VirtualBox

Ticket #17904: VBoxHardening-Working.log

File VBoxHardening-Working.log, 365.2 KB (added by LhasaHelp, 6 years ago)

Hardening of working machine

Line 
12c64.2c10: Log file opened: 5.2.8r121009 g_hStartupLog=00000000000001c0 g_uNtVerCombined=0xa03fab00
22c64.2c10: \SystemRoot\System32\ntdll.dll:
32c64.2c10: CreationTime: 2017-09-29T13:41:43.343111100Z
42c64.2c10: LastWriteTime: 2017-09-29T13:41:43.358737200Z
52c64.2c10: ChangeTime: 2018-07-12T10:30:05.494279700Z
62c64.2c10: FileAttributes: 0x20
72c64.2c10: Size: 0x1dd100
82c64.2c10: NT Headers: 0xe0
92c64.2c10: Timestamp: 0x493793ea
102c64.2c10: Machine: 0x8664 - amd64
112c64.2c10: Timestamp: 0x493793ea
122c64.2c10: Image Version: 10.0
132c64.2c10: SizeOfImage: 0x1e0000 (1966080)
142c64.2c10: Resource Dir: 0x174000 LB 0x6a1d8
152c64.2c10: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
162c64.2c10: [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)]
172c64.2c10: ProductName: Microsoft® Windows® Operating System
182c64.2c10: ProductVersion: 10.0.16299.15
192c64.2c10: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
202c64.2c10: FileDescription: NT Layer DLL
212c64.2c10: \SystemRoot\System32\kernel32.dll:
222c64.2c10: CreationTime: 2017-09-29T13:42:04.954227600Z
232c64.2c10: LastWriteTime: 2017-09-29T13:42:04.954227600Z
242c64.2c10: ChangeTime: 2018-07-12T10:40:40.651114600Z
252c64.2c10: FileAttributes: 0x20
262c64.2c10: Size: 0xab868
272c64.2c10: NT Headers: 0xe8
282c64.2c10: Timestamp: 0xc2cf900
292c64.2c10: Machine: 0x8664 - amd64
302c64.2c10: Timestamp: 0xc2cf900
312c64.2c10: Image Version: 10.0
322c64.2c10: SizeOfImage: 0xae000 (712704)
332c64.2c10: Resource Dir: 0xac000 LB 0x520
342c64.2c10: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
352c64.2c10: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
362c64.2c10: ProductName: Microsoft® Windows® Operating System
372c64.2c10: ProductVersion: 10.0.16299.15
382c64.2c10: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
392c64.2c10: FileDescription: Windows NT BASE API Client DLL
402c64.2c10: \SystemRoot\System32\KernelBase.dll:
412c64.2c10: CreationTime: 2017-09-29T13:41:43.124345500Z
422c64.2c10: LastWriteTime: 2017-09-29T13:41:43.124345500Z
432c64.2c10: ChangeTime: 2018-07-12T10:40:40.841477200Z
442c64.2c10: FileAttributes: 0x20
452c64.2c10: Size: 0x266000
462c64.2c10: NT Headers: 0xf0
472c64.2c10: Timestamp: 0x4736733c
482c64.2c10: Machine: 0x8664 - amd64
492c64.2c10: Timestamp: 0x4736733c
502c64.2c10: Image Version: 10.0
512c64.2c10: SizeOfImage: 0x266000 (2514944)
522c64.2c10: Resource Dir: 0x245000 LB 0x548
532c64.2c10: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
542c64.2c10: [Raw version resource data: 0x2450b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
552c64.2c10: ProductName: Microsoft® Windows® Operating System
562c64.2c10: ProductVersion: 10.0.16299.15
572c64.2c10: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
582c64.2c10: FileDescription: Windows NT BASE API Client DLL
592c64.2c10: \SystemRoot\System32\apisetschema.dll:
602c64.2c10: CreationTime: 2017-09-29T13:42:07.095026600Z
612c64.2c10: LastWriteTime: 2017-09-29T13:42:07.095026600Z
622c64.2c10: ChangeTime: 2018-07-25T09:13:31.774798400Z
632c64.2c10: FileAttributes: 0x20
642c64.2c10: Size: 0x1b398
652c64.2c10: NT Headers: 0xc8
662c64.2c10: Timestamp: 0xf30abf31
672c64.2c10: Machine: 0x8664 - amd64
682c64.2c10: Timestamp: 0xf30abf31
692c64.2c10: Image Version: 10.0
702c64.2c10: SizeOfImage: 0x1c000 (114688)
712c64.2c10: Resource Dir: 0x1b000 LB 0x408
722c64.2c10: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
732c64.2c10: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
742c64.2c10: ProductName: Microsoft® Windows® Operating System
752c64.2c10: ProductVersion: 10.0.16299.15
762c64.2c10: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
772c64.2c10: FileDescription: ApiSet Schema DLL
782c64.2c10: NtOpenDirectoryObject failed on \Driver: 0xc0000022
792c64.2c10: supR3HardenedWinFindAdversaries: 0x20
802c64.2c10: \SystemRoot\System32\drivers\mfeavfk.sys:
812c64.2c10: CreationTime: 2018-07-12T10:46:36.741806000Z
822c64.2c10: LastWriteTime: 2018-07-12T10:56:21.599804700Z
832c64.2c10: ChangeTime: 2018-07-12T10:56:21.599804700Z
842c64.2c10: FileAttributes: 0x20
852c64.2c10: Size: 0x585a0
862c64.2c10: NT Headers: 0xe8
872c64.2c10: Timestamp: 0x5adeb689
882c64.2c10: Machine: 0x8664 - amd64
892c64.2c10: Timestamp: 0x5adeb689
902c64.2c10: Image Version: 0.0
912c64.2c10: SizeOfImage: 0x58000 (360448)
922c64.2c10: Resource Dir: 0x56000 LB 0x758
932c64.2c10: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
942c64.2c10: [Raw version resource data: 0x56110 LB 0x334, codepage 0x0 (reserved 0x0)]
952c64.2c10: ProductName: SYSCORE
962c64.2c10: ProductVersion: 18.5.0.131
972c64.2c10: FileVersion: SYSCORE.18.5.0.131
982c64.2c10: PrivateBuild: SYSCORE.18.5.0.131 F15,F16,F19
992c64.2c10: FileDescription: Anti-Virus File System Filter Driver
1002c64.2c10: \SystemRoot\System32\drivers\mfefirek.sys:
1012c64.2c10: CreationTime: 2018-07-12T10:46:36.788679500Z
1022c64.2c10: LastWriteTime: 2018-07-12T10:56:21.646463400Z
1032c64.2c10: ChangeTime: 2018-07-12T10:56:34.492432800Z
1042c64.2c10: FileAttributes: 0x20
1052c64.2c10: Size: 0x823a0
1062c64.2c10: NT Headers: 0xf0
1072c64.2c10: Timestamp: 0x5adeb72d
1082c64.2c10: Machine: 0x8664 - amd64
1092c64.2c10: Timestamp: 0x5adeb72d
1102c64.2c10: Image Version: 0.0
1112c64.2c10: SizeOfImage: 0x84000 (540672)
1122c64.2c10: Resource Dir: 0x80000 LB 0x388
1132c64.2c10: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1142c64.2c10: [Raw version resource data: 0x80060 LB 0x328, codepage 0x0 (reserved 0x0)]
1152c64.2c10: ProductName: SYSCORE
1162c64.2c10: ProductVersion: 18.5.0.131
1172c64.2c10: FileVersion: SYSCORE.18.5.0.131
1182c64.2c10: PrivateBuild: SYSCORE.18.5.0.131 F17,F18
1192c64.2c10: FileDescription: McAfee Core Firewall Engine Driver
1202c64.2c10: \SystemRoot\System32\drivers\mfehidk.sys:
1212c64.2c10: CreationTime: 2018-07-12T10:46:36.694918500Z
1222c64.2c10: LastWriteTime: 2018-07-12T10:56:21.553144900Z
1232c64.2c10: ChangeTime: 2018-07-12T10:56:21.553144900Z
1242c64.2c10: FileAttributes: 0x20
1252c64.2c10: Size: 0xe91a0
1262c64.2c10: NT Headers: 0x100
1272c64.2c10: Timestamp: 0x5adeb60f
1282c64.2c10: Machine: 0x8664 - amd64
1292c64.2c10: Timestamp: 0x5adeb60f
1302c64.2c10: Image Version: 0.0
1312c64.2c10: SizeOfImage: 0xf2000 (991232)
1322c64.2c10: Resource Dir: 0xee000 LB 0x758
1332c64.2c10: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
1342c64.2c10: [Raw version resource data: 0xee110 LB 0x320, codepage 0x0 (reserved 0x0)]
1352c64.2c10: ProductName: SYSCORE
1362c64.2c10: ProductVersion: 18.5.0.131
1372c64.2c10: FileVersion: SYSCORE.18.5.0.131
1382c64.2c10: PrivateBuild: SYSCORE.18.5.0.131 F14,F15,F16,F18,F20
1392c64.2c10: FileDescription: McAfee Link Driver
1402c64.2c10: \SystemRoot\System32\drivers\mfencbdc.sys:
1412c64.2c10: CreationTime: 2018-05-03T08:03:30.000000000Z
1422c64.2c10: LastWriteTime: 2018-05-03T08:03:30.000000000Z
1432c64.2c10: ChangeTime: 2018-07-12T11:02:39.900398000Z
1442c64.2c10: FileAttributes: 0x20
1452c64.2c10: Size: 0x86590
1462c64.2c10: NT Headers: 0xe0
1472c64.2c10: Timestamp: 0x5ae0c367
1482c64.2c10: Machine: 0x8664 - amd64
1492c64.2c10: Timestamp: 0x5ae0c367
1502c64.2c10: Image Version: 0.0
1512c64.2c10: SizeOfImage: 0x8a000 (565248)
1522c64.2c10: Resource Dir: 0x88000 LB 0x3e0
1532c64.2c10: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1542c64.2c10: [Raw version resource data: 0x88060 LB 0x380, codepage 0x0 (reserved 0x0)]
1552c64.2c10: ProductName: Anti-Malware Core
1562c64.2c10: ProductVersion: 18.5.0
1572c64.2c10: FileVersion: Anti-Malware Core.18.5.0.287.x64
1582c64.2c10: PrivateBuild: Anti-Malware Core.18.5.0.287.x64
1592c64.2c10: FileDescription: Event Driver
1602c64.2c10: \SystemRoot\System32\drivers\mfewfpk.sys:
1612c64.2c10: CreationTime: 2018-07-12T10:46:36.710551900Z
1622c64.2c10: LastWriteTime: 2018-07-12T10:56:21.553144900Z
1632c64.2c10: ChangeTime: 2018-07-12T10:56:34.160160500Z
1642c64.2c10: FileAttributes: 0x20
1652c64.2c10: Size: 0x3dba0
1662c64.2c10: NT Headers: 0x100
1672c64.2c10: Timestamp: 0x5adeb629
1682c64.2c10: Machine: 0x8664 - amd64
1692c64.2c10: Timestamp: 0x5adeb629
1702c64.2c10: Image Version: 0.0
1712c64.2c10: SizeOfImage: 0x59000 (364544)
1722c64.2c10: Resource Dir: 0x57000 LB 0x380
1732c64.2c10: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1742c64.2c10: [Raw version resource data: 0x57060 LB 0x320, codepage 0x0 (reserved 0x0)]
1752c64.2c10: ProductName: SYSCORE
1762c64.2c10: ProductVersion: 18.5.0.131
1772c64.2c10: FileVersion: SYSCORE.18.5.0.131
1782c64.2c10: PrivateBuild: SYSCORE.18.5.0.131 F17,F18
1792c64.2c10: FileDescription: Anti-Virus Mini-Firewall Driver
1802c64.2c10: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
1812c64.2c10: Calling main()
1822c64.2c10: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
1832c64.2c10: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
1842c64.2c10: SUPR3HardenedMain: Respawn #1
1852c64.2c10: System32: \Device\HarddiskVolume3\Windows\System32
1862c64.2c10: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
1872c64.2c10: KnownDllPath: C:\WINDOWS\System32
1882c64.2c10: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
1892c64.2c10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe)
1902c64.2c10: supR3HardNtEnableThreadCreation:
1912c64.2c10: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff9a36b91b0 pvNtTerminateThread=00007ff9a36e0890
1922c64.2c10: supR3HardenedWinDoReSpawn(1): New child 3cac.325c [kernel32].
1932c64.2c10: supR3HardNtChildGatherData: PebBaseAddress=0000000000ec6000 cbPeb=0x388
1942c64.2c10: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff9a3640000 uNtDllChildAddr=00007ff9a3640000
1952c64.2c10: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff9a36b91b0
1962c64.2c10: supR3HardenedWinSetupChildInit: Start child.
1972c64.2c10: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms.
