78.2740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
4913f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
4923f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
4933f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'msasn1.dll'.
4943f78.2740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\crypt32.dll)
4953f78.2740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\crypt32.dll
4963f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
4973f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
4983f78.2740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msasn1.dll)
4993f78.2740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msasn1.dll
5003f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
5013f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
5023f78.2740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcrt.dll)
5033f78.2740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
5043f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
5053f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
5063f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
5073f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5083f78.2740: supR3HardenedDllNotificationCallback: load 00007ffc1c350000 LB 0x0009d000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0]
5093f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
5103f78.2740: supR3HardenedDllNotificationCallback: load 00007ffc1b100000 LB 0x00011000 C:\WINDOWS\System32\MSASN1.dll [fFlags=0x0]
5113f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
5123f78.2740: supR3HardenedDllNotificationCallback: load 00007ffc1b3f0000 LB 0x000f6000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0]
5133f78.2740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ucrtbase.dll)
5143f78.2740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ucrtbase.dll
5153f78.2740: supR3HardenedDllNotificationCallback: load 00007ffc1b590000 LB 0x001c9000 C:\WINDOWS\System32\CRYPT32.dll [fFlags=0x0]
5163f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
5173f78.2740: supR3HardenedDllNotificationCallback: load 00007ffc1e5d0000 LB 0x00125000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
5183f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
5193f78.2740: supR3HardenedDllNotificationCallback: load 00007ffc1ce40000 LB 0x00059000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
5203f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
5213f78.2740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\sechost.dll)
5223f78.2740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sechost.dll
5233f78.2740: supR3HardenedDllNotificationCallback: load 00007ffc1e8c0000 LB 0x000a1000 C:\WINDOWS\System32\advapi32.dll [fFlags=0x0]
5243f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
5253f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'sechost.dll'.
5263f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
5273f78.2740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\advapi32.dll)
5283f78.2740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\advapi32.dll
5293f78.2740: supR3HardenedDllNotificationCallback: load 00007ffc1b190000 LB 0x00056000 C:\WINDOWS\System32\Wintrust.dll [fFlags=0x0]
5303f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5313f78.2740: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
5323f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5333f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b860000 'api-ms-win-core-synch-l1-2-0'
5343f78.2740: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
5353f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5363f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b860000 'api-ms-win-core-fibers-l1-1-1'
5373f78.2740: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
5383f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5393f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b860000 'api-ms-win-core-fibers-l1-1-1'
5403f78.2740: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
5413f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5423f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b860000 'api-ms-win-core-synch-l1-2-0'
5433f78.2740: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
5443f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5453f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b860000 'api-ms-win-core-localization-l1-2-1'
5463f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b190000 'C:\WINDOWS\system32\Wintrust.dll'
5473f78.2740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcrypt.dll)
5483f78.2740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
5493f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
5503f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
5513f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
5523f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
5533f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume3\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
5543f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\sechost.dll [lacks WinVerifyTrust]
5553f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
5563f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
5573f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
5583f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
5593f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
5603f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
5613f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5623f78.2740: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
5633f78.2740: supR3HardenedDllNotificationCallback: load 00007ffc1aca0000 LB 0x00025000 C:\WINDOWS\system32\bcrypt.dll [fFlags=0x0]
5643f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
5653f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1aca0000 'C:\WINDOWS\system32\bcrypt.dll'
5663f78.2740: bcrypt.dll loaded at 00007ffc1aca0000, BCryptOpenAlgorithmProvider at 00007ffc1aca4aa0, preloading providers:
5673f78.2740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll)
5683f78.2740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
5693f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5703f78.2740: supR3HardenedDllNotificationCallback: load 00007ffc1b380000 LB 0x0006a000 C:\WINDOWS\System32\bcryptprimitives.dll [fFlags=0x0]
5713f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
5723f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b380000 'C:\WINDOWS\system32\bcryptprimitives.dll'
5733f78.2740: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=0000000000fc0f70)
5743f78.2740: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=0000000000fc1580)
5753f78.2740: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=0000000000fc1850)
5763f78.2740: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000000000fc1b20)
5773f78.2740: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000000fc1df0)
5783f78.2740: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000000fc20c0)
5793f78.2740: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000000fc2390)
5803f78.2740: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000000fc2660)
5813f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5823f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5833f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b190000 'C:\Windows\System32\WINTRUST.DLL'
5843f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5853f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5863f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b190000 'C:\Windows\System32\WINTRUST.DLL'
5873f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5883f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5893f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b190000 'C:\Windows\System32\WINTRUST.DLL'
5903f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5913f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5923f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b190000 'C:\Windows\System32\WINTRUST.DLL'
5933f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5943f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5953f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b190000 'C:\Windows\System32\WINTRUST.DLL'
5963f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5973f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5983f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b190000 'C:\Windows\System32\WINTRUST.DLL'
5993f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
6003f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6013f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b190000 'C:\Windows\System32\WINTRUST.DLL'
6023f78.2740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptsp.dll)
6033f78.2740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptsp.dll
6043f78.2740: supR3HardenedDllNotificationCallback: load 00007ffc1ab90000 LB 0x00017000 C:\WINDOWS\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
6053f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
6063f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'bcrypt.dll'.
6073f78.2740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rsaenh.dll)
6083f78.2740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
6093f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
6103f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
6113f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
6123f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6133f78.2740: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6143f78.2740: supR3HardenedDllNotificationCallback: load 00007ffc1a620000 LB 0x00034000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
6153f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6163f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
6173f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
6183f78.2740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptbase.dll)
6193f78.2740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptbase.dll
6203f78.2740: supR3HardenedDllNotificationCallback: load 00007ffc1abb0000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
6213f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
6223f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
6233f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
6243f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
6253f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
6263f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6273f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1cd00000 'C:\WINDOWS\System32\kernel32.dll'
6283f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
6293f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b190000 'C:\Windows\System32\WINTRUST.DLL'
6303f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
6313f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6323f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\System32\CRYPT32.dll'
6333f78.2740: supR3HardenedDllNotificationCallback: load 00007ffc1ce20000 LB 0x0001d000 C:\WINDOWS\System32\imagehlp.dll [fFlags=0x0]
6343f78.2740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\imagehlp.dll)
6353f78.2740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imagehlp.dll
6363f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6373f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6383f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
6393f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
6403f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
6413f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'crypt32.dll'.
6423f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'bcrypt.dll'.
6433f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'ncrypt.dll'.
6443f78.2740: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\ngcrecovery.dll)
6453f78.2740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ngcrecovery.dll
6463f78.2740: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 00000000000001f4 (hFile=00000000000001e8) with 0xc0000022 -> STATUS_TRUST_FAILURE
6473f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6483f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
6493f78.2740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gpapi.dll)
6503f78.2740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gpapi.dll
6513f78.2740: supR3HardenedDllNotificationCallback: load 00007ffc19fb0000 LB 0x00022000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0]
6523f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
6533f78.2740: supR3HardenedDllNotificationCallback: load 00007ffc1b0e0000 LB 0x00015000 C:\WINDOWS\System32\profapi.dll [fFlags=0x0]
6543f78.2740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\profapi.dll)
6553f78.2740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\profapi.dll
6563f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6573f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
6583f78.2740: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\cryptnet.dll)
6593f78.2740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptnet.dll
6603f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
6613f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
6623f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
6633f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6643f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6653f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6663f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6673f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6683f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
6693f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6703f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6713f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6723f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ncrypt.dll'...
6733f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'ncrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\ncrypt.dll' [rcNtRedir=0xc0150008]
6743f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcrypt.dll'.
6753f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'ntasn1.dll'.
6763f78.2740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ncrypt.dll)
6773f78.2740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ncrypt.dll
6783f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
6793f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
6803f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
6813f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
6823f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
6833f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
6843f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6853f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6863f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
6873f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
6883f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
6893f78.2740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll)
6903f78.2740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
6913f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntasn1.dll'...
6923f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\ntasn1.dll' [rcNtRedir=0xc0150008]
6933f78.2740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntasn1.dll)
6943f78.2740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntasn1.dll
6953f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
6963f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
6973f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
6983f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6993f78.2740: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7003f78.2740: supR3HardenedDllNotificationCallback: load 00007ffc09c20000 LB 0x0002f000 C:\WINDOWS\System32\cryptnet.dll [fFlags=0x0]
7013f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7023f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7033f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
7043f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc09c20000 'C:\WINDOWS\System32\cryptnet.dll'
7053f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7063f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
7073f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc09c20000 'C:\WINDOWS\System32\cryptnet.dll'
7083f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7093f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
7103f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc09c20000 'C:\WINDOWS\System32\cryptnet.dll'
7113f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7123f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
7133f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc09c20000 'C:\WINDOWS\System32\cryptnet.dll'
7143f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7153f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
7163f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc09c20000 'C:\WINDOWS\System32\cryptnet.dll'
7173f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7183f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
7193f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc09c20000 'C:\WINDOWS\System32\cryptnet.dll'
7203f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7213f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc09c20000 'C:\WINDOWS\System32\cryptnet.dll'
7223f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7233f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc09c20000 'C:\WINDOWS\System32\cryptnet.dll'
7243f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7253f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc09c20000 'C:\WINDOWS\System32\cryptnet.dll'
7263f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7273f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc09c20000 'C:\WINDOWS\System32\cryptnet.dll'
7283f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7293f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc09c20000 'C:\WINDOWS\System32\cryptnet.dll'
7303f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc09c20000 'C:\WINDOWS\System32\cryptnet.dll'
7313f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7323f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc09c20000 'C:\Windows\System32\cryptnet.dll'
7333f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7343f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7353f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
7363f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
7373f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7383f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\System32\crypt32.dll'
7393f78.2740: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
7403f78.2740: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000fd26c0
7413f78.2740: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000fd26c0
7423f78.2740: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AD38255A6DCCC09B45A72579827544B1B25F4681
7433f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
7443f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7453f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e5d0000 'C:\WINDOWS\System32\rpcrt4.dll'
7463f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
7473f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b190000 'C:\Windows\System32\WINTRUST.DLL'
7483f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
7493f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b190000 'C:\Windows\System32\WINTRUST.DLL'
7503f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
7513f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b190000 'C:\Windows\System32\WINTRUST.DLL'
7523f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
7533f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b190000 'C:\Windows\System32\WINTRUST.DLL'
7543f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
7553f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b190000 'C:\Windows\System32\WINTRUST.DLL'
7563f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
7573f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b190000 'C:\Windows\System32\WINTRUST.DLL'
7583f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
7593f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7603f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b190000 'C:\Windows\System32\WINTRUST.DLL'
7613f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7623f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7633f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
7643f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
7653f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7663f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\System32\crypt32.dll'
7673f78.2740: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2070_for_KB4041676~31bf3856ad364e35~amd64~~10.0.1.8.cat'; file='\SystemRoot\System32\ntdll.dll'
7683f78.2740: g_pfnWinVerifyTrust=00007ffc1b19d3e0
7693f78.2740: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
7703f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7713f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7723f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
7733f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
7743f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7753f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\System32\crypt32.dll'
7763f78.2740: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\crypt32.dll'
7773f78.2740: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
7783f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7793f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7803f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
7813f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\System32\crypt32.dll'
7823f78.2740: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\wintrust.dll'
7833f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7843f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7853f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
7863f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\System32\crypt32.dll'
7873f78.2740: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ntasn1.dll'
7883f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7893f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
7903f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\System32\crypt32.dll'
7913f78.2740: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'