1982c64.2c10: supR3HardNtChildPurify: Startup delay kludge #1/0: 520 ms, 59 sleeps
1992c64.2c10: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
2002c64.2c10: *0000000000000000-0000000000d0ffff 0x0001/0x0000 0x0000000
2012c64.2c10: *0000000000d10000-0000000000d2ffff 0x0004/0x0004 0x0020000
2022c64.2c10: *0000000000d30000-0000000000d48fff 0x0002/0x0002 0x0040000
2032c64.2c10: 0000000000d49000-0000000000d4ffff 0x0001/0x0000 0x0000000
2042c64.2c10: *0000000000d50000-0000000000d53fff 0x0002/0x0002 0x0040000
2052c64.2c10: 0000000000d54000-0000000000d5ffff 0x0001/0x0000 0x0000000
2062c64.2c10: *0000000000d60000-0000000000d60fff 0x0004/0x0004 0x0020000
2072c64.2c10: 0000000000d61000-0000000000dfffff 0x0001/0x0000 0x0000000
2082c64.2c10: *0000000000e00000-0000000000ec5fff 0x0000/0x0004 0x0020000
2092c64.2c10: 0000000000ec6000-0000000000ec8fff 0x0004/0x0004 0x0020000
2102c64.2c10: 0000000000ec9000-0000000000ffffff 0x0000/0x0004 0x0020000
2112c64.2c10: *0000000001000000-00000000010fafff 0x0000/0x0004 0x0020000
2122c64.2c10: 00000000010fb000-00000000010fdfff 0x0104/0x0004 0x0020000
2132c64.2c10: 00000000010fe000-00000000010fffff 0x0004/0x0004 0x0020000
2142c64.2c10: 0000000001100000-000000007ffdffff 0x0001/0x0000 0x0000000
2152c64.2c10: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
2162c64.2c10: *000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
2172c64.2c10: 000000007fff0000-00007ff7c63cffff 0x0001/0x0000 0x0000000
2182c64.2c10: *00007ff7c63d0000-00007ff7c63f2fff 0x0002/0x0002 0x0040000
2192c64.2c10: 00007ff7c63f3000-00007ff7c69effff 0x0001/0x0000 0x0000000
2202c64.2c10: *00007ff7c69f0000-00007ff7c69f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
2212c64.2c10: 00007ff7c69f1000-00007ff7c6a61fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
2222c64.2c10: 00007ff7c6a62000-00007ff7c6a62fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
2232c64.2c10: 00007ff7c6a63000-00007ff7c6aa8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
2242c64.2c10: 00007ff7c6aa9000-00007ff7c6aa9fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
2252c64.2c10: 00007ff7c6aaa000-00007ff7c6aaafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
2262c64.2c10: 00007ff7c6aab000-00007ff7c6aaffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
2272c64.2c10: 00007ff7c6ab0000-00007ff7c6ab0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
2282c64.2c10: 00007ff7c6ab1000-00007ff7c6ab1fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
2292c64.2c10: 00007ff7c6ab2000-00007ff7c6ab5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
2302c64.2c10: 00007ff7c6ab6000-00007ff7c6afdfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
2312c64.2c10: 00007ff7c6afe000-00007ff9a363ffff 0x0001/0x0000 0x0000000
2322c64.2c10: *00007ff9a3640000-00007ff9a3640fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2332c64.2c10: 00007ff9a3641000-00007ff9a3752fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2342c64.2c10: 00007ff9a3753000-00007ff9a3798fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2352c64.2c10: 00007ff9a3799000-00007ff9a379efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2362c64.2c10: 00007ff9a379f000-00007ff9a379ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2372c64.2c10: 00007ff9a37a0000-00007ff9a37a0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2382c64.2c10: 00007ff9a37a1000-00007ff9a37aefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2392c64.2c10: 00007ff9a37af000-00007ff9a37affff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2402c64.2c10: 00007ff9a37b0000-00007ff9a37b2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2412c64.2c10: 00007ff9a37b3000-00007ff9a381ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2422c64.2c10: 00007ff9a3820000-00007ffffffdffff 0x0001/0x0000 0x0000000
2432c64.2c10: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
2442c64.2c10: VirtualBox.exe: timestamp 0x5a942b95 (rc=VINF_SUCCESS)
2452c64.2c10: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
2462c64.2c10: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
2472c64.2c10: supR3HardNtChildPurify: Done after 545 ms and 0 fixes (loop #0).
2482c64.2c10: supR3HardNtEnableThreadCreation:
2493cac.325c: Log file opened: 5.2.8r121009 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa03fab00
2503cac.325c: supR3HardenedVmProcessInit: uNtDllAddr=00007ff9a3640000 g_uNtVerCombined=0xa03fab00
2513cac.325c: ntdll.dll: timestamp 0x493793ea (rc=VINF_SUCCESS)
2523cac.325c: New simple heap: #1 0000000001200000 LB 0x400000 (for 1966080 allocation)
2533cac.325c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
2543cac.325c: System32: \Device\HarddiskVolume3\Windows\System32
2553cac.325c: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
2563cac.325c: KnownDllPath: C:\WINDOWS\System32
2573cac.325c: supR3HardenedVmProcessInit: Opening vboxdrv stub...
2583cac.325c: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
2593cac.325c: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
2603cac.325c: Registered Dll notification callback with NTDLL.
2613cac.325c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
2623cac.325c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
2633cac.325c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
2643cac.325c: supR3HardenedDllNotificationCallback: load 00007ff99fcd0000 LB 0x00266000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
2653cac.325c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
2663cac.325c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
2673cac.325c: supR3HardenedDllNotificationCallback: load 00007ff9a0b10000 LB 0x000ae000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
2683cac.325c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
2693cac.325c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0b10000 'C:\WINDOWS\System32\KERNEL32.DLL'
2703cac.325c: supR3HardenedDllNotificationCallback: load 00007ff7c69f0000 LB 0x0010e000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
2713cac.325c: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
2723cac.325c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe)
2733cac.325c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
2743cac.325c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
2753cac.325c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
2763cac.325c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'dnsapi.dll'.
2773cac.325c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\QIPCAP64.dll)
2783cac.325c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\QIPCAP64.dll
2793cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dnsapi.dll'...
2803cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: 'dnsapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\dnsapi.dll' [rcNtRedir=0xc0150008]
2813cac.325c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'ws2_32.dll'.
2823cac.325c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'nsi.dll'.
2833cac.325c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dnsapi.dll)
2843cac.325c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dnsapi.dll
2853cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
2863cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
2873cac.325c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2883cac.325c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #73 'user32.dll'.
2893cac.325c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #75 'gdi32.dll'.
2903cac.325c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shell32.dll)
2913cac.325c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shell32.dll
2923cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2933cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2943cac.325c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2953cac.325c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.
2963cac.325c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
2973cac.325c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\advapi32.dll)
2983cac.325c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\advapi32.dll
2993cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3003cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3013cac.325c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll)
3023cac.325c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
3033cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
3043cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume3\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
3053cac.325c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
3063cac.325c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\sechost.dll)
3073cac.325c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sechost.dll
3083cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3093cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3103cac.325c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcrt.dll)
3113cac.325c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
3123cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
3133cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
3143cac.325c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32.dll)
3153cac.325c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32.dll
3163cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3173cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3183cac.325c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
3193cac.325c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
3203cac.325c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\user32.dll)
3213cac.325c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\user32.dll
3223cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3233cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3243cac.325c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
3253cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
3263cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
3273cac.325c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\nsi.dll)
3283cac.325c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\nsi.dll
3293cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
3303cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
3313cac.325c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
3323cac.325c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ws2_32.dll)
3333cac.325c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
3343cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3353cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3363cac.325c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
3373cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
3383cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
3393cac.325c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
3403cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
3413cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
3423cac.325c: '\Device\HarddiskVolume3\Windows\System32\win32u.dll' has no imports
3433cac.325c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\win32u.dll)
3443cac.325c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\win32u.dll
3453cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3463cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3473cac.325c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
3483cac.325c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\QIPCAP64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3493cac.325c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\QIPCAP64.dll [lacks WinVerifyTrust]
3503cac.325c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dnsapi.dll [lacks WinVerifyTrust]
3513cac.325c: supR3HardenedDllNotificationCallback: load 00007ff9a1fb0000 LB 0x0009d000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0]
3523cac.325c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
3533cac.325c: supR3HardenedDllNotificationCallback: load 00007ff9a0bc0000 LB 0x0011f000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
3543cac.325c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
3553cac.325c: supR3HardenedDllNotificationCallback: load 00007ff9a0d00000 LB 0x0005b000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
3563cac.325c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\sechost.dll [lacks WinVerifyTrust]
3573cac.325c: supR3HardenedDllNotificationCallback: load 00007ff9a1b30000 LB 0x000a1000 C:\WINDOWS\System32\ADVAPI32.dll [fFlags=0x0]
3583cac.325c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
3593cac.325c: supR3HardenedDllNotificationCallback: load 00007ff99ff40000 LB 0x000f6000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0]
3603cac.325c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ucrtbase.dll)
3613cac.325c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ucrtbase.dll
3623cac.325c: supR3HardenedDllNotificationCallback: load 00007ff99fc80000 LB 0x0004a000 C:\WINDOWS\System32\cfgmgr32.dll [fFlags=0x0]
3633cac.325c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll)
3643cac.325c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
3653cac.325c: supR3HardenedDllNotificationCallback: load 00007ff9a0040000 LB 0x00072000 C:\WINDOWS\System32\bcryptPrimitives.dll [fFlags=0x0]
3663cac.325c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll)
3673cac.325c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
3683cac.325c: supR3HardenedDllNotificationCallback: load 00007ff9a1ca0000 LB 0x00308000 C:\WINDOWS\System32\combase.dll [fFlags=0x0]
3693cac.325c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
3703cac.325c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'bcryptprimitives.dll'.
3713cac.325c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\combase.dll)
3723cac.325c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\combase.dll
3733cac.325c: supR3HardenedDllNotificationCallback: load 00007ff9a1bf0000 LB 0x000a6000 C:\WINDOWS\System32\shcore.dll [fFlags=0x0]
3743cac.325c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3753cac.325c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'rpcrt4.dll'.
3763cac.325c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'combase.dll'.
3773cac.325c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\SHCore.dll)
3783cac.325c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\SHCore.dll
3793cac.325c: supR3HardenedDllNotificationCallback: load 00007ff99fa40000 LB 0x0009b000 C:\WINDOWS\System32\msvcp_win.dll [fFlags=0x0]
3803cac.325c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll)
3813cac.325c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
3823cac.325c: supR3HardenedDllNotificationCallback: load 00007ff9a0870000 LB 0x00020000 C:\WINDOWS\System32\win32u.dll [fFlags=0x0]
3833cac.325c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
3843cac.325c: supR3HardenedDllNotificationCallback: load 00007ff9a1670000 LB 0x0018e000 C:\WINDOWS\System32\USER32.dll [fFlags=0x0]
3853cac.325c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
3863cac.325c: supR3HardenedDllNotificationCallback: load 00007ff99fae0000 LB 0x00191000 C:\WINDOWS\System32\gdi32full.dll [fFlags=0x0]
3873cac.325c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
3883cac.325c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'gdi32.dll'.
3893cac.325c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'user32.dll'.
3903cac.325c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'win32u.dll'.
3913cac.325c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32full.dll)
3923cac.325c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32full.dll
3933cac.325c: supR3HardenedDllNotificationCallback: load 00007ff9a3570000 LB 0x00028000 C:\WINDOWS\System32\GDI32.dll [fFlags=0x0]
3943cac.325c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
3953cac.325c: supR3HardenedDllNotificationCallback: load 00007ff9a11b0000 LB 0x00051000 C:\WINDOWS\System32\shlwapi.dll [fFlags=0x0]
3963cac.325c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
3973cac.325c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'gdi32.dll'.
3983cac.325c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #46 'user32.dll'.
3993cac.325c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shlwapi.dll)
4003cac.325c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
4013cac.325c: supR3HardenedDllNotificationCallback: load 00007ff99f9b0000 LB 0x00011000 C:\WINDOWS\System32\kernel.appcore.dll [fFlags=0x0]
4023cac.325c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'.
4033cac.325c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
4043cac.325c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll)
4053cac.325c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll
4063cac.325c: supR3HardenedDllNotificationCallback: load 00007ff99f9f0000 LB 0x0004c000 C:\WINDOWS\System32\powrprof.dll [fFlags=0x0]
4073cac.325c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
4083cac.325c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\powrprof.dll)
4093cac.325c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\powrprof.dll
4103cac.325c: supR3HardenedDllNotificationCallback: load 00007ff99f990000 LB 0x0001b000 C:\WINDOWS\System32\profapi.dll [fFlags=0x0]
4113cac.325c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\profapi.dll)
4123cac.325c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\profapi.dll
4133cac.325c: supR3HardenedDllNotificationCallback: load 00007ff9a00c0000 LB 0x00747000 C:\WINDOWS\System32\windows.storage.dll [fFlags=0x0]
4143cac.325c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
4153cac.325c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
4163cac.325c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #55 'combase.dll'.
4173cac.325c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #75 'profapi.dll'.
4183cac.325c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\windows.storage.dll)
4193cac.325c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\windows.storage.dll
4203cac.325c: supR3HardenedDllNotificationCallback: load 00007ff9a2120000 LB 0x01437000 C:\WINDOWS\System32\SHELL32.dll [fFlags=0x0]
4213cac.325c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [lacks WinVerifyTrust]
4223cac.325c: supR3HardenedDllNotificationCallback: load 00007ff9a35a0000 LB 0x0006c000 C:\WINDOWS\System32\WS2_32.dll [fFlags=0x0]
4233cac.325c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll [lacks WinVerifyTrust]
4243cac.325c: supR3HardenedDllNotificationCallback: load 00007ff9a1be0000 LB 0x00008000 C:\WINDOWS\System32\NSI.dll [fFlags=0x0]
4253cac.325c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll [lacks WinVerifyTrust]
4263cac.325c: supR3HardenedDllNotificationCallback: load 00007ff99ef90000 LB 0x000b6000 C:\WINDOWS\SYSTEM32\DNSAPI.dll [fFlags=0x0]
4273cac.325c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dnsapi.dll [lacks WinVerifyTrust]
4283cac.325c: supR3HardenedDllNotificationCallback: load 0000000068000000 LB 0x0005e000 C:\WINDOWS\System32\QIPCAP64.dll [fFlags=0x0]
4293cac.325c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\QIPCAP64.dll [lacks WinVerifyTrust]
4303cac.325c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
4313cac.325c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
4323cac.325c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99fcd0000 'api-ms-win-core-synch-l1-2-0'
4333cac.325c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
4343cac.325c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
4353cac.325c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99fcd0000 'api-ms-win-core-fibers-l1-1-1'
4363cac.325c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
4373cac.325c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
4383cac.325c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99fcd0000 'api-ms-win-core-fibers-l1-1-1'
4393cac.325c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
4403cac.325c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
4413cac.325c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99fcd0000 'api-ms-win-core-synch-l1-2-0'
4423cac.325c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
4433cac.325c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
4443cac.325c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99fcd0000 'api-ms-win-core-localization-l1-2-1'
4453cac.325c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
4463cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
4473cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
4483cac.325c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\profapi.dll [lacks WinVerifyTrust]
4493cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
4503cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
4513cac.325c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [lacks WinVerifyTrust]
4523cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
4533cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
4543cac.325c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
4553cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
4563cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
4573cac.325c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
4583cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
4593cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
4603cac.325c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
4613cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
4623cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
4633cac.325c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
4643cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
4653cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
4663cac.325c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
4673cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
4683cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
4693cac.325c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
4703cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
4713cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
4723cac.325c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
4733cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
4743cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
4753cac.325c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
4763cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
4773cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
4783cac.325c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
4793cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
4803cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
4813cac.325c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
4823cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
4833cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
4843cac.325c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
4853cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
4863cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
4873cac.325c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust]
4883cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
4893cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
4903cac.325c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [lacks WinVerifyTrust]
4913cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
4923cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
4933cac.325c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
4943cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
4953cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
4963cac.325c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
4973cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
4983cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
4993cac.325c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
5003cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
5013cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
5023cac.325c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
5033cac.325c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5043cac.325c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0b10000 'C:\WINDOWS\System32\kernel32.dll'
5053cac.325c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
5063cac.325c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5073cac.325c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99fcd0000 'api-ms-win-core-string-l1-1-0'
5083cac.325c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
5093cac.325c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5103cac.325c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99fcd0000 'api-ms-win-core-datetime-l1-1-1'
5113cac.325c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
5123cac.325c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5133cac.325c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99fcd0000 'api-ms-win-core-localization-obsolete-l1-2-0'
5143cac.325c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
5153cac.325c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'win32u.dll'.
5163cac.325c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\imm32.dll)
5173cac.325c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imm32.dll
5183cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
5193cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
5203cac.325c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
5213cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
5223cac.325c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
5233cac.325c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
5243cac.325c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
5253cac.325c: supR3HardenedDllNotificationCallback: load 00007ff9a18a0000 LB 0x0002d000 C:\WINDOWS\System32\IMM32.DLL [fFlags=0x0]
5263cac.325c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [lacks WinVerifyTrust]
5273cac.325c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a18a0000 'C:\WINDOWS\system32\IMM32.DLL'
5283cac.325c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL)
5293cac.325c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
5303cac.325c: supR3HardenedDllNotificationCallback: load 00007ff99ef50000 LB 0x00039000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
5313cac.325c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL [lacks WinVerifyTrust]
5323cac.325c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000068000000 'C:\WINDOWS\System32\QIPCAP64.dll'
5333cac.325c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff9a36b91b0 pvNtTerminateThread=00007ff9a36e0890
5342c64.2c10: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 913 ms.
5353cac.325c: \SystemRoot\System32\ntdll.dll:
5363cac.325c: CreationTime: 2017-09-29T13:41:43.343111100Z
5373cac.325c: LastWriteTime: 2017-09-29T13:41:43.358737200Z
5383cac.325c: ChangeTime: 2018-07-12T10:30:05.494279700Z
5393cac.325c: FileAttributes: 0x20
5403cac.325c: Size: 0x1dd100
5413cac.325c: NT Headers: 0xe0
5423cac.325c: Timestamp: 0x493793ea
5433cac.325c: Machine: 0x8664 - amd64
5443cac.325c: Timestamp: 0x493793ea
5453cac.325c: Image Version: 10.0
5463cac.325c: SizeOfImage: 0x1e0000 (1966080)
5473cac.325c: Resource Dir: 0x174000 LB 0x6a1d8
5483cac.325c: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
5493cac.325c: [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)]
5503cac.325c: ProductName: Microsoft® Windows® Operating System
5513cac.325c: ProductVersion: 10.0.16299.15
5523cac.325c: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
5533cac.325c: FileDescription: NT Layer DLL
5543cac.325c: \SystemRoot\System32\kernel32.dll:
5553cac.325c: CreationTime: 2017-09-29T13:42:04.954227600Z
5563cac.325c: LastWriteTime: 2017-09-29T13:42:04.954227600Z
5573cac.325c: ChangeTime: 2018-07-12T10:40:40.651114600Z
5583cac.325c: FileAttributes: 0x20
5593cac.325c: Size: 0xab868
5603cac.325c: NT Headers: 0xe8
5613cac.325c: Timestamp: 0xc2cf900
5623cac.325c: Machine: 0x8664 - amd64
5633cac.325c: Timestamp: 0xc2cf900
5643cac.325c: Image Version: 10.0
5653cac.325c: SizeOfImage: 0xae000 (712704)
5663cac.325c: Resource Dir: 0xac000 LB 0x520
5673cac.325c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
5683cac.325c: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
5693cac.325c: ProductName: Microsoft® Windows® Operating System
5703cac.325c: ProductVersion: 10.0.16299.15
5713cac.325c: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
5723cac.325c: FileDescription: Windows NT BASE API Client DLL
5733cac.325c: \SystemRoot\System32\KernelBase.dll:
5743cac.325c: CreationTime: 2017-09-29T13:41:43.124345500Z
5753cac.325c: LastWriteTime: 2017-09-29T13:41:43.124345500Z
5763cac.325c: ChangeTime: 2018-07-12T10:40:40.841477200Z
5773cac.325c: FileAttributes: 0x20
5783cac.325c: Size: 0x266000
5793cac.325c: NT Headers: 0xf0
5803cac.325c: Timestamp: 0x4736733c
5813cac.325c: Machine: 0x8664 - amd64
5823cac.325c: Timestamp: 0x4736733c
5833cac.325c: Image Version: 10.0
5843cac.325c: SizeOfImage: 0x266000 (2514944)
5853cac.325c: Resource Dir: 0x245000 LB 0x548
5863cac.325c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
5873cac.325c: [Raw version resource data: 0x2450b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
5883cac.325c: ProductName: Microsoft® Windows® Operating System
5893cac.325c: ProductVersion: 10.0.16299.15
5903cac.325c: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
5913cac.325c: FileDescription: Windows NT BASE API Client DLL
5923cac.325c: \SystemRoot\System32\apisetschema.dll:
5933cac.325c: CreationTime: 2017-09-29T13:42:07.095026600Z
5943cac.325c: LastWriteTime: 2017-09-29T13:42:07.095026600Z
5953cac.325c: ChangeTime: 2018-07-25T09:13:31.774798400Z
5963cac.325c: FileAttributes: 0x20
5973cac.325c: Size: 0x1b398
5983cac.325c: NT Headers: 0xc8
5993cac.325c: Timestamp: 0xf30abf31
6003cac.325c: Machine: 0x8664 - amd64
6013cac.325c: Timestamp: 0xf30abf31
6023cac.325c: Image Version: 10.0
6033cac.325c: SizeOfImage: 0x1c000 (114688)
6043cac.325c: Resource Dir: 0x1b000 LB 0x408
6053cac.325c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
6063cac.325c: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
6073cac.325c: ProductName: Microsoft® Windows® Operating System
6083cac.325c: ProductVersion: 10.0.16299.15
6093cac.325c: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
6103cac.325c: FileDescription: ApiSet Schema DLL
6113cac.325c: NtOpenDirectoryObject failed on \Driver: 0xc0000022
6123cac.325c: supR3HardenedWinFindAdversaries: 0x20
6133cac.325c: \SystemRoot\System32\drivers\mfeavfk.sys:
6143cac.325c: CreationTime: 2018-07-12T10:46:36.741806000Z
6153cac.325c: LastWriteTime: 2018-07-12T10:56:21.599804700Z
6163cac.325c: ChangeTime: 2018-07-12T10:56:21.599804700Z
6173cac.325c: FileAttributes: 0x20
6183cac.325c: Size: 0x585a0
6193cac.325c: NT Headers: 0xe8
6203cac.325c: Timestamp: 0x5adeb689
6213cac.325c: Machine: 0x8664 - amd64
6223cac.325c: Timestamp: 0x5adeb689
6233cac.325c: Image Version: 0.0
6243cac.325c: SizeOfImage: 0x58000 (360448)
6253cac.325c: Resource Dir: 0x56000 LB 0x758
6263cac.325c: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
6273cac.325c: [Raw version resource data: 0x56110 LB 0x334, codepage 0x0 (reserved 0x0)]
6283cac.325c: ProductName: SYSCORE
6293cac.325c: ProductVersion: 18.5.0.131
6303cac.325c: FileVersion: SYSCORE.18.5.0.131
6313cac.325c: PrivateBuild: SYSCORE.18.5.0.131 F15,F16,F19
6323cac.325c: FileDescription: Anti-Virus File System Filter Driver
6333cac.325c: \SystemRoot\System32\drivers\mfefirek.sys:
6343cac.325c: CreationTime: 2018-07-12T10:46:36.788679500Z
6353cac.325c: LastWriteTime: 2018-07-12T10:56:21.646463400Z
6363cac.325c: ChangeTime: 2018-07-12T10:56:34.492432800Z
6373cac.325c: FileAttributes: 0x20
6383cac.325c: Size: 0x823a0
6393cac.325c: NT Headers: 0xf0
6403cac.325c: Timestamp: 0x5adeb72d
6413cac.325c: Machine: 0x8664 - amd64
6423cac.325c: Timestamp: 0x5adeb72d
6433cac.325c: Image Version: 0.0
6443cac.325c: SizeOfImage: 0x84000 (540672)
6453cac.325c: Resource Dir: 0x80000 LB 0x388
6463cac.325c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
6473cac.325c: [Raw version resource data: 0x80060 LB 0x328, codepage 0x0 (reserved 0x0)]
6483cac.325c: ProductName: SYSCORE
6493cac.325c: ProductVersion: 18.5.0.131
6503cac.325c: FileVersion: SYSCORE.18.5.0.131
6513cac.325c: PrivateBuild: SYSCORE.18.5.0.131 F17,F18
6523cac.325c: FileDescription: McAfee Core Firewall Engine Driver
6533cac.325c: \SystemRoot\System32\drivers\mfehidk.sys:
6543cac.325c: CreationTime: 2018-07-12T10:46:36.694918500Z
6553cac.325c: LastWriteTime: 2018-07-12T10:56:21.553144900Z
6563cac.325c: ChangeTime: 2018-07-12T10:56:21.553144900Z
6573cac.325c: FileAttributes: 0x20
6583cac.325c: Size: 0xe91a0
6593cac.325c: NT Headers: 0x100
6603cac.325c: Timestamp: 0x5adeb60f
6613cac.325c: Machine: 0x8664 - amd64
6623cac.325c: Timestamp: 0x5adeb60f
6633cac.325c: Image Version: 0.0
6643cac.325c: SizeOfImage: 0xf2000 (991232)
6653cac.325c: Resource Dir: 0xee000 LB 0x758
6663cac.325c: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
6673cac.325c: [Raw version resource data: 0xee110 LB 0x320, codepage 0x0 (reserved 0x0)]
6683cac.325c: ProductName: SYSCORE
6693cac.325c: ProductVersion: 18.5.0.131
6703cac.325c: FileVersion: SYSCORE.18.5.0.131
6713cac.325c: PrivateBuild: SYSCORE.18.5.0.131 F14,F15,F16,F18,F20
6723cac.325c: FileDescription: McAfee Link Driver
6733cac.325c: \SystemRoot\System32\drivers\mfencbdc.sys:
6743cac.325c: CreationTime: 2018-05-03T08:03:30.000000000Z
6753cac.325c: LastWriteTime: 2018-05-03T08:03:30.000000000Z
6763cac.325c: ChangeTime: 2018-07-12T11:02:39.900398000Z
6773cac.325c: FileAttributes: 0x20
6783cac.325c: Size: 0x86590
6793cac.325c: NT Headers: 0xe0
6803cac.325c: Timestamp: 0x5ae0c367
6813cac.325c: Machine: 0x8664 - amd64
6823cac.325c: Timestamp: 0x5ae0c367
6833cac.325c: Image Version: 0.0
6843cac.325c: SizeOfImage: 0x8a000 (565248)
6853cac.325c: Resource Dir: 0x88000 LB 0x3e0
6863cac.325c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
6873cac.325c: [Raw version resource data: 0x88060 LB 0x380, codepage 0x0 (reserved 0x0)]
6883cac.325c: ProductName: Anti-Malware Core
6893cac.325c: ProductVersion: 18.5.0
6903cac.325c: FileVersion: Anti-Malware Core.18.5.0.287.x64
6913cac.325c: PrivateBuild: Anti-Malware Core.18.5.0.287.x64
6923cac.325c: FileDescription: Event Driver
6933cac.325c: \SystemRoot\System32\drivers\mfewfpk.sys:
6943cac.325c: CreationTime: 2018-07-12T10:46:36.710551900Z
6953cac.325c: LastWriteTime: 2018-07-12T10:56:21.553144900Z
6963cac.325c: ChangeTime: 2018-07-12T10:56:34.160160500Z
6973cac.325c: FileAttributes: 0x20
6983cac.325c: Size: 0x3dba0
6993cac.325c: NT Headers: 0x100
7003cac.325c: Timestamp: 0x5adeb629
7013cac.325c: Machine: 0x8664 - amd64
7023cac.325c: Timestamp: 0x5adeb629
7033cac.325c: Image Version: 0.0
7043cac.325c: SizeOfImage: 0x59000 (364544)
7053cac.325c: Resource Dir: 0x57000 LB 0x380
7063cac.325c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
7073cac.325c: [Raw version resource data: 0x57060 LB 0x320, codepage 0x0 (reserved 0x0)]
7083cac.325c: ProductName: SYSCORE
7093cac.325c: ProductVersion: 18.5.0.131
7103cac.325c: FileVersion: SYSCORE.18.5.0.131
7113cac.325c: PrivateBuild: SYSCORE.18.5.0.131 F17,F18
7123cac.325c: FileDescription: Anti-Virus Mini-Firewall Driver
7133cac.325c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
7143cac.325c: Calling main()
7153cac.325c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
7163cac.325c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
7173cac.325c: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
7183cac.325c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe)
7193cac.325c: SUPR3HardenedMain: Respawn #2
7203cac.325c: supR3HardNtEnableThreadCreation:
7213cac.325c: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
7223cac.325c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntdll.dll)
7233cac.325c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntdll.dll
7243cac.325c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
7253cac.325c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a3640000 'C:\WINDOWS\System32\ntdll.dll'
7263cac.325c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff9a36b91b0 pvNtTerminateThread=00007ff9a36e0890
7273cac.325c: supR3HardenedWinDoReSpawn(2): New child 24e4.25a8 [kernel32].