7923f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7933f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
7943f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\System32\crypt32.dll'
7953f78.2740: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ncrypt.dll'
7963f78.2740: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000038c pwszName=\Device\HarddiskVolume3\Windows\System32\cryptnet.dll
7973f78.2740: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000fd26c0
7983f78.2740: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000fd26c0
7993f78.2740: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=30DAE41220776EDDC1F05DDBB10EE8379CC41546
8003f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8013f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
8023f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\System32\crypt32.dll'
8033f78.2740: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-CoreSystem-onecore-Package~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\cryptnet.dll'
8043f78.2740: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
8053f78.2740: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptnet.dll'
8063f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8073f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
8083f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\System32\crypt32.dll'
8093f78.2740: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\profapi.dll'
8103f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8113f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
8123f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\System32\crypt32.dll'
8133f78.2740: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gpapi.dll'
8143f78.2740: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001f0 pwszName=\Device\HarddiskVolume3\Windows\System32\ngcrecovery.dll
8153f78.2740: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000fd26c0
8163f78.2740: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000fd26c0
8173f78.2740: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6E3EA9BEFE875CD90A66DCBEEF4C761ACAC3755E
8183f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8193f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
8203f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
8213f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8223f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\System32\crypt32.dll'
8233f78.2740: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1515_for_KB4041676~31bf3856ad364e35~amd64~~10.0.1.8.cat'; file='\Device\HarddiskVolume3\Windows\System32\ngcrecovery.dll'
8243f78.2740: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
8253f78.2740: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ngcrecovery.dll'
8263f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8273f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
8283f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\System32\crypt32.dll'
8293f78.2740: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imagehlp.dll'
8303f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8313f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8323f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
8333f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\System32\crypt32.dll'
8343f78.2740: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptbase.dll'
8353f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8363f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
8373f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\System32\crypt32.dll'
8383f78.2740: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rsaenh.dll'
8393f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
8403f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\System32\crypt32.dll'
8413f78.2740: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptsp.dll'
8423f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
8433f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\System32\crypt32.dll'
8443f78.2740: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll'
8453f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
8463f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\System32\crypt32.dll'
8473f78.2740: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll'
8483f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
8493f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\System32\crypt32.dll'
8503f78.2740: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\advapi32.dll'
8513f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
8523f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\System32\crypt32.dll'
8533f78.2740: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\sechost.dll'
8543f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
8553f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\System32\crypt32.dll'
8563f78.2740: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ucrtbase.dll'
8573f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
8583f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\System32\crypt32.dll'
8593f78.2740: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll'
8603f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
8613f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\System32\crypt32.dll'
8623f78.2740: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msasn1.dll'
8633f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
8643f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\System32\crypt32.dll'
8653f78.2740: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll'
8663f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
8673f78.2740: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
8683f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
8693f78.2740: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe'
8703f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
8713f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\System32\crypt32.dll'
8723f78.2740: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\KernelBase.dll'
8733f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
8743f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\System32\crypt32.dll'
8753f78.2740: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\kernel32.dll'
8763f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\system32\crypt32.dll'
8773f78.2740: supR3HardenedWinIsDesiredRootCA: Adding 0xa3be02cc7c59a500 CN=WSUS Publishers Self-signed
8783f78.2740: supR3HardenedWinIsDesiredRootCA: Adding 0x5d98d74975e4c800 O=VMware, Inc., OU=VMware Horizon View default certificate, CN=SRVCB01-Testlab.agenda.de
8793f78.2740: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
8803f78.2740: supR3HardenedWinIsDesiredRootCA: Adding 0xd508e4f63fe8a700 CN=CA, CN=SRVVC, dc=vsphere,dc=local, C=US
8813f78.2740: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
8823f78.2740: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
8833f78.2740: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
8843f78.2740: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
8853f78.2740: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
8863f78.2740: supR3HardenedWinIsDesiredRootCA: Adding 0x618e12fe7fabb800 C=US, ST=California, L=Palo Alto, O=VMware, Inc., OU=vSphere Client Service, CN=vmware-plugin, Email=ssl-certificates@vmware.com
8873f78.2740: supR3HardenedWinIsDesiredRootCA: Adding 0x34238010d01cb00 DC=de, DC=agenda, CN=AGENDAROOTCA
8883f78.2740: supR3HardenedWinIsDesiredRootCA: Adding 0x95ee6a339623cc00 C=US, ST=California, L=Palo Alto, O=VMware, Inc., OU=vSphere Client Service, CN=vmware-localhost, Email=ssl-certificates@vmware.com
8893f78.2740: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
8903f78.2740: supR3HardenedWinIsDesiredRootCA: Adding 0x7ee77634378ab600 O=VMware, Inc., OU=vCenterServer_2015.04.10_094434, CN=SRVVC.agenda.de, Email=support@vmware.com
8913f78.2740: supR3HardenedWinIsDesiredRootCA: Adding 0x921ecab9bd9bad00 CN=wts-app.agenda.de
8923f78.2740: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
8933f78.2740: supR3HardenedWinIsDesiredRootCA: Adding 0xf53c626d65d8c400 CN=WSUS Publishers Self-signed
8943f78.2740: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
8953f78.2740: supR3HardenedWinIsDesiredRootCA: Adding 0x8f68dd1e665fc800 CN=SRVROOTCA
8963f78.2740: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
8973f78.2740: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
8983f78.2740: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
8993f78.2740: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
9003f78.2740: supR3HardenedWinIsDesiredRootCA: Adding 0xe248b7eeee4af00 C=CH, O=SwissSign AG, CN=SwissSign Gold CA - G2
9013f78.2740: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
9023f78.2740: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
9033f78.2740: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
9043f78.2740: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
9053f78.2740: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
9063f78.2740: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
9073f78.2740: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
9083f78.2740: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
9093f78.2740: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
9103f78.2740: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
9113f78.2740: supR3HardenedWinIsDesiredRootCA: Adding 0x3178d37f87f1c400 C=CH, O=SwissSign AG, CN=SwissSign Silver CA - G2
9123f78.2740: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
9133f78.2740: supR3HardenedWinIsDesiredRootCA: Adding 0x2fba703484f19900 C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 EV 2009
9143f78.2740: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
9153f78.2740: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
9163f78.2740: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
9173f78.2740: supR3HardenedWinIsDesiredRootCA: Adding 0x298be035a30bab00 C=DE, O=Deutsche Telekom AG, OU=T-TeleSec Trust Center, CN=Deutsche Telekom Root CA 2
9183f78.2740: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
9193f78.2740: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
9203f78.2740: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
9213f78.2740: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
9223f78.2740: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
9233f78.2740: supR3HardenedWinIsDesiredRootCA: Adding 0x73e85f1bda5faa00 C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 2
9243f78.2740: supR3HardenedWinIsDesiredRootCA: Adding 0xef477acf4ab2d300 C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 2009
9253f78.2740: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
9263f78.2740: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
9273f78.2740: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
9283f78.2740: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
9293f78.2740: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
9303f78.2740: supR3HardenedWinIsDesiredRootCA: Adding 0xb16dd37ffeb3b300 C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1
9313f78.2740: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
9323f78.2740: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
9333f78.2740: supR3HardenedWinIsDesiredRootCA: Adding 0x20b7075b3689b600 C=IL, O=StartCom Ltd., CN=StartCom Certification Authority G2
9343f78.2740: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
9353f78.2740: supR3HardenedWinIsDesiredRootCA: Adding 0xe69c54164257cc00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 3
9363f78.2740: supR3HardenedWinIsDesiredRootCA: Adding 0x1f78fc529cbacb00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
9373f78.2740: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
9383f78.2740: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
9393f78.2740: supR3HardenedWinIsDesiredRootCA: Adding 0xa8b43f38c3f7b100 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware
9403f78.2740: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
9413f78.2740: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
9423f78.2740: supR3HardenedWinIsDesiredRootCA: Adding 0xb411aa28d9b1449b O=VMware, Inc., OU=VMware View default certifcate, CN=VIEW-CB.agenda.de
9433f78.2740: supR3HardenedWinIsDesiredRootCA: Adding 0x59f2c9579546a300 CN=srv2600.agenda.de
9443f78.2740: supR3HardenedWinIsDesiredRootCA: Adding 0x2c34347a2383b100 CN=exchange2010
9453f78.2740: supR3HardenedWinIsDesiredRootCA: Adding 0xe46b39b26b67a500 C=DE, O=AGENDA, CN=mx01.agenda-software.de
9463f78.2740: supR3HardenedWinIsDesiredRootCA: Adding 0xe005ae2f29c68c00 CN=exchange2010
9473f78.2740: supR3HardenedWinIsDesiredRootCA: Adding 0xde0827fc23d5a600 CN=wts64.agenda.de
9483f78.2740: supR3HardenedWinIsDesiredRootCA: Adding 0x8f68dd1e665fc800 CN=SRVROOTCA
9493f78.2740: supR3HardenedWinIsDesiredRootCA: Adding 0x34238010d01cb00 DC=de, DC=agenda, CN=AGENDAROOTCA
9503f78.2740: supR3HardenedWinIsDesiredRootCA: Adding 0x8f68dd1e665fc800 CN=SRVROOTCA
9513f78.2740: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=74
9523f78.2740: SUPR3HardenedMain: Load Runtime...
9533f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
9543f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
9553f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
9563f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
9573f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
9583f78.2740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
9593f78.2740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
9603f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9613f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9623f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
9633f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
9643f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
9653f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
9663f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9673f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
9683f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
9693f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9703f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\System32\crypt32.dll'
9713f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
9723f78.2740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ws2_32.dll) WinVerifyTrust
9733f78.2740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
9743f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
9753f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
9763f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9773f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9783f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
9793f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
9803f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
9813f78.2740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
9823f78.2740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
9833f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
9843f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
9853f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
9863f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
9873f78.2740: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
9883f78.2740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll)
9893f78.2740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
9903f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
9913f78.2740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
9923f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
9933f78.2740: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
9943f78.2740: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
9953f78.2740: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
9963f78.2740: supR3HardenedDllNotificationCallback: load 0000000058940000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
9973f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
9983f78.2740: supR3HardenedDllNotificationCallback: load 0000000058a20000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
9993f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
10003f78.2740: supR3HardenedDllNotificationCallback: load 00007ffc1e2e0000 LB 0x0006c000 C:\WINDOWS\System32\WS2_32.dll [fFlags=0x0]
10013f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
10023f78.2740: supR3HardenedDllNotificationCallback: load 00007ffbcefb0000 LB 0x00595000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
10033f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
10043f78.2740: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10053f78.2740: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
10063f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
10073f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10083f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcefb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10093f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
10103f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10113f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcefb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10123f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
10133f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10143f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcefb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10153f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
10163f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10173f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcefb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10183f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
10193f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10203f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcefb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10213f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
10223f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10233f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcefb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10243f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcefb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10253f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcefb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10263f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcefb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10273f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcefb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10283f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcefb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10293f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcefb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10303f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcefb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10313f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
10323f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10333f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcefb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10343f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcefb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10353f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcefb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10363f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcefb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10373f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcefb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10383f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcefb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10393f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcefb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10403f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcefb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10413f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcefb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10423f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcefb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10433f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcefb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10443f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcefb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10453f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcefb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10463f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcefb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10473f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcefb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10483f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcefb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10493f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
10503f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10513f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcefb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10523f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcefb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10533f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcefb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10543f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcefb0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10553f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b190000 'C:\WINDOWS\system32\Wintrust.dll'
10563f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
10573f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\System32\crypt32.dll'
10583f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
10593f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\System32\crypt32.dll'
10603f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\system32\crypt32.dll'
10613f78.2740: SUPR3HardenedMain: Load TrustedMain...
10623f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
10633f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
10643f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
10653f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
10663f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
10673f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
10683f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5guivbox.dll'.
10693f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5widgetsvbox.dll'.
10703f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5printsupportvbox.dll'.
10713f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
10723f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
10733f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
10743f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
10753f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
10763f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
10773f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'.
10783f78.2740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
10793f78.2740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.dll
10803f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
10813f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
10823f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
10833f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\System32\crypt32.dll'
10843f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
10853f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
10863f78.2740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winmm.dll) WinVerifyTrust
10873f78.2740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winmm.dll
10883f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
10893f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
10903f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10913f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10923f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
10933f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
10943f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
10953f78.2740: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'.
10963f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10973f78.2740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winmmbase.dll)
10983f78.2740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winmmbase.dll
10993f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11003f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11013f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
11023f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
11033f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\System32\crypt32.dll'
11043f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
11053f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
11063f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
11073f78.2740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\oleaut32.dll) WinVerifyTrust
11083f78.2740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
11093f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
11103f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
11113f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
11123f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
11133f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
11143f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
11153f78.2740: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
11163f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
11173f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'bcryptprimitives.dll'.
11183f78.2740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\combase.dll)
11193f78.2740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\combase.dll
11203f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
11213f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
11223f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
11233f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
11243f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
11253f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
11263f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
11273f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
11283f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
11293f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\System32\crypt32.dll'
11303f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'rpcrt4.dll'.
11313f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'gdi32.dll'.
11323f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'user32.dll'.
11333f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'combase.dll'.
11343f78.2740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ole32.dll) WinVerifyTrust
11353f78.2740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ole32.dll
11363f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
11373f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
11383f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
11393f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
11403f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [lacks WinVerifyTrust]
11413f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
11423f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
11433f78.2740: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
11443f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
11453f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
11463f78.2740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\user32.dll)
11473f78.2740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\user32.dll
11483f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
11493f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
11503f78.2740: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
11513f78.2740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32.dll)
11523f78.2740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32.dll
11533f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
11543f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
11553f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
11563f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
11573f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
11583f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
11593f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
11603f78.2740: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
11613f78.2740: '\Device\HarddiskVolume3\Windows\System32\win32u.dll' has no imports
11623f78.2740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\win32u.dll)
11633f78.2740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\win32u.dll
11643f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
11653f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\System32\crypt32.dll'
11663f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11673f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #67 'user32.dll'.
11683f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #69 'gdi32.dll'.
11693f78.2740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shell32.dll) WinVerifyTrust
11703f78.2740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shell32.dll
11713f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
11723f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
11733f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
11743f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
11753f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
11763f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [redoing WinVerifyTrust]
11773f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
11783f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
11793f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
11803f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
11813f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
11823f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
11833f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11843f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11853f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
11863f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
11873f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\System32\crypt32.dll'
11883f78.2740: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\user32.dll'
11893f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
11903f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
11913f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
11923f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
11933f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
11943f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
11953f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
11963f78.2740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
11973f78.2740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
11983f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5printsupportvbox.dll'...
11993f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5printsupportvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5printsupportvbox.dll' [rcNtRedir=0xc0150008]
12003f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
12013f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
12023f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
12033f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
12043f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
12053f78.2740: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'.
12063f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
12073f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
12083f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
12093f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
12103f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
12113f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
12123f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
12133f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
12143f78.2740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll)
12153f78.2740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
12163f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
12173f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
12183f78.2740: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'.
12193f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
12203f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
12213f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
12223f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
12233f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
12243f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
12253f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
12263f78.2740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll)
12273f78.2740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
12283f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
12293f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
12303f78.2740: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
12313f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
12323f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
12333f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
12343f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
12353f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
12363f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
12373f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
12383f78.2740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll)
12393f78.2740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
12403f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
12413f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
12423f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
12433f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
12443f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
12453f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
12463f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
12473f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
12483f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
12493f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
12503f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
12513f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
12523f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
12533f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
12543f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
12553f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12563f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12573f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
12583f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12593f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
12603f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
12613f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
12623f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
12633f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
12643f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
12653f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
12663f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
12673f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
12683f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
12693f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
12703f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12713f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12723f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
12733f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12743f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
12753f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
12763f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
12773f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
12783f78.2740: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\opengl32.dll'.
12793f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12803f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
12813f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
12823f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
12833f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'glu32.dll'.
12843f78.2740: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\opengl32.dll)
12853f78.2740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\opengl32.dll
12863f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
12873f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
12883f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
12893f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
12903f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
12913f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
12923f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
12933f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
12943f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
12953f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
12963f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
12973f78.2740: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
12983f78.2740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\mpr.dll)
12993f78.2740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\mpr.dll
13003f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
13013f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
13023f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
13033f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
13043f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
13053f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
13063f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
13073f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
13083f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
13093f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
13103f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
13113f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
13123f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13133f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13143f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
13153f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
13163f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
13173f78.2740: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
13183f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
13193f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
13203f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'opengl32.dll'.
13213f78.2740: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\glu32.dll)
13223f78.2740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\glu32.dll
13233f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13243f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13253f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
13263f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13273f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13283f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
13293f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
13303f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
13313f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
13323f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13333f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13343f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
13353f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
13363f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
13373f78.2740: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
13383f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13393f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13403f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
13413f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13423f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13433f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
13443f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
13453f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
13463f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5widgetsvbox.dll'.
13473f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
13483f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
13493f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
13503f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'comdlg32.dll'.
13513f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcr100.dll'.
13523f78.2740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll) WinVerifyTrust
13533f78.2740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
13543f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
13553f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
13563f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [redoing WinVerifyTrust]
13573f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
13583f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
13593f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
13603f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
13613f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume3\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
13623f78.2740: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\comdlg32.dll'.
13633f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
13643f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'user32.dll'.
13653f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'shlwapi.dll'.
13663f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
13673f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'comctl32.dll'.
13683f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'shell32.dll'.
13693f78.2740: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\comdlg32.dll)
13703f78.2740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\comdlg32.dll
13713f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
13723f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume3\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
13733f78.2740: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\winspool.drv'.
13743f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
13753f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'bcrypt.dll'.
13763f78.2740: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\winspool.drv)
13773f78.2740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winspool.drv
13783f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
13793f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
13803f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
13813f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
13823f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
13833f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
13843f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
13853f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
13863f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust]
13873f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13883f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13893f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
13903f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13913f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13923f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
13933f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
13943f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
13953f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
13963f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13973f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13983f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
13993f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
14003f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
14013f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
14023f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
14033f78.2740: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\comctl32.dll'.
14043f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
14053f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
14063f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
14073f78.2740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\comctl32.dll)
14083f78.2740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\comctl32.dll
14093f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
14103f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
14113f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
14123f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
14133f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
14143f78.2740: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'.
14153f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
14163f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'gdi32.dll'.
14173f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'user32.dll'.
14183f78.2740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shlwapi.dll)
14193f78.2740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
14203f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14213f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14223f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
14233f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
14243f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14253f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14263f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
14273f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
14283f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
14293f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
14303f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
14313f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14323f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14333f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
14343f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
14353f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
14363f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
14373f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
14383f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
14393f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
14403f78.2740: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'
14413f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
14423f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
14433f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust]
14443f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
14453f78.2740: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'
14463f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
14473f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
14483f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust]
14493f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
14503f78.2740: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'
14513f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
14523f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
14533f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [redoing WinVerifyTrust]
14543f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
14553f78.2740: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'
14563f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
14573f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
14583f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
14593f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
14603f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
14613f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
14623f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
14633f78.2740: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
14643f78.2740: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000488 pwszName=\Device\HarddiskVolume3\Windows\System32\opengl32.dll
14653f78.2740: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000fd26c0
14663f78.2740: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000fd26c0
14673f78.2740: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3C84CAE716539BA897604EBDDBAB05F52E4868A0
14683f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
14693f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\System32\crypt32.dll'
14703f78.2740: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecoreuap~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\opengl32.dll'
14713f78.2740: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14723f78.2740: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\opengl32.dll'
14733f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
14743f78.2740: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.dll
14753f78.2740: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
14763f78.2740: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
14773f78.2740: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
14783f78.2740: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
14793f78.2740: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
14803f78.2740: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
14813f78.2740: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
14823f78.2740: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
14833f78.2740: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
14843f78.2740: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
14853f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
14863f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
14873f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
14883f78.2740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_0e0f5dcc67adff4e\comctl32.dll)
14893f78.2740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_0e0f5dcc67adff4e\comctl32.dll
14903f78.2740: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
14913f78.2740: supR3HardenedDllNotificationCallback: load 00007ffc1c1b0000 LB 0x0001e000 C:\WINDOWS\System32\win32u.dll [fFlags=0x0]
14923f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [avoiding WinVerifyTrust]
14933f78.2740: supR3HardenedDllNotificationCallback: load 00007ffc1b4f0000 LB 0x0009a000 C:\WINDOWS\System32\msvcp_win.dll [fFlags=0x0]
14943f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
14953f78.2740: supR3HardenedDllNotificationCallback: load 00007ffc1b1f0000 LB 0x00187000 C:\WINDOWS\System32\gdi32full.dll [fFlags=0x0]
14963f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
14973f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'gdi32.dll'.
14983f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'user32.dll'.
14993f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'win32u.dll'.
15003f78.2740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32full.dll)
15013f78.2740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32full.dll
15023f78.2740: supR3HardenedDllNotificationCallback: load 00007ffc1e800000 LB 0x00027000 C:\WINDOWS\System32\GDI32.dll [fFlags=0x0]
15033f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [avoiding WinVerifyTrust]
15043f78.2740: supR3HardenedDllNotificationCallback: load 00007ffc1c510000 LB 0x0014a000 C:\WINDOWS\System32\USER32.dll [fFlags=0x0]
15053f78.2740: supR3HardenedDllNotificationCallback: load 00007ffc08b90000 LB 0x0002c000 C:\WINDOWS\SYSTEM32\GLU32.dll [fFlags=0x0]
15063f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
15073f78.2740: supR3HardenedDllNotificationCallback: load 00007ffbf78d0000 LB 0x00121000 C:\WINDOWS\SYSTEM32\OPENGL32.dll [fFlags=0x0]
15083f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
15093f78.2740: supR3HardenedDllNotificationCallback: load 00007ffc1b810000 LB 0x00049000 C:\WINDOWS\System32\cfgmgr32.dll [fFlags=0x0]
15103f78.2740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll)
15113f78.2740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
15123f78.2740: supR3HardenedDllNotificationCallback: load 00007ffc1e970000 LB 0x002f9000 C:\WINDOWS\System32\combase.dll [fFlags=0x0]
15133f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [avoiding WinVerifyTrust]
15143f78.2740: supR3HardenedDllNotificationCallback: load 00007ffc1e520000 LB 0x000aa000 C:\WINDOWS\System32\shcore.dll [fFlags=0x0]
15153f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
15163f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'rpcrt4.dll'.
15173f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'combase.dll'.
15183f78.2740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\SHCore.dll)
15193f78.2740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\SHCore.dll
15203f78.2740: supR3HardenedDllNotificationCallback: load 00007ffc1e700000 LB 0x00051000 C:\WINDOWS\System32\shlwapi.dll [fFlags=0x0]
15213f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll [avoiding WinVerifyTrust]
15223f78.2740: supR3HardenedDllNotificationCallback: load 00007ffc1b120000 LB 0x00011000 C:\WINDOWS\System32\kernel.appcore.dll [fFlags=0x0]
15233f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'.