7283cac.325c: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
7293cac.325c: supR3HardNtChildGatherData: PebBaseAddress=00000000007b8000 cbPeb=0x388
7303cac.325c: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff9a3640000 uNtDllChildAddr=00007ff9a3640000
7313cac.325c: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff9a36b91b0
7323cac.325c: supR3HardenedWinSetupChildInit: Start child.
7333cac.325c: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
7343cac.325c: supR3HardNtChildPurify: Startup delay kludge #1/0: 520 ms, 59 sleeps
7353cac.325c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
7363cac.325c: *0000000000000000-000000000057ffff 0x0001/0x0000 0x0000000
7373cac.325c: *0000000000580000-000000000059ffff 0x0004/0x0004 0x0020000
7383cac.325c: *00000000005a0000-00000000005b8fff 0x0002/0x0002 0x0040000
7393cac.325c: 00000000005b9000-00000000005bffff 0x0001/0x0000 0x0000000
7403cac.325c: *00000000005c0000-00000000005c3fff 0x0002/0x0002 0x0040000
7413cac.325c: 00000000005c4000-00000000005cffff 0x0001/0x0000 0x0000000
7423cac.325c: *00000000005d0000-00000000005d0fff 0x0004/0x0004 0x0020000
7433cac.325c: 00000000005d1000-00000000005fffff 0x0001/0x0000 0x0000000
7443cac.325c: *0000000000600000-00000000007b7fff 0x0000/0x0004 0x0020000
7453cac.325c: 00000000007b8000-00000000007bafff 0x0004/0x0004 0x0020000
7463cac.325c: 00000000007bb000-00000000007fffff 0x0000/0x0004 0x0020000
7473cac.325c: *0000000000800000-00000000008fafff 0x0000/0x0004 0x0020000
7483cac.325c: 00000000008fb000-00000000008fdfff 0x0104/0x0004 0x0020000
7493cac.325c: 00000000008fe000-00000000008fffff 0x0004/0x0004 0x0020000
7503cac.325c: 0000000000900000-000000007ffdffff 0x0001/0x0000 0x0000000
7513cac.325c: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
7523cac.325c: *000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
7533cac.325c: 000000007fff0000-00007ff7c684ffff 0x0001/0x0000 0x0000000
7543cac.325c: *00007ff7c6850000-00007ff7c6872fff 0x0002/0x0002 0x0040000
7553cac.325c: 00007ff7c6873000-00007ff7c69effff 0x0001/0x0000 0x0000000
7563cac.325c: *00007ff7c69f0000-00007ff7c69f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
7573cac.325c: 00007ff7c69f1000-00007ff7c6a61fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
7583cac.325c: 00007ff7c6a62000-00007ff7c6a62fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
7593cac.325c: 00007ff7c6a63000-00007ff7c6aa8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
7603cac.325c: 00007ff7c6aa9000-00007ff7c6aa9fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
7613cac.325c: 00007ff7c6aaa000-00007ff7c6aaafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
7623cac.325c: 00007ff7c6aab000-00007ff7c6aaffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
7633cac.325c: 00007ff7c6ab0000-00007ff7c6ab0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
7643cac.325c: 00007ff7c6ab1000-00007ff7c6ab1fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
7653cac.325c: 00007ff7c6ab2000-00007ff7c6ab5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
7663cac.325c: 00007ff7c6ab6000-00007ff7c6afdfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
7673cac.325c: 00007ff7c6afe000-00007ff9a363ffff 0x0001/0x0000 0x0000000
7683cac.325c: *00007ff9a3640000-00007ff9a3640fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
7693cac.325c: 00007ff9a3641000-00007ff9a3752fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
7703cac.325c: 00007ff9a3753000-00007ff9a3798fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
7713cac.325c: 00007ff9a3799000-00007ff9a37a0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
7723cac.325c: 00007ff9a37a1000-00007ff9a37aefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
7733cac.325c: 00007ff9a37af000-00007ff9a37affff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
7743cac.325c: 00007ff9a37b0000-00007ff9a37b2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
7753cac.325c: 00007ff9a37b3000-00007ff9a381ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
7763cac.325c: 00007ff9a3820000-00007ffffffdffff 0x0001/0x0000 0x0000000
7773cac.325c: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
7783cac.325c: VirtualBox.exe: timestamp 0x5a942b95 (rc=VINF_SUCCESS)
7793cac.325c: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
7803cac.325c: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
7813cac.325c: supR3HardNtChildPurify: Done after 542 ms and 0 fixes (loop #0).
7823cac.325c: supR3HardenedEarlyCompact: Removed heap 1 (0x00000001200000 LB 0x400000)
7833cac.325c: supR3HardNtEnableThreadCreation:
78424e4.25a8: Log file opened: 5.2.8r121009 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa03fab00
78524e4.25a8: supR3HardenedVmProcessInit: uNtDllAddr=00007ff9a3640000 g_uNtVerCombined=0xa03fab00
78624e4.25a8: ntdll.dll: timestamp 0x493793ea (rc=VINF_SUCCESS)
78724e4.25a8: New simple heap: #1 0000000000a00000 LB 0x400000 (for 1966080 allocation)
78824e4.25a8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
78924e4.25a8: System32: \Device\HarddiskVolume3\Windows\System32
79024e4.25a8: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
79124e4.25a8: KnownDllPath: C:\WINDOWS\System32
79224e4.25a8: supR3HardenedVmProcessInit: Opening vboxdrv...
79324e4.25a8: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
79424e4.25a8: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
79524e4.25a8: Registered Dll notification callback with NTDLL.
79624e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
79724e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
79824e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
79924e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff99fcd0000 LB 0x00266000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
80024e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
80124e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
80224e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff9a0b10000 LB 0x000ae000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
80324e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
80424e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0b10000 'C:\WINDOWS\System32\KERNEL32.DLL'
80524e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff7c69f0000 LB 0x0010e000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
80624e4.25a8: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
80724e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe)
80824e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
80924e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
81024e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
81124e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'dnsapi.dll'.
81224e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\QIPCAP64.dll)
81324e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\QIPCAP64.dll
81424e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dnsapi.dll'...
81524e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'dnsapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\dnsapi.dll' [rcNtRedir=0xc0150008]
81624e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'ws2_32.dll'.
81724e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'nsi.dll'.
81824e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dnsapi.dll)
81924e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dnsapi.dll
82024e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
82124e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
82224e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
82324e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #73 'user32.dll'.
82424e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #75 'gdi32.dll'.
82524e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shell32.dll)
82624e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shell32.dll
82724e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
82824e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
82924e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
83024e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.
83124e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
83224e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\advapi32.dll)
83324e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\advapi32.dll
83424e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
83524e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
83624e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll)
83724e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
83824e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
83924e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume3\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
84024e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
84124e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\sechost.dll)
84224e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sechost.dll
84324e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
84424e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
84524e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcrt.dll)
84624e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
84724e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
84824e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
84924e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32.dll)
85024e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32.dll
85124e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
85224e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
85324e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
85424e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
85524e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\user32.dll)
85624e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\user32.dll
85724e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
85824e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
85924e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
86024e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
86124e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
86224e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\nsi.dll)
86324e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\nsi.dll
86424e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
86524e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
86624e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
86724e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ws2_32.dll)
86824e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
86924e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
87024e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
87124e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
87224e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
87324e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
87424e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
87524e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
87624e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
87724e4.25a8: '\Device\HarddiskVolume3\Windows\System32\win32u.dll' has no imports
87824e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\win32u.dll)
87924e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\win32u.dll
88024e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
88124e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
88224e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
88324e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\QIPCAP64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
88424e4.25a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\QIPCAP64.dll [lacks WinVerifyTrust]
88524e4.25a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dnsapi.dll [lacks WinVerifyTrust]
88624e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff9a1fb0000 LB 0x0009d000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0]
88724e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
88824e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff9a0bc0000 LB 0x0011f000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
88924e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
89024e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff9a0d00000 LB 0x0005b000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
89124e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\sechost.dll [lacks WinVerifyTrust]
89224e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff9a1b30000 LB 0x000a1000 C:\WINDOWS\System32\ADVAPI32.dll [fFlags=0x0]
89324e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
89424e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff99ff40000 LB 0x000f6000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0]
89524e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ucrtbase.dll)
89624e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ucrtbase.dll
89724e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff99fc80000 LB 0x0004a000 C:\WINDOWS\System32\cfgmgr32.dll [fFlags=0x0]
89824e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll)
89924e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
90024e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff9a0040000 LB 0x00072000 C:\WINDOWS\System32\bcryptPrimitives.dll [fFlags=0x0]
90124e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll)
90224e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
90324e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff9a1ca0000 LB 0x00308000 C:\WINDOWS\System32\combase.dll [fFlags=0x0]
90424e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
90524e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'bcryptprimitives.dll'.
90624e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\combase.dll)
90724e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\combase.dll
90824e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff9a1bf0000 LB 0x000a6000 C:\WINDOWS\System32\shcore.dll [fFlags=0x0]
90924e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
91024e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'rpcrt4.dll'.
91124e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'combase.dll'.
91224e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\SHCore.dll)
91324e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\SHCore.dll
91424e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff99fa40000 LB 0x0009b000 C:\WINDOWS\System32\msvcp_win.dll [fFlags=0x0]
91524e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll)
91624e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
91724e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff9a0870000 LB 0x00020000 C:\WINDOWS\System32\win32u.dll [fFlags=0x0]
91824e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
91924e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff9a1670000 LB 0x0018e000 C:\WINDOWS\System32\USER32.dll [fFlags=0x0]
92024e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
92124e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff99fae0000 LB 0x00191000 C:\WINDOWS\System32\gdi32full.dll [fFlags=0x0]
92224e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
92324e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'gdi32.dll'.
92424e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'user32.dll'.
92524e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'win32u.dll'.
92624e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32full.dll)
92724e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32full.dll
92824e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff9a3570000 LB 0x00028000 C:\WINDOWS\System32\GDI32.dll [fFlags=0x0]
92924e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
93024e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff9a11b0000 LB 0x00051000 C:\WINDOWS\System32\shlwapi.dll [fFlags=0x0]
93124e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
93224e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'gdi32.dll'.
93324e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #46 'user32.dll'.
93424e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shlwapi.dll)
93524e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
93624e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff99f9b0000 LB 0x00011000 C:\WINDOWS\System32\kernel.appcore.dll [fFlags=0x0]
93724e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'.
93824e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
93924e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll)
94024e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll
94124e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff99f9f0000 LB 0x0004c000 C:\WINDOWS\System32\powrprof.dll [fFlags=0x0]
94224e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
94324e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\powrprof.dll)
94424e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\powrprof.dll
94524e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff99f990000 LB 0x0001b000 C:\WINDOWS\System32\profapi.dll [fFlags=0x0]
94624e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\profapi.dll)
94724e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\profapi.dll
94824e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff9a00c0000 LB 0x00747000 C:\WINDOWS\System32\windows.storage.dll [fFlags=0x0]
94924e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
95024e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
95124e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #55 'combase.dll'.
95224e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #75 'profapi.dll'.
95324e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\windows.storage.dll)
95424e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\windows.storage.dll
95524e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff9a2120000 LB 0x01437000 C:\WINDOWS\System32\SHELL32.dll [fFlags=0x0]
95624e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [lacks WinVerifyTrust]
95724e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff9a35a0000 LB 0x0006c000 C:\WINDOWS\System32\WS2_32.dll [fFlags=0x0]
95824e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll [lacks WinVerifyTrust]
95924e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff9a1be0000 LB 0x00008000 C:\WINDOWS\System32\NSI.dll [fFlags=0x0]
96024e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll [lacks WinVerifyTrust]
96124e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff99ef90000 LB 0x000b6000 C:\WINDOWS\SYSTEM32\DNSAPI.dll [fFlags=0x0]
96224e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dnsapi.dll [lacks WinVerifyTrust]
96324e4.25a8: supR3HardenedDllNotificationCallback: load 0000000068000000 LB 0x0005e000 C:\WINDOWS\System32\QIPCAP64.dll [fFlags=0x0]
96424e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\QIPCAP64.dll [lacks WinVerifyTrust]
96524e4.25a8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
96624e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
96724e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99fcd0000 'api-ms-win-core-synch-l1-2-0'
96824e4.25a8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
96924e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
97024e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99fcd0000 'api-ms-win-core-fibers-l1-1-1'
97124e4.25a8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
97224e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
97324e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99fcd0000 'api-ms-win-core-fibers-l1-1-1'
97424e4.25a8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
97524e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
97624e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99fcd0000 'api-ms-win-core-synch-l1-2-0'
97724e4.25a8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
97824e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
97924e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99fcd0000 'api-ms-win-core-localization-l1-2-1'
98024e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
98124e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
98224e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
98324e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\profapi.dll [lacks WinVerifyTrust]
98424e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
98524e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
98624e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [lacks WinVerifyTrust]
98724e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
98824e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
98924e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
99024e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
99124e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
99224e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
99324e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
99424e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
99524e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
99624e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
99724e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
99824e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
99924e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
100024e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
100124e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
100224e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
100324e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
100424e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
100524e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
100624e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
100724e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
100824e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
100924e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
101024e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
101124e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
101224e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
101324e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
101424e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
101524e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
101624e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
101724e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
101824e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
101924e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
102024e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
102124e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
102224e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust]
102324e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
102424e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
102524e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [lacks WinVerifyTrust]
102624e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
102724e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
102824e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
102924e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
103024e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
103124e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
103224e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
103324e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
103424e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
103524e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
103624e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
103724e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
103824e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
103924e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0b10000 'C:\WINDOWS\System32\kernel32.dll'
104024e4.25a8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
104124e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
104224e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99fcd0000 'api-ms-win-core-string-l1-1-0'
104324e4.25a8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
104424e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
104524e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99fcd0000 'api-ms-win-core-datetime-l1-1-1'
104624e4.25a8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
104724e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
104824e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99fcd0000 'api-ms-win-core-localization-obsolete-l1-2-0'
104924e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
105024e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'win32u.dll'.
105124e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\imm32.dll)
105224e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imm32.dll
105324e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
105424e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
105524e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
105624e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
105724e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
105824e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
105924e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
106024e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff9a18a0000 LB 0x0002d000 C:\WINDOWS\System32\IMM32.DLL [fFlags=0x0]
106124e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [lacks WinVerifyTrust]
106224e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a18a0000 'C:\WINDOWS\system32\IMM32.DLL'
106324e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL)
106424e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
106524e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff99ef50000 LB 0x00039000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
106624e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL [lacks WinVerifyTrust]
106724e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000068000000 'C:\WINDOWS\System32\QIPCAP64.dll'
106824e4.25a8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff9a36b91b0 pvNtTerminateThread=00007ff9a36e0890
10693cac.325c: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 477 ms.
107024e4.25a8: \SystemRoot\System32\ntdll.dll:
107124e4.25a8: CreationTime: 2017-09-29T13:41:43.343111100Z
107224e4.25a8: LastWriteTime: 2017-09-29T13:41:43.358737200Z
107324e4.25a8: ChangeTime: 2018-07-12T10:30:05.494279700Z
107424e4.25a8: FileAttributes: 0x20
107524e4.25a8: Size: 0x1dd100
107624e4.25a8: NT Headers: 0xe0
107724e4.25a8: Timestamp: 0x493793ea
107824e4.25a8: Machine: 0x8664 - amd64
107924e4.25a8: Timestamp: 0x493793ea
108024e4.25a8: Image Version: 10.0
108124e4.25a8: SizeOfImage: 0x1e0000 (1966080)
108224e4.25a8: Resource Dir: 0x174000 LB 0x6a1d8
108324e4.25a8: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
108424e4.25a8: [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)]
108524e4.25a8: ProductName: Microsoft® Windows® Operating System
108624e4.25a8: ProductVersion: 10.0.16299.15
108724e4.25a8: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
108824e4.25a8: FileDescription: NT Layer DLL
108924e4.25a8: \SystemRoot\System32\kernel32.dll:
109024e4.25a8: CreationTime: 2017-09-29T13:42:04.954227600Z
109124e4.25a8: LastWriteTime: 2017-09-29T13:42:04.954227600Z
109224e4.25a8: ChangeTime: 2018-07-12T10:40:40.651114600Z
109324e4.25a8: FileAttributes: 0x20
109424e4.25a8: Size: 0xab868
109524e4.25a8: NT Headers: 0xe8
109624e4.25a8: Timestamp: 0xc2cf900
109724e4.25a8: Machine: 0x8664 - amd64
109824e4.25a8: Timestamp: 0xc2cf900
109924e4.25a8: Image Version: 10.0
110024e4.25a8: SizeOfImage: 0xae000 (712704)
110124e4.25a8: Resource Dir: 0xac000 LB 0x520
110224e4.25a8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
110324e4.25a8: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
110424e4.25a8: ProductName: Microsoft® Windows® Operating System
110524e4.25a8: ProductVersion: 10.0.16299.15
110624e4.25a8: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
110724e4.25a8: FileDescription: Windows NT BASE API Client DLL
110824e4.25a8: \SystemRoot\System32\KernelBase.dll:
110924e4.25a8: CreationTime: 2017-09-29T13:41:43.124345500Z
111024e4.25a8: LastWriteTime: 2017-09-29T13:41:43.124345500Z
111124e4.25a8: ChangeTime: 2018-07-12T10:40:40.841477200Z
111224e4.25a8: FileAttributes: 0x20
111324e4.25a8: Size: 0x266000
111424e4.25a8: NT Headers: 0xf0
111524e4.25a8: Timestamp: 0x4736733c
111624e4.25a8: Machine: 0x8664 - amd64
111724e4.25a8: Timestamp: 0x4736733c
111824e4.25a8: Image Version: 10.0
111924e4.25a8: SizeOfImage: 0x266000 (2514944)
112024e4.25a8: Resource Dir: 0x245000 LB 0x548
112124e4.25a8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
112224e4.25a8: [Raw version resource data: 0x2450b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
112324e4.25a8: ProductName: Microsoft® Windows® Operating System
112424e4.25a8: ProductVersion: 10.0.16299.15
112524e4.25a8: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
112624e4.25a8: FileDescription: Windows NT BASE API Client DLL
112724e4.25a8: \SystemRoot\System32\apisetschema.dll:
112824e4.25a8: CreationTime: 2017-09-29T13:42:07.095026600Z
112924e4.25a8: LastWriteTime: 2017-09-29T13:42:07.095026600Z
113024e4.25a8: ChangeTime: 2018-07-25T09:13:31.774798400Z
113124e4.25a8: FileAttributes: 0x20
113224e4.25a8: Size: 0x1b398
113324e4.25a8: NT Headers: 0xc8
113424e4.25a8: Timestamp: 0xf30abf31
113524e4.25a8: Machine: 0x8664 - amd64
113624e4.25a8: Timestamp: 0xf30abf31
113724e4.25a8: Image Version: 10.0
113824e4.25a8: SizeOfImage: 0x1c000 (114688)
113924e4.25a8: Resource Dir: 0x1b000 LB 0x408
114024e4.25a8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
114124e4.25a8: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
114224e4.25a8: ProductName: Microsoft® Windows® Operating System
114324e4.25a8: ProductVersion: 10.0.16299.15
114424e4.25a8: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
114524e4.25a8: FileDescription: ApiSet Schema DLL
114624e4.25a8: NtOpenDirectoryObject failed on \Driver: 0xc0000022
114724e4.25a8: supR3HardenedWinFindAdversaries: 0x20
114824e4.25a8: \SystemRoot\System32\drivers\mfeavfk.sys:
114924e4.25a8: CreationTime: 2018-07-12T10:46:36.741806000Z
115024e4.25a8: LastWriteTime: 2018-07-12T10:56:21.599804700Z
115124e4.25a8: ChangeTime: 2018-07-12T10:56:21.599804700Z
115224e4.25a8: FileAttributes: 0x20
115324e4.25a8: Size: 0x585a0
115424e4.25a8: NT Headers: 0xe8
115524e4.25a8: Timestamp: 0x5adeb689
115624e4.25a8: Machine: 0x8664 - amd64
115724e4.25a8: Timestamp: 0x5adeb689
115824e4.25a8: Image Version: 0.0
115924e4.25a8: SizeOfImage: 0x58000 (360448)
116024e4.25a8: Resource Dir: 0x56000 LB 0x758
116124e4.25a8: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
116224e4.25a8: [Raw version resource data: 0x56110 LB 0x334, codepage 0x0 (reserved 0x0)]
116324e4.25a8: ProductName: SYSCORE
116424e4.25a8: ProductVersion: 18.5.0.131
116524e4.25a8: FileVersion: SYSCORE.18.5.0.131
116624e4.25a8: PrivateBuild: SYSCORE.18.5.0.131 F15,F16,F19
116724e4.25a8: FileDescription: Anti-Virus File System Filter Driver
116824e4.25a8: \SystemRoot\System32\drivers\mfefirek.sys:
116924e4.25a8: CreationTime: 2018-07-12T10:46:36.788679500Z
117024e4.25a8: LastWriteTime: 2018-07-12T10:56:21.646463400Z
117124e4.25a8: ChangeTime: 2018-07-12T10:56:34.492432800Z
117224e4.25a8: FileAttributes: 0x20
117324e4.25a8: Size: 0x823a0
117424e4.25a8: NT Headers: 0xf0
117524e4.25a8: Timestamp: 0x5adeb72d
117624e4.25a8: Machine: 0x8664 - amd64
117724e4.25a8: Timestamp: 0x5adeb72d
117824e4.25a8: Image Version: 0.0
117924e4.25a8: SizeOfImage: 0x84000 (540672)
118024e4.25a8: Resource Dir: 0x80000 LB 0x388
118124e4.25a8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
118224e4.25a8: [Raw version resource data: 0x80060 LB 0x328, codepage 0x0 (reserved 0x0)]
118324e4.25a8: ProductName: SYSCORE
118424e4.25a8: ProductVersion: 18.5.0.131
118524e4.25a8: FileVersion: SYSCORE.18.5.0.131
118624e4.25a8: PrivateBuild: SYSCORE.18.5.0.131 F17,F18
118724e4.25a8: FileDescription: McAfee Core Firewall Engine Driver
118824e4.25a8: \SystemRoot\System32\drivers\mfehidk.sys:
118924e4.25a8: CreationTime: 2018-07-12T10:46:36.694918500Z
119024e4.25a8: LastWriteTime: 2018-07-12T10:56:21.553144900Z
119124e4.25a8: ChangeTime: 2018-07-12T10:56:21.553144900Z
119224e4.25a8: FileAttributes: 0x20
119324e4.25a8: Size: 0xe91a0
119424e4.25a8: NT Headers: 0x100
119524e4.25a8: Timestamp: 0x5adeb60f
119624e4.25a8: Machine: 0x8664 - amd64
119724e4.25a8: Timestamp: 0x5adeb60f
119824e4.25a8: Image Version: 0.0
119924e4.25a8: SizeOfImage: 0xf2000 (991232)
120024e4.25a8: Resource Dir: 0xee000 LB 0x758
120124e4.25a8: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
120224e4.25a8: [Raw version resource data: 0xee110 LB 0x320, codepage 0x0 (reserved 0x0)]
120324e4.25a8: ProductName: SYSCORE
120424e4.25a8: ProductVersion: 18.5.0.131
120524e4.25a8: FileVersion: SYSCORE.18.5.0.131
120624e4.25a8: PrivateBuild: SYSCORE.18.5.0.131 F14,F15,F16,F18,F20
120724e4.25a8: FileDescription: McAfee Link Driver
120824e4.25a8: \SystemRoot\System32\drivers\mfencbdc.sys:
120924e4.25a8: CreationTime: 2018-05-03T08:03:30.000000000Z
121024e4.25a8: LastWriteTime: 2018-05-03T08:03:30.000000000Z
121124e4.25a8: ChangeTime: 2018-07-12T11:02:39.900398000Z
121224e4.25a8: FileAttributes: 0x20
121324e4.25a8: Size: 0x86590
121424e4.25a8: NT Headers: 0xe0
121524e4.25a8: Timestamp: 0x5ae0c367
121624e4.25a8: Machine: 0x8664 - amd64
121724e4.25a8: Timestamp: 0x5ae0c367
121824e4.25a8: Image Version: 0.0
121924e4.25a8: SizeOfImage: 0x8a000 (565248)
122024e4.25a8: Resource Dir: 0x88000 LB 0x3e0
122124e4.25a8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
122224e4.25a8: [Raw version resource data: 0x88060 LB 0x380, codepage 0x0 (reserved 0x0)]
122324e4.25a8: ProductName: Anti-Malware Core
122424e4.25a8: ProductVersion: 18.5.0
122524e4.25a8: FileVersion: Anti-Malware Core.18.5.0.287.x64
122624e4.25a8: PrivateBuild: Anti-Malware Core.18.5.0.287.x64
122724e4.25a8: FileDescription: Event Driver
122824e4.25a8: \SystemRoot\System32\drivers\mfewfpk.sys:
122924e4.25a8: CreationTime: 2018-07-12T10:46:36.710551900Z
123024e4.25a8: LastWriteTime: 2018-07-12T10:56:21.553144900Z
123124e4.25a8: ChangeTime: 2018-07-12T10:56:34.160160500Z
123224e4.25a8: FileAttributes: 0x20
123324e4.25a8: Size: 0x3dba0
123424e4.25a8: NT Headers: 0x100
123524e4.25a8: Timestamp: 0x5adeb629
123624e4.25a8: Machine: 0x8664 - amd64
123724e4.25a8: Timestamp: 0x5adeb629
123824e4.25a8: Image Version: 0.0
123924e4.25a8: SizeOfImage: 0x59000 (364544)
124024e4.25a8: Resource Dir: 0x57000 LB 0x380
124124e4.25a8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
124224e4.25a8: [Raw version resource data: 0x57060 LB 0x320, codepage 0x0 (reserved 0x0)]
124324e4.25a8: ProductName: SYSCORE
124424e4.25a8: ProductVersion: 18.5.0.131
124524e4.25a8: FileVersion: SYSCORE.18.5.0.131
124624e4.25a8: PrivateBuild: SYSCORE.18.5.0.131 F17,F18
124724e4.25a8: FileDescription: Anti-Virus Mini-Firewall Driver
124824e4.25a8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
124924e4.25a8: Calling main()
125024e4.25a8: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
125124e4.25a8: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
125224e4.25a8: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
125324e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe)
125424e4.25a8: SUPR3HardenedMain: Final process, opening VBoxDrv...