15243f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
15253f78.2740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll)
15263f78.2740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll
15273f78.2740: supR3HardenedDllNotificationCallback: load 00007ffc1b140000 LB 0x0004c000 C:\WINDOWS\System32\powrprof.dll [fFlags=0x0]
15283f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
15293f78.2740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\powrprof.dll)
15303f78.2740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\powrprof.dll
15313f78.2740: supR3HardenedDllNotificationCallback: load 00007ffc1bab0000 LB 0x006f1000 C:\WINDOWS\System32\windows.storage.dll [fFlags=0x0]
15323f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
15333f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
15343f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #50 'combase.dll'.
15353f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #63 'profapi.dll'.
15363f78.2740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\windows.storage.dll)
15373f78.2740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\windows.storage.dll
15383f78.2740: supR3HardenedDllNotificationCallback: load 00007ffc1cea0000 LB 0x01436000 C:\WINDOWS\System32\SHELL32.dll [fFlags=0x0]
15393f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
15403f78.2740: supR3HardenedDllNotificationCallback: load 00007ffc1e3d0000 LB 0x00145000 C:\WINDOWS\System32\ole32.dll [fFlags=0x0]
15413f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
15423f78.2740: supR3HardenedDllNotificationCallback: load 00007ffc102d0000 LB 0x0001b000 C:\WINDOWS\SYSTEM32\MPR.dll [fFlags=0x0]
15433f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
15443f78.2740: supR3HardenedDllNotificationCallback: load 00000000581b0000 LB 0x00565000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
15453f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
15463f78.2740: supR3HardenedDllNotificationCallback: load 00007ffbcdfe0000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
15473f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
15483f78.2740: supR3HardenedDllNotificationCallback: load 0000000057c40000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
15493f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
15503f78.2740: supR3HardenedDllNotificationCallback: load 00007ffc169c0000 LB 0x0008a000 C:\WINDOWS\SYSTEM32\WINSPOOL.DRV [fFlags=0x0]
15513f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
15523f78.2740: supR3HardenedDllNotificationCallback: load 00007ffc09c90000 LB 0x000a6000 C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_0e0f5dcc67adff4e\COMCTL32.dll [fFlags=0x0]
15533f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_0e0f5dcc67adff4e\comctl32.dll [avoiding WinVerifyTrust]
15543f78.2740: supR3HardenedDllNotificationCallback: load 00007ffc1c400000 LB 0x00108000 C:\WINDOWS\System32\COMDLG32.dll [fFlags=0x0]
15553f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\comdlg32.dll [avoiding WinVerifyTrust]
15563f78.2740: supR3HardenedDllNotificationCallback: load 00007ffc0edb0000 LB 0x00051000 C:\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll [fFlags=0x0]
15573f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
15583f78.2740: supR3HardenedDllNotificationCallback: load 00000000588e0000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
15593f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
15603f78.2740: supR3HardenedDllNotificationCallback: load 00007ffc1c660000 LB 0x000c0000 C:\WINDOWS\System32\OLEAUT32.dll [fFlags=0x0]
15613f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
15623f78.2740: supR3HardenedDllNotificationCallback: load 00007ffc18b70000 LB 0x0002b000 C:\WINDOWS\SYSTEM32\WINMMBASE.dll [fFlags=0x0]
15633f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
15643f78.2740: supR3HardenedDllNotificationCallback: load 00007ffc18d20000 LB 0x00023000 C:\WINDOWS\SYSTEM32\WINMM.dll [fFlags=0x0]
15653f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
15663f78.2740: supR3HardenedDllNotificationCallback: load 00007ffbce5e0000 LB 0x009cf000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
15673f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.dll
15683f78.2740: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'.
15693f78.2740: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' [rescheduled]
15703f78.2740: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'.
15713f78.2740: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled]
15723f78.2740: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'.
15733f78.2740: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll' [rescheduled]
15743f78.2740: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'.
15753f78.2740: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' [rescheduled]
15763f78.2740: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'.
15773f78.2740: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rescheduled]
15783f78.2740: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
15793f78.2740: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
15803f78.2740: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_0e0f5dcc67adff4e\comctl32.dll'.
15813f78.2740: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_0e0f5dcc67adff4e\comctl32.dll' [rescheduled]
15823f78.2740: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'.
15833f78.2740: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rescheduled]
15843f78.2740: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\comctl32.dll'.
15853f78.2740: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\comctl32.dll' [rescheduled]
15863f78.2740: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\winspool.drv'.
15873f78.2740: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winspool.drv' [rescheduled]
15883f78.2740: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\comdlg32.dll'.
15893f78.2740: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\comdlg32.dll' [rescheduled]
15903f78.2740: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
15913f78.2740: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
15923f78.2740: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
15933f78.2740: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
15943f78.2740: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
15953f78.2740: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
15963f78.2740: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
15973f78.2740: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
15983f78.2740: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
15993f78.2740: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
16003f78.2740: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'.
16013f78.2740: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled]
16023f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
16033f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
16043f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
16053f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\profapi.dll
16063f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
16073f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
16083f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [redoing WinVerifyTrust]
16093f78.2740: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
16103f78.2740: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\combase.dll
16113f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
16123f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
16133f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16143f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16153f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
16163f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
16173f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
16183f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
16193f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16203f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16213f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
16223f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
16233f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [redoing WinVerifyTrust]
16243f78.2740: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
16253f78.2740: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\combase.dll
16263f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
16273f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
16283f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16293f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16303f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
16313f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
16323f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [redoing WinVerifyTrust]
16333f78.2740: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
16343f78.2740: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\win32u.dll
16353f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16363f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16373f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16383f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16393f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
16403f78.2740: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
16413f78.2740: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\gdi32.dll
16423f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
16433f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
16443f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
16453f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16463f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16473f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16483f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16493f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
16503f78.2740: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
16513f78.2740: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\gdi32.dll
16523f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
16533f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
16543f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
16553f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
16563f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1cd00000 'C:\WINDOWS\System32\kernel32.dll'
16573f78.2740: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
16583f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
16593f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b860000 'api-ms-win-core-string-l1-1-0'
16603f78.2740: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
16613f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
16623f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b860000 'api-ms-win-core-datetime-l1-1-1'
16633f78.2740: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
16643f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
16653f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b860000 'api-ms-win-core-localization-obsolete-l1-2-0'
16663f78.2740: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
16673f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
16683f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'win32u.dll'.
16693f78.2740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\imm32.dll)
16703f78.2740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imm32.dll
16713f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
16723f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
16733f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [redoing WinVerifyTrust]
16743f78.2740: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
16753f78.2740: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\win32u.dll
16763f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16773f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16783f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
16793f78.2740: supR3HardenedDllNotificationCallback: load 00007ffc1e890000 LB 0x0002d000 C:\WINDOWS\System32\IMM32.DLL [fFlags=0x0]
16803f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
16813f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e890000 'C:\WINDOWS\system32\IMM32.DLL'
16823f78.2740: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
16833f78.2740: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rescheduled]
16843f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [redoing WinVerifyTrust]
16853f78.2740: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
16863f78.2740: supR3HardenedScreenImage/LdrLoadDll: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\imm32.dll
16873f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16883f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e890000 'C:\WINDOWS\System32\imm32.dll'
16893f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
16903f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16913f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e8c0000 'C:\WINDOWS\System32\ADVAPI32.DLL'
16923f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbce5e0000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
16933f78.2740: SUPR3HardenedMain: Calling TrustedMain (00007ffbce5e14f0)...
16943f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
16953f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
16963f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
16973f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
16983f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
16993f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
17003f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
17013f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
17023f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
17033f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
17043f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
17053f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
17063f78.2740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
17073f78.2740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
17083f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
17093f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
17103f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
17113f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
17123f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
17133f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
17143f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
17153f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
17163f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
17173f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
17183f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
17193f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
17203f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
17213f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
17223f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
17233f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
17243f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
17253f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
17263f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
17273f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
17283f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
17293f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
17303f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [redoing WinVerifyTrust]
17313f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
17323f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\System32\crypt32.dll'
17333f78.2740: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll'
17343f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17353f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17363f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
17373f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
17383f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
17393f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
17403f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17413f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17423f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
17433f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
17443f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\System32\crypt32.dll'
17453f78.2740: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'
17463f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17473f78.2740: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
17483f78.2740: supR3HardenedDllNotificationCallback: load 00007ffc0e830000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
17493f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
17503f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc0e830000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
17513f78.2740: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000067c pwszName=\Device\HarddiskVolume3\Windows\System32\uxtheme.dll
17523f78.2740: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000fd26c0
17533f78.2740: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000fd26c0
17543f78.2740: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B531FF2B0DDEF1474B5898F2B0278778FD6901AD
17553f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
17563f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\System32\crypt32.dll'
17573f78.2740: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-shell~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\uxtheme.dll'
17583f78.2740: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17593f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17603f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'gdi32.dll'.
17613f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'user32.dll'.
17623f78.2740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\uxtheme.dll) WinVerifyTrust
17633f78.2740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
17643f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17653f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17663f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17673f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17683f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17693f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17703f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
17713f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
17723f78.2740: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
17733f78.2740: supR3HardenedDllNotificationCallback: load 00007ffc199e0000 LB 0x00095000 C:\WINDOWS\system32\uxtheme.dll [fFlags=0x0]
17743f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
17753f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc199e0000 'C:\WINDOWS\system32\uxtheme.dll'
17763f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1c510000 'C:\WINDOWS\system32\user32.dll'
17773f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
17783f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17793f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1cea0000 'C:\WINDOWS\system32\shell32.dll'
17803f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll [redoing WinVerifyTrust]
17813f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
17823f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\System32\crypt32.dll'
17833f78.2740: supR3HardenedScreenImage/LdrLoadDll: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'
17843f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\SHCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17853f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e520000 'C:\WINDOWS\system32\SHCore.dll'
17863f78.2740: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll; rcNtGetDll=0x0
17873f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\system32\wintab32.dll'
17883f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17893f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'win32u.dll'.
17903f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'user32.dll'.
17913f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'gdi32.dll'.
17923f78.2740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dwmapi.dll)
17933f78.2740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dwmapi.dll
17943f78.2740: supR3HardenedDllNotificationCallback: load 00007ffc174f0000 LB 0x0002a000 C:\WINDOWS\system32\dwmapi.dll [fFlags=0x0]
17953f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
17963f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17973f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17983f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17993f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18003f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
18013f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
18023f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
18033f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18043f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18053f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
18063f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\System32\crypt32.dll'
18073f78.2740: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dwmapi.dll'
18083f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
18093f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18103f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc18d20000 'C:\WINDOWS\system32\winmm.dll'
18113f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
18123f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18133f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc18d20000 'C:\WINDOWS\system32\winmm.dll'
18143f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
18153f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18163f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1cea0000 'C:\WINDOWS\system32\shell32.dll'
18173f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
18183f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18193f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc199e0000 'C:\WINDOWS\system32\uxtheme.dll'
18203f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
18213f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18223f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e8c0000 'C:\WINDOWS\system32\advapi32.dll'
18233f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
18243f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\System32\crypt32.dll'
18253f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
18263f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'profapi.dll'.