125524e4.25a8: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000a00000 LB 0x400000)
125624e4.25a8: supR3HardNtEnableThreadCreation:
125724e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
125824e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
125924e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
126024e4.25a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
126124e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff994450000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
126224e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
126324e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
126424e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
126524e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff994450000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
126624e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
126724e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
126824e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff994450000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
126924e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff994450000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
127024e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
127124e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
127224e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
127324e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
127424e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wintrust.dll)
127524e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wintrust.dll
127624e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
127724e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
127824e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
127924e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
128024e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
128124e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'msasn1.dll'.
128224e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\crypt32.dll)
128324e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\crypt32.dll
128424e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
128524e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
128624e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msasn1.dll)
128724e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msasn1.dll
128824e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
128924e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
129024e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
129124e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
129224e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
129324e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
129424e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
129524e4.25a8: supR3HardenedDllNotificationCallback: load 0000000000a00000 LB 0x00012000 C:\WINDOWS\System32\MSASN1.dll [fFlags=0x0]
129624e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
129724e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff9a0940000 LB 0x001ce000 C:\WINDOWS\System32\CRYPT32.dll [fFlags=0x0]
129824e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
129924e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff9a0810000 LB 0x00058000 C:\WINDOWS\System32\Wintrust.dll [fFlags=0x0]
130024e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
130124e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0810000 'C:\WINDOWS\system32\Wintrust.dll'
130224e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcrypt.dll)
130324e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
130424e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
130524e4.25a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
130624e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff99f490000 LB 0x00025000 C:\WINDOWS\system32\bcrypt.dll [fFlags=0x0]
130724e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
130824e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99f490000 'C:\WINDOWS\system32\bcrypt.dll'
130924e4.25a8: bcrypt.dll loaded at 00007ff99f490000, BCryptOpenAlgorithmProvider at 00007ff99f492590, preloading providers:
131024e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
131124e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
131224e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0040000 'C:\WINDOWS\system32\bcryptprimitives.dll'
131324e4.25a8: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=0000000002f8b9d0)
131424e4.25a8: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=0000000002f8c760)
131524e4.25a8: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=0000000002f85400)
131624e4.25a8: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000000002f85540)
131724e4.25a8: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000002f8a370)
131824e4.25a8: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000002f9d2c0)
131924e4.25a8: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000002f9d590)
132024e4.25a8: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000002f8d310)
132124e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
132224e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
132324e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0810000 'C:\Windows\System32\WINTRUST.DLL'
132424e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
132524e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
132624e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0810000 'C:\Windows\System32\WINTRUST.DLL'
132724e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
132824e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
132924e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0810000 'C:\Windows\System32\WINTRUST.DLL'
133024e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
133124e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
133224e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0810000 'C:\Windows\System32\WINTRUST.DLL'
133324e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
133424e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
133524e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0810000 'C:\Windows\System32\WINTRUST.DLL'
133624e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
133724e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
133824e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0810000 'C:\Windows\System32\WINTRUST.DLL'
133924e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
134024e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
134124e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0810000 'C:\Windows\System32\WINTRUST.DLL'
134224e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptsp.dll)
134324e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptsp.dll
134424e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff99f380000 LB 0x00017000 C:\WINDOWS\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
134524e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
134624e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'bcrypt.dll'.
134724e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rsaenh.dll)
134824e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
134924e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
135024e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
135124e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
135224e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
135324e4.25a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
135424e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff99edd0000 LB 0x00033000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
135524e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
135624e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
135724e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
135824e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptbase.dll)
135924e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptbase.dll
136024e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff99f3a0000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
136124e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
136224e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
136324e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
136424e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
136524e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
136624e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
136724e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0b10000 'C:\WINDOWS\System32\kernel32.dll'
136824e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
136924e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0810000 'C:\Windows\System32\WINTRUST.DLL'
137024e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
137124e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
137224e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\CRYPT32.dll'
137324e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff9a0ce0000 LB 0x0001d000 C:\WINDOWS\System32\imagehlp.dll [fFlags=0x0]
137424e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\imagehlp.dll)
137524e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imagehlp.dll
137624e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
137724e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
137824e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
137924e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
138024e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
138124e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gpapi.dll)
138224e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gpapi.dll
138324e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff99e760000 LB 0x00022000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0]
138424e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
138524e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
138624e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
138724e4.25a8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\cryptnet.dll)
138824e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptnet.dll
138924e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
139024e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
139124e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
139224e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
139324e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
139424e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
139524e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
139624e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
139724e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
139824e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
139924e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
140024e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
140124e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
140224e4.25a8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
140324e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff990ea0000 LB 0x0002f000 C:\WINDOWS\System32\cryptnet.dll [fFlags=0x0]
140424e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
140524e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
140624e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
140724e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990ea0000 'C:\WINDOWS\System32\cryptnet.dll'
140824e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
140924e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
141024e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990ea0000 'C:\WINDOWS\System32\cryptnet.dll'
141124e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
141224e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
141324e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990ea0000 'C:\WINDOWS\System32\cryptnet.dll'
141424e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
141524e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
141624e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990ea0000 'C:\WINDOWS\System32\cryptnet.dll'
141724e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
141824e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
141924e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990ea0000 'C:\WINDOWS\System32\cryptnet.dll'
142024e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
142124e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
142224e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990ea0000 'C:\WINDOWS\System32\cryptnet.dll'
142324e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
142424e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990ea0000 'C:\WINDOWS\System32\cryptnet.dll'
142524e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
142624e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990ea0000 'C:\WINDOWS\System32\cryptnet.dll'
142724e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
142824e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990ea0000 'C:\WINDOWS\System32\cryptnet.dll'
142924e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
143024e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990ea0000 'C:\WINDOWS\System32\cryptnet.dll'
143124e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
143224e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990ea0000 'C:\WINDOWS\System32\cryptnet.dll'
143324e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990ea0000 'C:\WINDOWS\System32\cryptnet.dll'
143424e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
143524e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990ea0000 'C:\Windows\System32\cryptnet.dll'
143624e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
143724e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
143824e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
143924e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
144024e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
144124e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
144224e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
144324e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000002fa5a00
144424e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002fa5a00
144524e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2E2E4DE0C5BD65756637B6F71B7BAE24CF704BFD
144624e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
144724e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0bc0000 'C:\WINDOWS\System32\rpcrt4.dll'
144824e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
144924e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0810000 'C:\Windows\System32\WINTRUST.DLL'
145024e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
145124e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0810000 'C:\Windows\System32\WINTRUST.DLL'
145224e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
145324e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0810000 'C:\Windows\System32\WINTRUST.DLL'
145424e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
145524e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0810000 'C:\Windows\System32\WINTRUST.DLL'
145624e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
145724e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0810000 'C:\Windows\System32\WINTRUST.DLL'
145824e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
145924e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0810000 'C:\Windows\System32\WINTRUST.DLL'
146024e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
146124e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
146224e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0810000 'C:\Windows\System32\WINTRUST.DLL'
146324e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
146424e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
146524e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
146624e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
146724e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
146824e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
146924e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0015~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\SystemRoot\System32\ntdll.dll'
147024e4.25a8: g_pfnWinVerifyTrust=00007ff9a0816bc0
147124e4.25a8: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
147224e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
147324e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
147424e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
147524e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
147624e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
147724e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
147824e4.25a8: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\crypt32.dll'
147924e4.25a8: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
148024e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
148124e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
148224e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
148324e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
148424e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
148524e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
148624e4.25a8: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\wintrust.dll'
148724e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000508 pwszName=\Device\HarddiskVolume3\Windows\System32\cryptnet.dll
148824e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002fa5a00
148924e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002fa5a00
149024e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5A0BC1B38B9F5EE15493A1BB6ABB29D2FFBB4119
149124e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
149224e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
149324e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
149424e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
149524e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0015~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume3\Windows\System32\cryptnet.dll'
149624e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
149724e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptnet.dll'
149824e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
149924e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
150024e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
150124e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gpapi.dll'
150224e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
150324e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
150424e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
150524e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imagehlp.dll'
150624e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
150724e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
150824e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
150924e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptbase.dll'
151024e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
151124e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
151224e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
151324e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rsaenh.dll'
151424e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
151524e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
151624e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptsp.dll'
151724e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
151824e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
151924e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll'
152024e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
152124e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
152224e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
152324e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
152424e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msasn1.dll'
152524e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
152624e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
152724e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
152824e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
152924e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
153024e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
153124e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL'
153224e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
153324e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
153424e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll'
153524e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
153624e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
153724e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'
153824e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
153924e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
154024e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\profapi.dll'
154124e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
154224e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
154324e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'
154424e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
154524e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
154624e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'
154724e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
154824e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
154924e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'
155024e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
155124e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
155224e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'
155324e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
155424e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
155524e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'
155624e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
155724e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
155824e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'
155924e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
156024e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
156124e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\combase.dll'
156224e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
156324e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
156424e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll'
156524e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
156624e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
156724e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'
156824e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
156924e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
157024e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ucrtbase.dll'
157124e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
157224e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
157324e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll'
157424e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
157524e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
157624e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
157724e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
157824e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
157924e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
158024e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll'
158124e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
158224e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
158324e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\nsi.dll'
158424e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
158524e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
158624e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\user32.dll'
158724e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
158824e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
158924e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'
159024e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
159124e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
159224e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll'
159324e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
159424e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
159524e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\sechost.dll'
159624e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
159724e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
159824e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll'
159924e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
160024e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
160124e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\advapi32.dll'
160224e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
160324e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
160424e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll'
160524e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
160624e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
160724e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dnsapi.dll'
160824e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
160924e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\QIPCAP64.dll'
161024e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
161124e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe'
161224e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
161324e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
161424e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\KernelBase.dll'
161524e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
161624e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
161724e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\kernel32.dll'
161824e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\system32\crypt32.dll'
161924e4.25a8: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
162024e4.25a8: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
162124e4.25a8: supR3HardenedWinIsDesiredRootCA: Adding 0xb89fbcc1e1cf9800 DC=org, DC=lhasalimited, CN=lhasalimited-LUKSERVER04-CA
162224e4.25a8: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
162324e4.25a8: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
162424e4.25a8: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
162524e4.25a8: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
162624e4.25a8: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
162724e4.25a8: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
162824e4.25a8: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
162924e4.25a8: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
163024e4.25a8: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
163124e4.25a8: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
163224e4.25a8: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
163324e4.25a8: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
163424e4.25a8: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
163524e4.25a8: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
163624e4.25a8: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
163724e4.25a8: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
163824e4.25a8: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
163924e4.25a8: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
164024e4.25a8: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
164124e4.25a8: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
164224e4.25a8: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
164324e4.25a8: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
164424e4.25a8: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
164524e4.25a8: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
164624e4.25a8: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
164724e4.25a8: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
164824e4.25a8: supR3HardenedWinIsDesiredRootCA: Adding 0x3eca5e688d39ca00 OU=Websense Internet Authority, CN=Websense Inc., L=San Diego, C=US
164924e4.25a8: supR3HardenedWinIsDesiredRootCA: Adding 0xe5261e55411ec00 C=US, ST=Texas, L=Austin, O=Forcepoint LLC, CN=Forcepoint Cloud CA
165024e4.25a8: supR3HardenedWinIsDesiredRootCA: skipping - not-self-signed: O=McAfee, OU=Orion, CN=LUKSERVER11
165124e4.25a8: supR3HardenedWinIsDesiredRootCA: skipping - not-self-signed: C=US, ST=Texas, O=Forcepoint LLC, CN=Forcepoint Cloud OPS CA
165224e4.25a8: supR3HardenedWinIsDesiredRootCA: Adding 0xa4e995d59bb79500 C=US, ST=CA, L=LG, O=Websense, Inc., OU=Websense Endpoint, Email=support@websense.com, CN=Websense Public Primary Certificate Authority, desc=246990743EP@websense.com
165324e4.25a8: supR3HardenedWinIsDesiredRootCA: Adding 0xeac57f72a26cd900 DC=org, DC=lhasalimited, CN=lhasalimited-LUKSERVER04-CA
165424e4.25a8: supR3HardenedWinIsDesiredRootCA: Adding 0x4c5a41b7554ba200 DC=org, DC=lhasalimited, CN=lhasalimited-LUKPC155-CA
165524e4.25a8: supR3HardenedWinIsDesiredRootCA: Adding 0xb89fbcc1e1cf9800 DC=org, DC=lhasalimited, CN=lhasalimited-LUKSERVER04-CA
165624e4.25a8: supR3HardenedWinIsDesiredRootCA: Adding 0xd63d3c838f6c900 CN=lhasalimited-LUKPC213-CA
165724e4.25a8: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=36
165824e4.25a8: SUPR3HardenedMain: Load Runtime...
165924e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
166024e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
166124e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
166224e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
166324e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
166424e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
166524e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
166624e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
166724e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
166824e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
166924e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
167024e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
167124e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
167224e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
167324e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
167424e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
167524e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
167624e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
167724e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
167824e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
167924e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
168024e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
168124e4.25a8: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
168224e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll)
168324e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
168424e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
168524e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
168624e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
168724e4.25a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
168824e4.25a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
168924e4.25a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
169024e4.25a8: supR3HardenedDllNotificationCallback: load 000000006ba60000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
169124e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
169224e4.25a8: supR3HardenedDllNotificationCallback: load 000000006bb40000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
169324e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
169424e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff9435d0000 LB 0x00590000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
169524e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
169624e4.25a8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
169724e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
169824e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
169924e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
170024e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9435d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
170124e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
170224e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
170324e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9435d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
170424e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
170524e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
170624e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9435d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
170724e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
170824e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
170924e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9435d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
171024e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
171124e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
171224e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9435d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
171324e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
171424e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
171524e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9435d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
171624e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9435d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
171724e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9435d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
171824e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9435d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
171924e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9435d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
172024e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9435d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
172124e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9435d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
172224e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9435d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
172324e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
172424e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
172524e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9435d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
172624e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9435d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
172724e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9435d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
172824e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9435d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
172924e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9435d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
173024e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9435d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
173124e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9435d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
173224e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9435d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
173324e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9435d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
173424e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9435d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
173524e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9435d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
173624e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9435d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
173724e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9435d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
173824e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9435d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
173924e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9435d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
174024e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9435d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
174124e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
174224e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
174324e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9435d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
174424e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9435d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
174524e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9435d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
174624e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9435d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
174724e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0810000 'C:\WINDOWS\system32\Wintrust.dll'
174824e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
174924e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
175024e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
175124e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
175224e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\system32\crypt32.dll'
175324e4.25a8: SUPR3HardenedMain: Load TrustedMain...
175424e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
175524e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
175624e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
175724e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
175824e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
175924e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
176024e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5guivbox.dll'.
176124e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5widgetsvbox.dll'.
176224e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5printsupportvbox.dll'.
176324e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
176424e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
176524e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
176624e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
176724e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
176824e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
176924e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'.
177024e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
177124e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.dll
177224e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
177324e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
177424e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
177524e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
177624e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
177724e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
177824e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winmm.dll) WinVerifyTrust
177924e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winmm.dll
178024e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
178124e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
178224e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
178324e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
178424e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
178524e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
178624e4.25a8: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'.
178724e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
178824e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winmmbase.dll)
178924e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winmmbase.dll
179024e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
179124e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
179224e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
179324e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
179424e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
179524e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
179624e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'.
179724e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\oleaut32.dll) WinVerifyTrust
179824e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
179924e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
180024e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
180124e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
180224e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
180324e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
180424e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
180524e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll
180624e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
180724e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
180824e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
180924e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
181024e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
181124e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
181224e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #46 'gdi32.dll'.
181324e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #47 'user32.dll'.
181424e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #48 'combase.dll'.
181524e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ole32.dll) WinVerifyTrust
181624e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ole32.dll
181724e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
181824e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
181924e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
182024e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
182124e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
182224e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
182324e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
182424e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
182524e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
182624e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
182724e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
182824e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
182924e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
183024e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll
183124e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
183224e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
183324e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
183424e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
183524e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
183624e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll
183724e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
183824e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
183924e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
184024e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
184124e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
184224e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
184324e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
184424e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
184524e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
184624e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5printsupportvbox.dll'...
184724e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5printsupportvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5printsupportvbox.dll' [rcNtRedir=0xc0150008]
184824e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
184924e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
185024e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
185124e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
185224e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
185324e4.25a8: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'.
185424e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
185524e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
185624e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
185724e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
185824e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
185924e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
186024e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
186124e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
186224e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll)
186324e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
186424e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
186524e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
186624e4.25a8: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'.
186724e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
186824e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
186924e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
187024e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
187124e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
187224e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
187324e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
187424e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll)
187524e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
187624e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
187724e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
187824e4.25a8: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
187924e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
188024e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
188124e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
188224e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
188324e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
188424e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
188524e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
188624e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll)
188724e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
188824e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
188924e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
189024e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
189124e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
189224e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
189324e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
189424e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
189524e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
189624e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
189724e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
189824e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
189924e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
190024e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
190124e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
190224e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
190324e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
190424e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
190524e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
190624e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
190724e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
190824e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll
190924e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
191024e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
191124e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
191224e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
191324e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
191424e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
191524e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
191624e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
191724e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
191824e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
191924e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
192024e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
192124e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
192224e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
192324e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll
192424e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
192524e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
192624e4.25a8: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\opengl32.dll'.
192724e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
192824e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
192924e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
193024e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
193124e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'glu32.dll'.
193224e4.25a8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\opengl32.dll)
193324e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\opengl32.dll
193424e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
193524e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
193624e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
193724e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
193824e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
193924e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
194024e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
194124e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
194224e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
194324e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
194424e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
194524e4.25a8: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
194624e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\mpr.dll)
194724e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\mpr.dll
194824e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
194924e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
195024e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
195124e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
195224e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
195324e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
195424e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
195524e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
195624e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
195724e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
195824e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
195924e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
196024e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
196124e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
196224e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
196324e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
196424e4.25a8: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
196524e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
196624e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
196724e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'opengl32.dll'.
196824e4.25a8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\glu32.dll)
196924e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\glu32.dll
197024e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
197124e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
197224e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll
197324e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
197424e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
197524e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
197624e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
197724e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
197824e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
197924e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
198024e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
198124e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
198224e4.25a8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
198324e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
198424e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
198524e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
198624e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
198724e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
198824e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
198924e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
199024e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5widgetsvbox.dll'.
199124e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
199224e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
199324e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
199424e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'comdlg32.dll'.
199524e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcr100.dll'.
199624e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll) WinVerifyTrust
199724e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
199824e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
199924e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
200024e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [redoing WinVerifyTrust]
200124e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
200224e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
200324e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
200424e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
200524e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume3\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
200624e4.25a8: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\comdlg32.dll'.
200724e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
200824e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'user32.dll'.
200924e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'shlwapi.dll'.
201024e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'gdi32.dll'.
201124e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'comctl32.dll'.
201224e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'shell32.dll'.
201324e4.25a8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\comdlg32.dll)
201424e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\comdlg32.dll
201524e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
201624e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume3\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
201724e4.25a8: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\winspool.drv'.
201824e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
201924e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'iphlpapi.dll'.
202024e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'bcrypt.dll'.
202124e4.25a8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\winspool.drv)
202224e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winspool.drv
202324e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
202424e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
202524e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
202624e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
202724e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
202824e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
202924e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
203024e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
203124e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust]
203224e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
203324e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
203424e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
203524e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
203624e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
203724e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
203824e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
203924e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
204024e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
204124e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
204224e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
204324e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
204424e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
204524e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
204624e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
204724e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
204824e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
204924e4.25a8: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\comctl32.dll'.
205024e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
205124e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
205224e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
205324e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\comctl32.dll)
205424e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\comctl32.dll
205524e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
205624e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
205724e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
205824e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
205924e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
206024e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
206124e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
206224e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
206324e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
206424e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
206524e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
206624e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
206724e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
206824e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
206924e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
207024e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
207124e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
207224e4.25a8: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'
207324e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
207424e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
207524e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust]
207624e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
207724e4.25a8: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'
207824e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
207924e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
208024e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust]
208124e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
208224e4.25a8: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'
208324e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
208424e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
208524e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [redoing WinVerifyTrust]
208624e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
208724e4.25a8: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'
208824e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
208924e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
209024e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
209124e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
209224e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
209324e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
209424e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
209524e4.25a8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
209624e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000564 pwszName=\Device\HarddiskVolume3\Windows\System32\opengl32.dll
209724e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002fa5a00
209824e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002fa5a00
209924e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F39C902102F30859FF82648A950427FCB81FB124
210024e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
210124e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
210224e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00111~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume3\Windows\System32\opengl32.dll'
210324e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
210424e4.25a8: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\opengl32.dll'
210524e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
210624e4.25a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.dll
210724e4.25a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
210824e4.25a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
210924e4.25a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
211024e4.25a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
211124e4.25a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
211224e4.25a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
211324e4.25a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
211424e4.25a8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
211524e4.25a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
211624e4.25a8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
211724e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
211824e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
211924e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
212024e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.15_none_e47c14a8033886fc\comctl32.dll)
212124e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.15_none_e47c14a8033886fc\comctl32.dll
212224e4.25a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
212324e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff990d20000 LB 0x0002c000 C:\WINDOWS\SYSTEM32\GLU32.dll [fFlags=0x0]
212424e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
212524e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff991120000 LB 0x0011e000 C:\WINDOWS\SYSTEM32\OPENGL32.dll [fFlags=0x0]
212624e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
212724e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff9a19e0000 LB 0x00149000 C:\WINDOWS\System32\ole32.dll [fFlags=0x0]
212824e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
212924e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff9949e0000 LB 0x0001b000 C:\WINDOWS\SYSTEM32\MPR.dll [fFlags=0x0]
213024e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
213124e4.25a8: supR3HardenedDllNotificationCallback: load 000000006b4f0000 LB 0x00565000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
213224e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
213324e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff93f1b0000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
213424e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
213524e4.25a8: supR3HardenedDllNotificationCallback: load 000000006af80000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
213624e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
213724e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff999480000 LB 0x00086000 C:\WINDOWS\SYSTEM32\WINSPOOL.DRV [fFlags=0x0]
213824e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
213924e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff97f430000 LB 0x000a6000 C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.15_none_e47c14a8033886fc\COMCTL32.dll [fFlags=0x0]
214024e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.15_none_e47c14a8033886fc\comctl32.dll [avoiding WinVerifyTrust]
214124e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff9a18d0000 LB 0x0010a000 C:\WINDOWS\System32\COMDLG32.dll [fFlags=0x0]
214224e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\comdlg32.dll [avoiding WinVerifyTrust]
214324e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff98c2b0000 LB 0x00051000 C:\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll [fFlags=0x0]
214424e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
214524e4.25a8: supR3HardenedDllNotificationCallback: load 000000006af20000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
214624e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
214724e4.25a8: supR3HardenedDllNotificationCallback: load 0000000005720000 LB 0x000c5000 C:\WINDOWS\System32\OLEAUT32.dll [fFlags=0x0]
214824e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
214924e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff995940000 LB 0x0002a000 C:\WINDOWS\SYSTEM32\WINMMBASE.dll [fFlags=0x0]
215024e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
215124e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff9956c0000 LB 0x00023000 C:\WINDOWS\SYSTEM32\WINMM.dll [fFlags=0x0]
215224e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
215324e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff942bc0000 LB 0x00a06000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
215424e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.dll
215524e4.25a8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.15_none_e47c14a8033886fc\comctl32.dll'.
215624e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.15_none_e47c14a8033886fc\comctl32.dll' [rescheduled]
215724e4.25a8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\comctl32.dll'.
215824e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\comctl32.dll' [rescheduled]
215924e4.25a8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\winspool.drv'.
216024e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winspool.drv' [rescheduled]
216124e4.25a8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\comdlg32.dll'.
216224e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\comdlg32.dll' [rescheduled]
216324e4.25a8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
216424e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
216524e4.25a8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
216624e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
216724e4.25a8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'.
216824e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled]
216924e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll
217024e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
217124e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
217224e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
217324e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
217424e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
217524e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
217624e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
217724e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
217824e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a18a0000 'C:\WINDOWS\System32\imm32.dll'
217924e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
218024e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
218124e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a1b30000 'C:\WINDOWS\System32\ADVAPI32.DLL'
218224e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff942bc0000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
218324e4.25a8: SUPR3HardenedMain: Calling TrustedMain (00007ff942bc14f0)...
218424e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
218524e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
218624e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
218724e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
218824e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
218924e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
219024e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
219124e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
219224e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
219324e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
219424e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
219524e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
219624e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
219724e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
219824e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
219924e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
220024e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
220124e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
220224e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
220324e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
220424e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
220524e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
220624e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
220724e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
220824e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
220924e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
221024e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
221124e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
221224e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
221324e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
221424e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
221524e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
221624e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
221724e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
221824e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
221924e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
222024e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll
222124e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
222224e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
222324e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
222424e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
222524e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
222624e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
222724e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
222824e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
222924e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
223024e4.25a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
223124e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff94a9e0000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
223224e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
223324e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a9e0000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
223424e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000688 pwszName=\Device\HarddiskVolume3\Windows\System32\uxtheme.dll
223524e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002fa5a00
223624e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002fa5a00
223724e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0AB199956403E78CE61C981F6BA97CA632BE55AC
223824e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
223924e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
224024e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00114~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume3\Windows\System32\uxtheme.dll'
224124e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
224224e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
224324e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
224424e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'user32.dll'.