18273f78.2740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\userenv.dll) WinVerifyTrust
18283f78.2740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\userenv.dll
18293f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
18303f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
18313f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\profapi.dll
18323f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
18333f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
18343f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
18353f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18363f78.2740: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll
18373f78.2740: supR3HardenedDllNotificationCallback: load 00007ffc1b010000 LB 0x00029000 C:\WINDOWS\system32\userenv.dll [fFlags=0x0]
18383f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll
18393f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b010000 'C:\WINDOWS\system32\userenv.dll'
18403f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
18413f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18423f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1cd00000 'C:\WINDOWS\System32\kernel32.dll'
18433f78.2740: supR3HardenedDllNotificationCallback: load 00007ffc1e760000 LB 0x0009e000 C:\WINDOWS\System32\clbcatq.dll [fFlags=0x0]
18443f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18453f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
18463f78.2740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\clbcatq.dll)
18473f78.2740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\clbcatq.dll
18483f78.3320: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
18493f78.3320: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
18503f78.3320: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18513f78.3320: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18523f78.3320: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
18533f78.3320: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\System32\crypt32.dll'
18543f78.3320: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\clbcatq.dll'
18553f78.3320: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
18563f78.3320: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
18573f78.3320: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
18583f78.3320: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
18593f78.3320: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
18603f78.3320: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
18613f78.3320: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
18623f78.3320: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
18633f78.3320: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
18643f78.3320: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
18653f78.3320: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
18663f78.3320: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
18673f78.3320: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
18683f78.3320: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
18693f78.3320: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
18703f78.3320: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
18713f78.3320: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
18723f78.3320: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
18733f78.3320: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
18743f78.3320: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
18753f78.3320: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
18763f78.3320: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
18773f78.3320: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
18783f78.3320: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
18793f78.3320: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
18803f78.3320: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
18813f78.3320: supR3HardenedDllNotificationCallback: load 00007ffbcdae0000 LB 0x004ff000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
18823f78.3320: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
18833f78.3320: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcdae0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
18843f78.3320: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
18853f78.3320: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
18863f78.3320: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
18873f78.3320: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
18883f78.3320: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
18893f78.3320: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
18903f78.3320: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
18913f78.3320: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
18923f78.3320: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
18933f78.3320: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
18943f78.3320: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
18953f78.3320: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
18963f78.3320: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
18973f78.3320: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
18983f78.3320: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
18993f78.3320: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
19003f78.3320: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
19013f78.3320: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
19023f78.3320: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
19033f78.3320: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
19043f78.3320: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll [redoing WinVerifyTrust]
19053f78.3320: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
19063f78.3320: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\System32\crypt32.dll'
19073f78.3320: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'
19083f78.3320: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
19093f78.3320: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
19103f78.3320: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
19113f78.3320: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
19123f78.3320: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
19133f78.3320: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
19143f78.3320: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
19153f78.3320: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
19163f78.3320: supR3HardenedDllNotificationCallback: load 00007ffc0e690000 LB 0x000ba000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
19173f78.3320: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
19183f78.3320: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc0e690000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
19193f78.3320: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
19203f78.3320: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
19213f78.3320: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1c660000 'C:\Windows\System32\oleaut32.dll'
19223f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll
19233f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\gdi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
19243f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e800000 'C:\WINDOWS\system32\gdi32.dll'
19253f78.3080: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
19263f78.3080: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
19273f78.3080: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
19283f78.3080: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
19293f78.3080: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
19303f78.3080: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll) WinVerifyTrust
19313f78.3080: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
19323f78.3080: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
19333f78.3080: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
19343f78.3080: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
19353f78.3080: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
19363f78.3080: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
19373f78.3080: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
19383f78.3080: supR3HardenedDllNotificationCallback: load 00007ffc197e0000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL [fFlags=0x0]
19393f78.3080: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
19403f78.3080: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc197e0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL'
19413f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
19423f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
19433f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1cea0000 'C:\WINDOWS\system32\shell32.dll'
19443f78.2740: supR3HardenedDllNotificationCallback: load 00007ffc1c1d0000 LB 0x00166000 C:\WINDOWS\System32\MSCTF.dll [fFlags=0x0]
19453f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19463f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'oleaut32.dll'.
19473f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'user32.dll'.
19483f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'gdi32.dll'.
19493f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'imm32.dll'.
19503f78.2740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msctf.dll)
19513f78.2740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msctf.dll
19523f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
19533f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
19543f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
19553f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll
19563f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
19573f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
19583f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19593f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19603f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
19613f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
19623f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
19633f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19643f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19653f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
19663f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
19673f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\System32\crypt32.dll'
19683f78.2740: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msctf.dll'
19693f78.2740: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a24 pwszName=\Device\HarddiskVolume3\Windows\System32\DataExchange.dll
19703f78.2740: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000fd26c0
19713f78.2740: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000fd26c0
19723f78.2740: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=61683FE342024A9B1FED0572E599EB6BBE8FAFAD
19733f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
19743f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\System32\crypt32.dll'
19753f78.2740: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecoreuap~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\DataExchange.dll'
19763f78.2740: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19773f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19783f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shcore.dll'.
19793f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'combase.dll'.
19803f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'd3d11.dll'.
19813f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'dcomp.dll'.
19823f78.2740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\DataExchange.dll) WinVerifyTrust
19833f78.2740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\DataExchange.dll
19843f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'...
19853f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume3\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008]
19863f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
19873f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\System32\crypt32.dll'
19883f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
19893f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
19903f78.2740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dcomp.dll) WinVerifyTrust
19913f78.2740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dcomp.dll
19923f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
19933f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume3\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
19943f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19953f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19963f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
19973f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
19983f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
19993f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
20003f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\System32\crypt32.dll'
20013f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20023f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'dxgi.dll'.
20033f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'win32u.dll'.
20043f78.2740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\d3d11.dll) WinVerifyTrust
20053f78.2740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\d3d11.dll
20063f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
20073f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
20083f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [redoing WinVerifyTrust]
20093f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
20103f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
20113f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
20123f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
20133f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume3\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
20143f78.2740: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\dxgi.dll'.
20153f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20163f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'win32u.dll'.
20173f78.2740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dxgi.dll)
20183f78.2740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dxgi.dll
20193f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20203f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20213f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
20223f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
20233f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
20243f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20253f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20263f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
20273f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\System32\crypt32.dll'
20283f78.2740: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\combase.dll'
20293f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
20303f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume3\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
20313f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll
20323f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20333f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20343f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
20353f78.2740: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DataExchange.dll
20363f78.2740: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d11.dll
20373f78.2740: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dcomp.dll
20383f78.2740: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
20393f78.2740: supR3HardenedDllNotificationCallback: load 00007ffc1a0f0000 LB 0x000a4000 C:\WINDOWS\system32\dxgi.dll [fFlags=0x0]
20403f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
20413f78.2740: supR3HardenedDllNotificationCallback: load 00007ffc18720000 LB 0x002df000 C:\WINDOWS\system32\d3d11.dll [fFlags=0x0]
20423f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d11.dll
20433f78.2740: supR3HardenedDllNotificationCallback: load 00007ffc18ba0000 LB 0x00122000 C:\WINDOWS\system32\dcomp.dll [fFlags=0x0]
20443f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dcomp.dll
20453f78.2740: supR3HardenedDllNotificationCallback: load 00007ffc03370000 LB 0x00047000 C:\WINDOWS\system32\dataexchange.dll [fFlags=0x0]
20463f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DataExchange.dll
20473f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc03370000 'C:\WINDOWS\system32\dataexchange.dll'
20483f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
20493f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\System32\crypt32.dll'
20503f78.2740: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dxgi.dll'
20513f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20523f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
20533f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'bcrypt.dll'.
20543f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'combase.dll'.
20553f78.2740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll)
20563f78.2740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll
20573f78.2740: supR3HardenedDllNotificationCallback: load 00007ffc19ad0000 LB 0x00170000 C:\WINDOWS\system32\twinapi.appcore.dll [fFlags=0x0]
20583f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust]
20593f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20603f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'coreuicomponents.dll'.
20613f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'coremessaging.dll'.
20623f78.2740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll)
20633f78.2740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll
20643f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20653f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'coremessaging.dll'.
20663f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'shcore.dll'.
20673f78.2740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll)
20683f78.2740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll
20693f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20703f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'.
20713f78.2740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll)
20723f78.2740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll
20733f78.2740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntmarta.dll)
20743f78.2740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntmarta.dll
20753f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'combase.dll'.
20763f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
20773f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'bcryptprimitives.dll'.
20783f78.2740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\WinTypes.dll)
20793f78.2740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\WinTypes.dll
20803f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20813f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
20823f78.2740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\usermgrcli.dll)
20833f78.2740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\usermgrcli.dll
20843f78.2740: supR3HardenedDllNotificationCallback: load 00007ffc1a250000 LB 0x00031000 C:\WINDOWS\SYSTEM32\ntmarta.dll [fFlags=0x0]
20853f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntmarta.dll [avoiding WinVerifyTrust]
20863f78.2740: supR3HardenedDllNotificationCallback: load 00007ffc18a00000 LB 0x000e3000 C:\WINDOWS\System32\CoreMessaging.dll [fFlags=0x0]
20873f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [avoiding WinVerifyTrust]
20883f78.2740: supR3HardenedDllNotificationCallback: load 00007ffc16140000 LB 0x00139000 C:\WINDOWS\SYSTEM32\wintypes.dll [fFlags=0x0]
20893f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust]
20903f78.2740: supR3HardenedDllNotificationCallback: load 00007ffc166e0000 LB 0x00015000 C:\WINDOWS\SYSTEM32\usermgrcli.dll [fFlags=0x0]
20913f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\usermgrcli.dll [avoiding WinVerifyTrust]
20923f78.2740: supR3HardenedDllNotificationCallback: load 00007ffc162f0000 LB 0x002d2000 C:\WINDOWS\System32\CoreUIComponents.dll [fFlags=0x0]
20933f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll [avoiding WinVerifyTrust]
20943f78.2740: supR3HardenedDllNotificationCallback: load 00007ffc12f10000 LB 0x00082000 C:\WINDOWS\System32\TextInputFramework.dll [fFlags=0x0]
20953f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll [avoiding WinVerifyTrust]
20963f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
20973f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
20983f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20993f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21003f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
21013f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
21023f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
21033f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
21043f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
21053f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
21063f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
21073f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll
21083f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
21093f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
21103f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21113f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21123f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
21133f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume3\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
21143f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll
21153f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
21163f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume3\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
21173f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
21183f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21193f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21203f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
21213f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume3\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
21223f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
21233f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coreuicomponents.dll'...