224524e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\uxtheme.dll) WinVerifyTrust
224624e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
224724e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
224824e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
224924e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
225024e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
225124e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
225224e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
225324e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
225424e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
225524e4.25a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
225624e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff99e060000 LB 0x00095000 C:\WINDOWS\system32\uxtheme.dll [fFlags=0x0]
225724e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
225824e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99e060000 'C:\WINDOWS\system32\uxtheme.dll'
225924e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a1670000 'C:\WINDOWS\system32\user32.dll'
226024e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
226124e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
226224e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a2120000 'C:\WINDOWS\system32\shell32.dll'
226324e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll
226424e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\SHCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
226524e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a1bf0000 'C:\WINDOWS\system32\SHCore.dll'
226624e4.25a8: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll; rcNtGetDll=0x0
226724e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\system32\wintab32.dll'
226824e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
226924e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'win32u.dll'.
227024e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
227124e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
227224e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dwmapi.dll)
227324e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dwmapi.dll
227424e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff99e130000 LB 0x0002a000 C:\WINDOWS\system32\dwmapi.dll [fFlags=0x0]
227524e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
227624e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
227724e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
227824e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
227924e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
228024e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
228124e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
228224e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
228324e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll
228424e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
228524e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
228624e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
228724e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
228824e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
228924e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dwmapi.dll'
229024e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
229124e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
229224e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9956c0000 'C:\WINDOWS\system32\winmm.dll'
229324e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
229424e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
229524e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9956c0000 'C:\WINDOWS\system32\winmm.dll'
229624e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
229724e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
229824e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a2120000 'C:\WINDOWS\system32\shell32.dll'
229924e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
230024e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
230124e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99e060000 'C:\WINDOWS\system32\uxtheme.dll'
230224e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a1b30000 'C:\WINDOWS\system32\advapi32.dll'
230324e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
230424e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
230524e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
230624e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'profapi.dll'.
230724e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\userenv.dll) WinVerifyTrust
230824e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\userenv.dll
230924e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
231024e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
231124e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\profapi.dll
231224e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
231324e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
231424e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
231524e4.25a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll
231624e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff99f890000 LB 0x00029000 C:\WINDOWS\system32\userenv.dll [fFlags=0x0]
231724e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll
231824e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99f890000 'C:\WINDOWS\system32\userenv.dll'
231924e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
232024e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
232124e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0b10000 'C:\WINDOWS\System32\kernel32.dll'
232224e4.25a8: supR3HardenedDllNotificationCallback: load 0000000005ce0000 LB 0x0009e000 C:\WINDOWS\System32\clbcatq.dll [fFlags=0x0]
232324e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
232424e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'rpcrt4.dll'.
232524e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\clbcatq.dll)
232624e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\clbcatq.dll
232724e4.2040: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
232824e4.2040: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
232924e4.2040: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
233024e4.2040: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
233124e4.2040: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
233224e4.2040: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
233324e4.2040: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
233424e4.2040: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\clbcatq.dll'
233524e4.2040: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
233624e4.2040: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
233724e4.2040: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
233824e4.2040: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
233924e4.2040: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
234024e4.2040: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
234124e4.2040: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
234224e4.2040: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
234324e4.2040: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
234424e4.2040: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
234524e4.2040: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
234624e4.2040: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
234724e4.2040: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
234824e4.2040: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
234924e4.2040: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
235024e4.2040: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
235124e4.2040: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
235224e4.2040: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
235324e4.2040: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
235424e4.2040: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
235524e4.2040: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
235624e4.2040: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
235724e4.2040: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
235824e4.2040: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
235924e4.2040: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
236024e4.2040: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
236124e4.2040: supR3HardenedDllNotificationCallback: load 00007ff93ec60000 LB 0x00545000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
236224e4.2040: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
236324e4.2040: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff93ec60000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
236424e4.2040: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
236524e4.2040: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
236624e4.2040: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
236724e4.2040: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
236824e4.2040: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
236924e4.2040: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
237024e4.2040: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
237124e4.2040: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
237224e4.2040: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
237324e4.2040: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
237424e4.2040: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
237524e4.2040: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
237624e4.2040: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
237724e4.2040: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
237824e4.2040: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
237924e4.2040: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
238024e4.2040: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
238124e4.2040: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
238224e4.2040: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
238324e4.2040: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
238424e4.2040: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
238524e4.2040: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
238624e4.2040: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
238724e4.2040: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
238824e4.2040: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
238924e4.2040: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
239024e4.2040: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
239124e4.2040: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
239224e4.2040: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
239324e4.2040: supR3HardenedDllNotificationCallback: load 00007ff96ace0000 LB 0x000ba000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
239424e4.2040: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
239524e4.2040: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96ace0000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
239624e4.2040: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
239724e4.2040: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
239824e4.2040: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000005720000 'C:\Windows\System32\oleaut32.dll'
239924e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll
240024e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\gdi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
240124e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a3570000 'C:\WINDOWS\system32\gdi32.dll'
240224e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a2120000 'C:\WINDOWS\system32\shell32.dll'
240324e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff9a14a0000 LB 0x00167000 C:\WINDOWS\System32\MSCTF.dll [fFlags=0x0]
240424e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
240524e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'oleaut32.dll'.
240624e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'user32.dll'.
240724e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'gdi32.dll'.
240824e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'imm32.dll'.
240924e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msctf.dll)
241024e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msctf.dll
241124e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
241224e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
241324e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll
241424e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
241524e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
241624e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
241724e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
241824e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
241924e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
242024e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
242124e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
242224e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
242324e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
242424e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
242524e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msctf.dll'
242624e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009e8 pwszName=\Device\HarddiskVolume3\Windows\System32\DataExchange.dll
242724e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002fa5a00
242824e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002fa5a00
242924e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=87FA668FC207CB724FFDD342C6B5B8D273E3498D
243024e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
243124e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
243224e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0010~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume3\Windows\System32\DataExchange.dll'
243324e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
243424e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
243524e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shcore.dll'.
243624e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'combase.dll'.
243724e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'd3d11.dll'.
243824e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'dcomp.dll'.
243924e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\DataExchange.dll) WinVerifyTrust
244024e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\DataExchange.dll
244124e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'...
244224e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume3\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008]
244324e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
244424e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
244524e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
244624e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
244724e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dcomp.dll) WinVerifyTrust
244824e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dcomp.dll
244924e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
245024e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume3\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
245124e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
245224e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
245324e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
245424e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
245524e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll
245624e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
245724e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
245824e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
245924e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'dxgi.dll'.
246024e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'win32u.dll'.
246124e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\d3d11.dll) WinVerifyTrust
246224e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\d3d11.dll
246324e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
246424e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
246524e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll
246624e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
246724e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume3\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
246824e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll
246924e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
247024e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
247124e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
247224e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
247324e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll
247424e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
247524e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume3\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
247624e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
247724e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
247824e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
247924e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'win32u.dll'.
248024e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dxgi.dll) WinVerifyTrust
248124e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dxgi.dll
248224e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
248324e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
248424e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
248524e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
248624e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll
248724e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
248824e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
248924e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
249024e4.25a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DataExchange.dll
249124e4.25a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d11.dll
249224e4.25a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dcomp.dll
249324e4.25a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dxgi.dll
249424e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff99e800000 LB 0x000af000 C:\WINDOWS\system32\dxgi.dll [fFlags=0x0]
249524e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dxgi.dll
249624e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff99c5c0000 LB 0x002e2000 C:\WINDOWS\system32\d3d11.dll [fFlags=0x0]
249724e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d11.dll
249824e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff99cf60000 LB 0x00142000 C:\WINDOWS\system32\dcomp.dll [fFlags=0x0]
249924e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dcomp.dll
250024e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff977820000 LB 0x0004f000 C:\WINDOWS\system32\dataexchange.dll [fFlags=0x0]
250124e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DataExchange.dll
250224e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a3570000 'C:\WINDOWS\System32\gdi32.dll'
250324e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff977820000 'C:\WINDOWS\system32\dataexchange.dll'
250424e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
250524e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rmclient.dll'.
250624e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
250724e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'bcrypt.dll'.
250824e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'combase.dll'.
250924e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll)
251024e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll
251124e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
251224e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
251324e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rmclient.dll)
251424e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rmclient.dll
251524e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff99e180000 LB 0x00020000 C:\WINDOWS\system32\RMCLIENT.dll [fFlags=0x0]
251624e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rmclient.dll [avoiding WinVerifyTrust]
251724e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff99e1a0000 LB 0x0017b000 C:\WINDOWS\system32\twinapi.appcore.dll [fFlags=0x0]
251824e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust]
251924e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
252024e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'coreuicomponents.dll'.
252124e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'coremessaging.dll'.
252224e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll)
252324e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll
252424e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
252524e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'coremessaging.dll'.
252624e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #48 'shcore.dll'.
252724e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll)
252824e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll
252924e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
253024e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'.
253124e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll)
253224e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll
253324e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntmarta.dll)
253424e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntmarta.dll
253524e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'combase.dll'.
253624e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
253724e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'bcryptprimitives.dll'.
253824e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\WinTypes.dll)
253924e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\WinTypes.dll
254024e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff99ea80000 LB 0x00031000 C:\WINDOWS\SYSTEM32\ntmarta.dll [fFlags=0x0]
254124e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntmarta.dll [avoiding WinVerifyTrust]
254224e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff99ce80000 LB 0x000dd000 C:\WINDOWS\System32\CoreMessaging.dll [fFlags=0x0]
254324e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [avoiding WinVerifyTrust]
254424e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff99b6a0000 LB 0x00136000 C:\WINDOWS\SYSTEM32\wintypes.dll [fFlags=0x0]
254524e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust]
254624e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff9884d0000 LB 0x002ee000 C:\WINDOWS\System32\CoreUIComponents.dll [fFlags=0x0]
254724e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll [avoiding WinVerifyTrust]
254824e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff9887c0000 LB 0x00098000 C:\WINDOWS\System32\TextInputFramework.dll [fFlags=0x0]
254924e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll [avoiding WinVerifyTrust]
255024e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
255124e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
255224e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
255324e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
255424e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
255524e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
255624e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
255724e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll
255824e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
255924e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
256024e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
256124e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
256224e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
256324e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume3\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
256424e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll
256524e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
256624e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume3\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
256724e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
256824e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
256924e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
257024e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
257124e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume3\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
257224e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
257324e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coreuicomponents.dll'...
257424e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'coreuicomponents.dll' -> '\Device\HarddiskVolume3\Windows\System32\coreuicomponents.dll' [rcNtRedir=0xc0150008]
257524e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll [lacks WinVerifyTrust]
257624e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
257724e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
257824e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
257924e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
258024e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
258124e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
258224e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
258324e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
258424e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll
258524e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
258624e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
258724e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
258824e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
258924e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
259024e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rmclient.dll'...
259124e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rmclient.dll' -> '\Device\HarddiskVolume3\Windows\System32\rmclient.dll' [rcNtRedir=0xc0150008]
259224e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rmclient.dll [lacks WinVerifyTrust]
259324e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
259424e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
259524e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
259624e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
259724e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\WinTypes.dll'
259824e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
259924e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
260024e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ntmarta.dll'
260124e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
260224e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
260324e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll'
260424e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
260524e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
260624e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
260724e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
260824e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll'
260924e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
261024e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
261124e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll'
261224e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
261324e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
261424e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rmclient.dll'
261524e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
261624e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
261724e4.25a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll'
261824e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
261924e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\OLEAUT32.DLL (Input=OLEAUT32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
262024e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000005720000 'C:\WINDOWS\System32\OLEAUT32.DLL'
262124e4.25a8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll) -> 0x0, fPresent=1
262224e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
262324e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a1670000 'ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll'
262424e4.25a8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll) -> 0x0, fPresent=1
262524e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
262624e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a1670000 'ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll'
262724e4.25a8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-com-l1-1-0.dll) -> 0x0, fPresent=1
262824e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-com-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
262924e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a1ca0000 'api-ms-win-core-com-l1-1-0.dll'
263024e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msctf.dll
263124e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
263224e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a14a0000 'C:\WINDOWS\System32\MSCTF.dll'
263324e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a2120000 'C:\WINDOWS\system32\shell32.dll'
263424e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a2120000 'C:\WINDOWS\system32\shell32.dll'
263524e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
263624e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
263724e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a19e0000 'C:\WINDOWS\System32\ole32.dll'
263824e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
263924e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
264024e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000005720000 'C:\WINDOWS\System32\OLEAUT32.dll'
264124e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ae0 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
264224e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002fa5a00
264324e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002fa5a00
264424e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AE2733DC030E44DCE443886E467FF179D2D68A91
264524e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
264624e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
264724e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1200_for_KB4284819~31bf3856ad364e35~amd64~~10.0.1.9.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll'
264824e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
264924e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
265024e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
265124e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
265224e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
265324e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
265424e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
265524e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
265624e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000aec pwszName=\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
265724e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002fa5a00
265824e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002fa5a00
265924e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CA3F9D85214DB0270185C719B931C69440BA9C18
266024e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
266124e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
266224e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package01~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll'
266324e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
266424e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
266524e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'bcrypt.dll'.
266624e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'ws2_32.dll'.
266724e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll) WinVerifyTrust
266824e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
266924e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
267024e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
267124e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
267224e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
267324e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
267424e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
267524e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
267624e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
267724e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
267824e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
267924e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
268024e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
268124e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
268224e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
268324e4.25a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
268424e4.25a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
268524e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff998ab0000 LB 0x00081000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [fFlags=0x0]
268624e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
268724e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff998470000 LB 0x0000f000 C:\WINDOWS\system32\wbem\wbemprox.dll [fFlags=0x0]
268824e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
268924e4.25a8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(API-MS-Win-Core-LocalRegistry-L1-