21243f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'coreuicomponents.dll' -> '\Device\HarddiskVolume3\Windows\System32\coreuicomponents.dll' [rcNtRedir=0xc0150008]
21253f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll [lacks WinVerifyTrust]
21263f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21273f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21283f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
21293f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
21303f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll
21313f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
21323f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
21333f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
21343f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
21353f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
21363f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21373f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21383f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
21393f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\System32\crypt32.dll'
21403f78.2740: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\usermgrcli.dll'
21413f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
21423f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\System32\crypt32.dll'
21433f78.2740: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\WinTypes.dll'
21443f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
21453f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\System32\crypt32.dll'
21463f78.2740: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ntmarta.dll'
21473f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
21483f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\System32\crypt32.dll'
21493f78.2740: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll'
21503f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
21513f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\System32\crypt32.dll'
21523f78.2740: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll'
21533f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
21543f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\System32\crypt32.dll'
21553f78.2740: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll'
21563f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
21573f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\System32\crypt32.dll'
21583f78.2740: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll'
21593f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
21603f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\OLEAUT32.DLL (Input=OLEAUT32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21613f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1c660000 'C:\WINDOWS\System32\OLEAUT32.DLL'
21623f78.2740: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll) -> 0x0, fPresent=1
21633f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21643f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1c510000 'ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll'
21653f78.2740: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll) -> 0x0, fPresent=1
21663f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21673f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1c510000 'ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll'
21683f78.2740: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\System32\secruntime.dll': 0 (NtPath=\??\C:\WINDOWS\System32\secruntime.dll; Input=secruntime.dll; rcNtGetDll=0xc0000135
21693f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\System32\secruntime.dll'
21703f78.2740: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-com-l1-1-1.dll) -> 0x0, fPresent=1
21713f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-com-l1-1-1.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21723f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e970000 'api-ms-win-core-com-l1-1-1.dll'
21733f78.2740: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\System32\secruntime.dll': 0 (NtPath=\??\C:\WINDOWS\System32\secruntime.dll; Input=secruntime.dll; rcNtGetDll=0xc0000135
21743f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\System32\secruntime.dll'
21753f78.2740: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\System32\secruntime.dll': 0 (NtPath=\??\C:\WINDOWS\System32\secruntime.dll; Input=secruntime.dll; rcNtGetDll=0xc0000135
21763f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\System32\secruntime.dll'
21773f78.2740: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\System32\secruntime.dll': 0 (NtPath=\??\C:\WINDOWS\System32\secruntime.dll; Input=secruntime.dll; rcNtGetDll=0xc0000135
21783f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\System32\secruntime.dll'
21793f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msctf.dll
21803f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
21813f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1c1d0000 'C:\WINDOWS\System32\MSCTF.dll'
21823f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
21833f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21843f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1e3d0000 'C:\WINDOWS\System32\ole32.dll'
21853f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
21863f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21873f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1c660000 'C:\WINDOWS\System32\OLEAUT32.dll'
21883f78.2740: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b14 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
21893f78.2740: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000fd26c0
21903f78.2740: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000fd26c0
21913f78.2740: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C153C1EEAC2C5A257F8D6DAC54A4EBBA9125F07E
21923f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
21933f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\System32\crypt32.dll'
21943f78.2740: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecore~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll'
21953f78.2740: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21963f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21973f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
21983f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
21993f78.2740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
22003f78.2740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
22013f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
22023f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
22033f78.2740: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b20 pwszName=\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
22043f78.2740: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000fd26c0
22053f78.2740: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000fd26c0
22063f78.2740: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5C2FDDA9E0EDB4F1E87D406924BA16734871BCEF
22073f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
22083f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
22093f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22103f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\System32\crypt32.dll'
22113f78.2740: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecore~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll'
22123f78.2740: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
22133f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22143f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'bcrypt.dll'.
22153f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'ws2_32.dll'.
22163f78.2740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll) WinVerifyTrust
22173f78.2740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
22183f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
22193f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
22203f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
22213f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22223f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22233f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
22243f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
22253f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
22263f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
22273f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
22283f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
22293f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22303f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22313f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
22323f78.2740: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
22333f78.2740: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
22343f78.2740: supR3HardenedDllNotificationCallback: load 00007ffc154f0000 LB 0x00082000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [fFlags=0x0]
22353f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
22363f78.2740: supR3HardenedDllNotificationCallback: load 00007ffc14900000 LB 0x00010000 C:\WINDOWS\system32\wbem\wbemprox.dll [fFlags=0x0]
22373f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
22383f78.2740: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(API-MS-Win-Core-LocalRegistry-L1-1-0.dll) -> 0x0, fPresent=1
22393f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
22403f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b860000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
22413f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc14900000 'C:\WINDOWS\system32\wbem\wbemprox.dll'
22423f78.2740: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b68 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
22433f78.2740: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000fd26c0
22443f78.2740: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000fd26c0
22453f78.2740: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=559C24F928E5CCE94C1894759931445FEFCE69FF
22463f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
22473f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\System32\crypt32.dll'
22483f78.2740: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecore~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll'
22493f78.2740: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
22503f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22513f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
22523f78.2740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
22533f78.2740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
22543f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
22553f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
22563f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22573f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22583f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
22593f78.2740: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
22603f78.2740: supR3HardenedDllNotificationCallback: load 00007ffc15040000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [fFlags=0x0]
22613f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
22623f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc15040000 'C:\WINDOWS\system32\wbem\wbemsvc.dll'
22633f78.2740: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-0.dll) -> 0x0, fPresent=1
22643f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
22653f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b860000 'api-ms-win-core-localization-l1-2-0.dll'
22663f78.2740: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-1-0.dll) -> 0x0, fPresent=1
22673f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
22683f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b860000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
22693f78.2740: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000afc pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
22703f78.2740: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000fd26c0
22713f78.2740: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000fd26c0
22723f78.2740: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3FF6EDA0EE7AAFEFF666CD9B9BCCFAF342DB5470
22733f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
22743f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\System32\crypt32.dll'
22753f78.2740: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecore~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll'
22763f78.2740: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
22773f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22783f78.2740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
22793f78.2740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
22803f78.2740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
22813f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
22823f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
22833f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
22843f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22853f78.2740: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22863f78.2740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
22873f78.2740: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
22883f78.2740: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
22893f78.2740: supR3HardenedDllNotificationCallback: load 00007ffc13970000 LB 0x000f0000 C:\WINDOWS\system32\wbem\fastprox.dll [fFlags=0x0]
22903f78.2740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
22913f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc13970000 'C:\WINDOWS\system32\wbem\fastprox.dll'
22923f78.3ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
22933f78.3ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
22943f78.3ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
22953f78.3ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
22963f78.3ae0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
22973f78.3ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
22983f78.3ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
22993f78.3ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
23003f78.3ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
23013f78.3ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
23023f78.3ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
23033f78.3ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
23043f78.3ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
23053f78.3ae0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
23063f78.3ae0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
23073f78.3ae0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll
23083f78.3ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
23093f78.3ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
23103f78.3ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23113f78.3ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23123f78.3ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
23133f78.3ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
23143f78.3ae0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
23153f78.3ae0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
23163f78.3ae0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
23173f78.3ae0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23183f78.3ae0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
23193f78.3ae0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll
23203f78.3ae0: supR3HardenedDllNotificationCallback: load 0000000057b30000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
23213f78.3ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll
23223f78.3ae0: supR3HardenedDllNotificationCallback: load 00007ffbcd810000 LB 0x002c7000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
23233f78.3ae0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
23243f78.3ae0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcd810000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
23253f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
23263f78.338c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
23273f78.338c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
23283f78.338c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
23293f78.338c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
23303f78.338c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
23313f78.338c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
23323f78.338c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
23333f78.338c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
23343f78.338c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
23353f78.338c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
23363f78.338c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
23373f78.338c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
23383f78.338c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
23393f78.338c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
23403f78.338c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
23413f78.338c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
23423f78.338c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23433f78.338c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
23443f78.338c: supR3HardenedDllNotificationCallback: load 00007ffc197d0000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
23453f78.338c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
23463f78.338c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc197d0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
23473f78.338c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1c510000 'C:\WINDOWS\system32\User32.dll'
23483f78.1440: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
23493f78.1440: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
23503f78.1440: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
23513f78.1440: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
23523f78.1440: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
23533f78.1440: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
23543f78.1440: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
23553f78.1440: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
23563f78.1440: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
23573f78.1440: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
23583f78.1440: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
23593f78.1440: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
23603f78.1440: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
23613f78.1440: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23623f78.1440: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
23633f78.1440: supR3HardenedDllNotificationCallback: load 00007ffc196d0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
23643f78.1440: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
23653f78.1440: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc196d0000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
23663f78.3120: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
23673f78.3120: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
23683f78.3120: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
23693f78.3120: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
23703f78.3120: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
23713f78.3120: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
23723f78.3120: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
23733f78.3120: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
23743f78.3120: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
23753f78.3120: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
23763f78.3120: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
23773f78.3120: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
23783f78.3120: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
23793f78.3120: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23803f78.3120: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
23813f78.3120: supR3HardenedDllNotificationCallback: load 00007ffc17900000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
23823f78.3120: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
23833f78.3120: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc17900000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
23843f78.4990: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
23853f78.4990: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
23863f78.4990: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
23873f78.4990: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
23883f78.4990: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
23893f78.4990: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
23903f78.4990: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
23913f78.4990: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
23923f78.4990: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
23933f78.4990: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
23943f78.4990: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
23953f78.4990: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
23963f78.4990: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23973f78.4990: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
23983f78.4990: supR3HardenedDllNotificationCallback: load 00007ffc12d40000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
23993f78.4990: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
24003f78.4990: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc12d40000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
24013f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1cea0000 'C:\WINDOWS\system32\Shell32.dll'
24023f78.2d18: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
24033f78.2d18: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24043f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcd810000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
24053f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
24063f78.2d18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
24073f78.2d18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
24083f78.2d18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
24093f78.2d18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
24103f78.2d18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
24113f78.2d18: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll) WinVerifyTrust
24123f78.2d18: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
24133f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
24143f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
24153f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
24163f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
24173f78.2d18: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
24183f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
24193f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
24203f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
24213f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
24223f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24233f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
24243f78.2d18: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24253f78.2d18: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
24263f78.2d18: supR3HardenedDllNotificationCallback: load 00007ffc0fb10000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
24273f78.2d18: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
24283f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc0fb10000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
24293f78.2d18: supR3HardenedDllNotificationCallback: Unload 00007ffc0fb10000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
24303f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
24313f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
24323f78.2d18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
24333f78.2d18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
24343f78.2d18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
24353f78.2d18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
24363f78.2d18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
24373f78.2d18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
24383f78.2d18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
24393f78.2d18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
24403f78.2d18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
24413f78.2d18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
24423f78.2d18: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
24433f78.2d18: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
24443f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
24453f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
24463f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
24473f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\System32\crypt32.dll'
24483f78.2d18: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
24493f78.2d18: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
24503f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
24513f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
24523f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
24533f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
24543f78.2d18: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
24553f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
24563f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
24573f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
24583f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\System32\crypt32.dll'
24593f78.2d18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24603f78.2d18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
24613f78.2d18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'cfgmgr32.dll'.
24623f78.2d18: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\setupapi.dll) WinVerifyTrust
24633f78.2d18: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\setupapi.dll
24643f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
24653f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
24663f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
24673f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
24683f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
24693f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
24703f78.2d18: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust]
24713f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
24723f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
24733f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24743f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24753f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
24763f78.2d18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
24773f78.2d18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
24783f78.2d18: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
24793f78.2d18: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
24803f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
24813f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
24823f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
24833f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
24843f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24853f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
24863f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
24873f78.2d18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
24883f78.2d18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
24893f78.2d18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
24903f78.2d18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
24913f78.2d18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
24923f78.2d18: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
24933f78.2d18: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
24943f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
24953f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
24963f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
24973f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
24983f78.2d18: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
24993f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
25003f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
25013f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
25023f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
25033f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
25043f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
25053f78.2d18: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
25063f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
25073f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
25083f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
25093f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
25103f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
25113f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
25123f78.2d18: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25133f78.2d18: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
25143f78.2d18: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
25153f78.2d18: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
25163f78.2d18: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
25173f78.2d18: supR3HardenedDllNotificationCallback: load 00007ffc1c720000 LB 0x0043b000 C:\WINDOWS\System32\SETUPAPI.dll [fFlags=0x0]
25183f78.2d18: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
25193f78.2d18: supR3HardenedDllNotificationCallback: load 00007ffc0e7c0000 LB 0x00063000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
25203f78.2d18: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
25213f78.2d18: supR3HardenedDllNotificationCallback: load 00007ffc0fb00000 LB 0x0005d000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
25223f78.2d18: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
25233f78.2d18: supR3HardenedDllNotificationCallback: load 00007ffc1a790000 LB 0x00037000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
25243f78.2d18: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
25253f78.2d18: supR3HardenedDllNotificationCallback: load 00007ffbcbd80000 LB 0x009bf000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
25263f78.2d18: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
25273f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcbd80000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
25283f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
25293f78.2d18: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
25303f78.2d18: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25313f78.2d18: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
25323f78.2d18: supR3HardenedDllNotificationCallback: load 00007ffc0ed00000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
25333f78.2d18: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
25343f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc0ed00000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
25353f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
25363f78.2d18: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
25373f78.2d18: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25383f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcdae0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
25393f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
25403f78.2d18: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
25413f78.2d18: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25423f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc0fb00000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
25433f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
25443f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
25453f78.2d18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
25463f78.2d18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
25473f78.2d18: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll) WinVerifyTrust
25483f78.2d18: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
25493f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
25503f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
25513f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
25523f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
25533f78.2d18: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25543f78.2d18: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
25553f78.2d18: supR3HardenedDllNotificationCallback: load 00007ffc0fdc0000 LB 0x0001f000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [fFlags=0x0]
25563f78.2d18: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
25573f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc0fdc0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL'
25583f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
25593f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
25603f78.2d18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
25613f78.2d18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
25623f78.2d18: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll) WinVerifyTrust
25633f78.2d18: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
25643f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
25653f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
25663f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
25673f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
25683f78.2d18: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25693f78.2d18: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
25703f78.2d18: supR3HardenedDllNotificationCallback: load 00007ffc0fda0000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL [fFlags=0x0]
25713f78.2d18: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
25723f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc0fda0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL'
25733f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
25743f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
25753f78.2d18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
25763f78.2d18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
25773f78.2d18: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll) WinVerifyTrust
25783f78.2d18: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
25793f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
25803f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
25813f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
25823f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
25833f78.2d18: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25843f78.2d18: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
25853f78.2d18: supR3HardenedDllNotificationCallback: load 00007ffc0fc40000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [fFlags=0x0]
25863f78.2d18: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
25873f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc0fc40000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL'
25883f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
25893f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
25903f78.2d18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
25913f78.2d18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
25923f78.2d18: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll) WinVerifyTrust
25933f78.2d18: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
25943f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
25953f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
25963f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
25973f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
25983f78.2d18: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25993f78.2d18: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
26003f78.2d18: supR3HardenedDllNotificationCallback: load 00007ffc0fae0000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [fFlags=0x0]
26013f78.2d18: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
26023f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc0fae0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL'
26033f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
26043f78.1ce8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
26053f78.1ce8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
26063f78.1ce8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
26073f78.1ce8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
26083f78.1ce8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
26093f78.1ce8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
26103f78.1ce8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
26113f78.1ce8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
26123f78.1ce8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
26133f78.1ce8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
26143f78.1ce8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
26153f78.1ce8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
26163f78.1ce8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
26173f78.1ce8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26183f78.1ce8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
26193f78.1ce8: supR3HardenedDllNotificationCallback: load 00007ffc12c90000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
26203f78.1ce8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
26213f78.1ce8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc12c90000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
26223f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
26233f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
26243f78.2d18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
26253f78.2d18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
26263f78.2d18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
26273f78.2d18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
26283f78.2d18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
26293f78.2d18: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll) WinVerifyTrust
26303f78.2d18: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
26313f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
26323f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
26333f78.2d18: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
26343f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
26353f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
26363f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
26373f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
26383f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
26393f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
26403f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
26413f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
26423f78.2d18: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26433f78.2d18: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
26443f78.2d18: supR3HardenedDllNotificationCallback: load 00007ffc0c2e0000 LB 0x000e5000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL [fFlags=0x0]
26453f78.2d18: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
26463f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc0c2e0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL'
26473f78.2d18: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
26483f78.2d18: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26493f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a790000 'C:\WINDOWS\system32\Iphlpapi.dll'
26503f78.2d18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
26513f78.2d18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'nsi.dll'.
26523f78.2d18: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winnsi.dll)
26533f78.2d18: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winnsi.dll
26543f78.2d18: supR3HardenedDllNotificationCallback: load 00007ffc1c3f0000 LB 0x00008000 C:\WINDOWS\System32\NSI.dll [fFlags=0x0]
26553f78.2d18: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\nsi.dll)
26563f78.2d18: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\nsi.dll
26573f78.2d18: supR3HardenedDllNotificationCallback: load 00007ffc19020000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\WINNSI.DLL [fFlags=0x0]
26583f78.2d18: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winnsi.dll [avoiding WinVerifyTrust]
26593f78.2d18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
26603f78.2d18: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll)
26613f78.2d18: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll
26623f78.2d18: supR3HardenedDllNotificationCallback: load 00007ffc173c0000 LB 0x00016000 C:\WINDOWS\SYSTEM32\dhcpcsvc6.DLL [fFlags=0x0]
26633f78.2d18: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll [avoiding WinVerifyTrust]
26643f78.2d18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
26653f78.2d18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
26663f78.2d18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'nsi.dll'.
26673f78.2d18: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll)
26683f78.2d18: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll
26693f78.2d18: supR3HardenedDllNotificationCallback: load 00007ffc171e0000 LB 0x0001a000 C:\WINDOWS\SYSTEM32\dhcpcsvc.DLL [fFlags=0x0]
26703f78.2d18: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll [avoiding WinVerifyTrust]
26713f78.2d18: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f8c pwszName=\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll
26723f78.2d18: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000fd26c0
26733f78.2d18: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000fd26c0
26743f78.2d18: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DD77C0B8420B1E0725E0BAACB8F1F2821C7C9053
26753f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
26763f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
26773f78.2d18: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll [lacks WinVerifyTrust]
26783f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
26793f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
26803f78.2d18: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
26813f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
26823f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
26833f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
26843f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
26853f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
26863f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
26873f78.2d18: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll [lacks WinVerifyTrust]
26883f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
26893f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
26903f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
26913f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\System32\crypt32.dll'
26923f78.2d18: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-CoreSystem-minio-Package~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll'
26933f78.2d18: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
26943f78.2d18: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll'
26953f78.2d18: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f80 pwszName=\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll
26963f78.2d18: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000fd26c0
26973f78.2d18: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000fd26c0
26983f78.2d18: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0462C999B5398941A444B13399F1AFCF2D9BD7ED
26993f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
27003f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\System32\crypt32.dll'
27013f78.2d18: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-CoreSystem-minio-Package~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll'
27023f78.2d18: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
27033f78.2d18: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll'
27043f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
27053f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\System32\crypt32.dll'
27063f78.2d18: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\nsi.dll'
27073f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
27083f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\System32\crypt32.dll'
27093f78.2d18: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\winnsi.dll'
27103f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
27113f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\System32\crypt32.dll'
27123f78.2d18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27133f78.2d18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
27143f78.2d18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'devobj.dll'.
27153f78.2d18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'propsys.dll'.
27163f78.2d18: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll) WinVerifyTrust
27173f78.2d18: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
27183f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
27193f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume3\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
27203f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
27213f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\System32\crypt32.dll'
27223f78.2d18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27233f78.2d18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
27243f78.2d18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
27253f78.2d18: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\propsys.dll) WinVerifyTrust
27263f78.2d18: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\propsys.dll
27273f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
27283f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume3\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
27293f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
27303f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
27313f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
27323f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
27333f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27343f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27353f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
27363f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\System32\crypt32.dll'
27373f78.2d18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'cfgmgr32.dll'.
27383f78.2d18: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\devobj.dll) WinVerifyTrust
27393f78.2d18: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\devobj.dll
27403f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
27413f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
27423f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27433f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27443f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
27453f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
27463f78.2d18: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll [redoing WinVerifyTrust]
27473f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
27483f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\System32\crypt32.dll'
27493f78.2d18: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'
27503f78.2d18: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
27513f78.2d18: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
27523f78.2d18: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devobj.dll
27533f78.2d18: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\propsys.dll
27543f78.2d18: supR3HardenedDllNotificationCallback: load 00007ffc19d40000 LB 0x00028000 C:\WINDOWS\System32\DEVOBJ.dll [fFlags=0x0]
27553f78.2d18: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devobj.dll
27563f78.2d18: supR3HardenedDllNotificationCallback: load 00007ffc17220000 LB 0x00196000 C:\WINDOWS\System32\PROPSYS.dll [fFlags=0x0]
27573f78.2d18: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\propsys.dll
27583f78.2d18: supR3HardenedDllNotificationCallback: load 00007ffc11030000 LB 0x00067000 C:\WINDOWS\System32\MMDevApi.dll [fFlags=0x0]
27593f78.2d18: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
27603f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11030000 'C:\WINDOWS\System32\MMDevApi.dll'
27613f78.2d18: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000101c pwszName=\Device\HarddiskVolume3\Windows\System32\dsound.dll
27623f78.2d18: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000fd26c0
27633f78.2d18: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000fd26c0
27643f78.2d18: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BAF92974128C211D90A77B3D2A8F3BAD364910A5
27653f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
27663f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\System32\crypt32.dll'
27673f78.2d18: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-multimedia~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\dsound.dll'
27683f78.2d18: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
27693f78.2d18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27703f78.2d18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'winmm.dll'.
27713f78.2d18: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dsound.dll) WinVerifyTrust
27723f78.2d18: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dsound.dll
27733f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
27743f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
27753f78.2d18: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
27763f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27773f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27783f78.2d18: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
27793f78.2d18: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
27803f78.2d18: supR3HardenedDllNotificationCallback: load 00007ffbf2660000 LB 0x0008c000 C:\WINDOWS\System32\dsound.dll [fFlags=0x0]
27813f78.2d18: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
27823f78.2d18: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
27833f78.2d18: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
27843f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf2660000 'C:\WINDOWS\System32\dsound.dll'
27853f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf2660000 'C:\WINDOWS\System32\dsound.dll'
27863f78.2d18: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
27873f78.2d18: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27883f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf2660000 'C:\WINDOWS\system32\dsound.dll'
27893f78.2d18: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
27903f78.2d18: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27913f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11030000 'C:\WINDOWS\System32\MMDEVAPI.DLL'
27923f78.2d18: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
27933f78.2d18: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
27943f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc18d20000 'C:\WINDOWS\System32\winmm.dll'
27953f78.2d18: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001040 pwszName=\Device\HarddiskVolume3\Windows\System32\wdmaud.drv
27963f78.2d18: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000fd26c0
27973f78.2d18: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000fd26c0
27983f78.2d18: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=70FC7883505DC83E14C72C8984C7562A04A6C6F0
27993f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
28003f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\System32\crypt32.dll'
28013f78.2d18: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1835_for_KB4041676~31bf3856ad364e35~amd64~~10.0.1.8.cat'; file='\Device\HarddiskVolume3\Windows\System32\wdmaud.drv'
28023f78.2d18: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
28033f78.2d18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28043f78.2d18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'mmdevapi.dll'.
28053f78.2d18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'ksuser.dll'.
28063f78.2d18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'avrt.dll'.
28073f78.2d18: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wdmaud.drv) WinVerifyTrust
28083f78.2d18: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
28093f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
28103f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
28113f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
28123f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\System32\crypt32.dll'
28133f78.2d18: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\avrt.dll) WinVerifyTrust
28143f78.2d18: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\avrt.dll
28153f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
28163f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume3\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
28173f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
28183f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\System32\crypt32.dll'
28193f78.2d18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28203f78.2d18: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ksuser.dll) WinVerifyTrust
28213f78.2d18: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ksuser.dll
28223f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
28233f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
28243f78.2d18: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
28253f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28263f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28273f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28283f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28293f78.2d18: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
28303f78.2d18: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
28313f78.2d18: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ksuser.dll
28323f78.2d18: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\avrt.dll
28333f78.2d18: supR3HardenedDllNotificationCallback: load 00007ffc08150000 LB 0x00009000 C:\WINDOWS\SYSTEM32\ksuser.dll [fFlags=0x0]
28343f78.2d18: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ksuser.dll
28353f78.2d18: supR3HardenedDllNotificationCallback: load 00007ffc16940000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\AVRT.dll [fFlags=0x0]
28363f78.2d18: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\avrt.dll
28373f78.2d18: supR3HardenedDllNotificationCallback: load 00007ffc08160000 LB 0x00041000 C:\WINDOWS\System32\wdmaud.drv [fFlags=0x0]
28383f78.2d18: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
28393f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc08160000 'C:\WINDOWS\System32\wdmaud.drv'
28403f78.2d18: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
28413f78.2d18: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
28423f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc08160000 'C:\WINDOWS\System32\wdmaud.drv'
28433f78.2d18: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
28443f78.2d18: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
28453f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc08160000 'C:\WINDOWS\System32\wdmaud.drv'
28463f78.2d18: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
28473f78.2d18: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
28483f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc08160000 'C:\WINDOWS\System32\wdmaud.drv'
28493f78.2d18: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
28503f78.2d18: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
28513f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc08160000 'C:\WINDOWS\System32\wdmaud.drv'
28523f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
28533f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\System32\crypt32.dll'
28543f78.2d18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
28553f78.2d18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
28563f78.2d18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'.
28573f78.2d18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #47 'mmdevapi.dll'.
28583f78.2d18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #48 'avrt.dll'.
28593f78.2d18: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\AudioSes.dll) WinVerifyTrust
28603f78.2d18: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\AudioSes.dll
28613f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
28623f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
28633f78.2d18: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\avrt.dll
28643f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
28653f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
28663f78.2d18: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
28673f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
28683f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
28693f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
28703f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
28713f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
28723f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
28733f78.2d18: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
28743f78.2d18: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28753f78.2d18: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\AudioSes.dll
28763f78.2d18: supR3HardenedDllNotificationCallback: load 00007ffc10d70000 LB 0x00105000 C:\WINDOWS\System32\AUDIOSES.DLL [fFlags=0x0]
28773f78.2d18: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\AudioSes.dll
28783f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc10d70000 'C:\WINDOWS\System32\AUDIOSES.DLL'
28793f78.2d18: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f90 pwszName=\Device\HarddiskVolume3\Windows\System32\msacm32.drv
28803f78.2d18: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000fd26c0
28813f78.2d18: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000fd26c0
28823f78.2d18: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=244FFD3779BB26E481FDDE1BCB7D66CB70669BE2
28833f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
28843f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\System32\crypt32.dll'
28853f78.2d18: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-multimedia~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\msacm32.drv'
28863f78.2d18: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
28873f78.2d18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28883f78.2d18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'mmdevapi.dll'.
28893f78.2d18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msacm32.dll'.
28903f78.2d18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'winmmbase.dll'.
28913f78.2d18: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msacm32.drv) WinVerifyTrust
28923f78.2d18: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msacm32.drv
28933f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
28943f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
28953f78.2d18: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmmbase.dll [redoing WinVerifyTrust]
28963f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
28973f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\System32\crypt32.dll'
28983f78.2d18: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'
28993f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
29003f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
29013f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
29023f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\System32\crypt32.dll'
29033f78.2d18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29043f78.2d18: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msacm32.dll) WinVerifyTrust
29053f78.2d18: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msacm32.dll
29063f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
29073f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
29083f78.2d18: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
29093f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29103f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29113f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29123f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29133f78.2d18: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
29143f78.2d18: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
29153f78.2d18: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.dll
29163f78.2d18: supR3HardenedDllNotificationCallback: load 00007ffc05330000 LB 0x0001c000 C:\WINDOWS\SYSTEM32\MSACM32.dll [fFlags=0x0]
29173f78.2d18: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.dll
29183f78.2d18: supR3HardenedDllNotificationCallback: load 00007ffc08140000 LB 0x0000d000 C:\WINDOWS\System32\msacm32.drv [fFlags=0x0]
29193f78.2d18: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
29203f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc08140000 'C:\WINDOWS\System32\msacm32.drv'
29213f78.2d18: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
29223f78.2d18: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
29233f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc08140000 'C:\WINDOWS\System32\msacm32.drv'
29243f78.2d18: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
29253f78.2d18: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
29263f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc08140000 'C:\WINDOWS\System32\msacm32.drv'
29273f78.2d18: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
29283f78.2d18: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
29293f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc08140000 'C:\WINDOWS\System32\msacm32.drv'
29303f78.2d18: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
29313f78.2d18: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
29323f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc08140000 'C:\WINDOWS\System32\msacm32.drv'
29333f78.2d18: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
29343f78.2d18: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
29353f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc08140000 'C:\WINDOWS\System32\msacm32.drv'
29363f78.2d18: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
29373f78.2d18: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
29383f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc08140000 'C:\WINDOWS\System32\msacm32.drv'
29393f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc08140000 'C:\WINDOWS\System32\msacm32.drv'
29403f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc08140000 'C:\WINDOWS\System32\msacm32.drv'
29413f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc08140000 'C:\WINDOWS\System32\msacm32.drv'
29423f78.2d18: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000010b0 pwszName=\Device\HarddiskVolume3\Windows\System32\midimap.dll
29433f78.2d18: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000fd26c0
29443f78.2d18: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000fd26c0
29453f78.2d18: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B59112F98815E2A8A155F681ED15AB1991951589
29463f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
29473f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\System32\crypt32.dll'
29483f78.2d18: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-multimedia~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\midimap.dll'
29493f78.2d18: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
29503f78.2d18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29513f78.2d18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'winmm.dll'.
29523f78.2d18: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\midimap.dll) WinVerifyTrust
29533f78.2d18: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\midimap.dll
29543f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
29553f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
29563f78.2d18: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
29573f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29583f78.2d18: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29593f78.2d18: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
29603f78.2d18: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
29613f78.2d18: supR3HardenedDllNotificationCallback: load 00007ffc08130000 LB 0x0000a000 C:\WINDOWS\System32\midimap.dll [fFlags=0x0]
29623f78.2d18: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
29633f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc08130000 'C:\WINDOWS\System32\midimap.dll'
29643f78.2d18: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
29653f78.2d18: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
29663f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc08130000 'C:\WINDOWS\System32\midimap.dll'
29673f78.2d18: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
29683f78.2d18: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
29693f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc08130000 'C:\WINDOWS\System32\midimap.dll'
29703f78.2d18: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
29713f78.2d18: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
29723f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc08130000 'C:\WINDOWS\System32\midimap.dll'
29733f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc18d20000 'C:\WINDOWS\System32\winmm.dll'
29743f78.2d18: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
29753f78.2d18: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29763f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf2660000 'C:\WINDOWS\system32\dsound.dll'
29773f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc18d20000 'C:\WINDOWS\System32\winmm.dll'
29783f78.2d18: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
29793f78.2d18: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29803f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf2660000 'C:\WINDOWS\system32\dsound.dll'
29813f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc18d20000 'C:\WINDOWS\System32\winmm.dll'
29823f78.2d18: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
29833f78.2d18: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29843f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf2660000 'C:\WINDOWS\system32\dsound.dll'
29853f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc18d20000 'C:\WINDOWS\System32\winmm.dll'
29863f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc18d20000 'C:\WINDOWS\System32\winmm.dll'
29873f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc18d20000 'C:\WINDOWS\System32\winmm.dll'
29883f78.2d18: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
29893f78.2d18: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29903f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcd810000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
29913f78.2d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
29923f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1cea0000 'C:\WINDOWS\system32\shell32.dll'
29933f78.2740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1cea0000 'C:\WINDOWS\system32\shell32.dll'
29943f78.3818: '\Device\HarddiskVolume3\Windows\System32\tzres.dll' has no imports
29953f78.3818: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\tzres.dll)
29963f78.3818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\tzres.dll
29973f78.3818: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 000000000000133c (hFile=0000000000001340) with 0xc0000022 -> STATUS_TRUST_FAILURE
29983f78.3818: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\tzres.dll [avoiding WinVerifyTrust]
29993f78.3818: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000001340 (hFile=000000000000133c) with 0xc0000022 -> STATUS_TRUST_FAILURE
30003f78.3818: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001338 pwszName=\Device\HarddiskVolume3\Windows\System32\tzres.dll
30013f78.3818: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000fd26c0
30023f78.3818: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000fd26c0
30033f78.3818: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8867A3D506FE23E5881B28A9F704179D1A9B603A
30043f78.3818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
30053f78.3818: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30063f78.3818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
30073f78.3818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\System32\crypt32.dll'
30083f78.3818: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1426_for_KB4041676~31bf3856ad364e35~amd64~~10.0.1.8.cat'; file='\Device\HarddiskVolume3\Windows\System32\tzres.dll'
30093f78.3818: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
30103f78.3818: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\tzres.dll'
30113f78.3818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a620000 'C:\WINDOWS\system32\rsaenh.dll'
30123f78.3818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1b590000 'C:\WINDOWS\System32\crypt32.dll'
30133f78.3818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'ws2_32.dll'.
30143f78.3818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'rpcrt4.dll'.
30153f78.3818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\mswsock.dll) WinVerifyTrust
30163f78.3818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\mswsock.dll
30173f78.3818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
30183f78.3818: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
30193f78.3818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
30203f78.3818: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
30213f78.3818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
30223f78.3818: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\mswsock.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30233f78.3818: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mswsock.dll
30243f78.3818: supR3HardenedDllNotificationCallback: load 00007ffc1a9f0000 LB 0x0005c000 C:\WINDOWS\system32\mswsock.dll [fFlags=0x0]
30253f78.3818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mswsock.dll
30263f78.3818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1a9f0000 'C:\WINDOWS\system32\mswsock.dll'
30273f78.1ce8: supR3HardenedDllNotificationCallback: Unload 00007ffc12c90000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [flags=0x0]
30283f78.4990: supR3HardenedDllNotificationCallback: Unload 00007ffc12d40000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [flags=0x0]
30293f78.3120: supR3HardenedDllNotificationCallback: Unload 00007ffc17900000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [flags=0x0]
30303f78.1440: supR3HardenedDllNotificationCallback: Unload 00007ffc196d0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [flags=0x0]
30313f78.338c: supR3HardenedDllNotificationCallback: Unload 00007ffc197d0000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [flags=0x0]
30323f78.2d18: supR3HardenedDllNotificationCallback: Unload 00007ffc0fae0000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [flags=0x0]
30333f78.2d18: supR3HardenedDllNotificationCallback: Unload 00007ffc0fc40000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [flags=0x0]
30343f78.2d18: supR3HardenedDllNotificationCallback: Unload 00007ffc0fda0000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL [flags=0x0]
30353f78.2d18: supR3HardenedDllNotificationCallback: Unload 00007ffc0fdc0000 LB 0x0001f000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [flags=0x0]
30363f78.2d18: supR3HardenedDllNotificationCallback: Unload 00007ffc0ed00000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
30373f78.2d18: supR3HardenedDllNotificationCallback: Unload 00007ffbcbd80000 LB 0x009bf000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [flags=0x0]
30383f78.2d18: supR3HardenedDllNotificationCallback: Unload 00007ffc0e7c0000 LB 0x00063000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [flags=0x0]
30393f78.2d18: supR3HardenedDllNotificationCallback: Unload 00007ffc0fb00000 LB 0x0005d000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [flags=0x0]
30403f78.2d18: supR3HardenedDllNotificationCallback: Unload 00007ffc1c720000 LB 0x0043b000 C:\WINDOWS\System32\SETUPAPI.dll [flags=0x0]
30413f78.2740: supR3HardenedDllNotificationCallback: Unload 00007ffc197e0000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL [flags=0x0]
30423f78.2740: Terminating the normal way: rcExit=0
30432308.1fb8: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 32002 ms, the end);
30443368.25c4: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 32438 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy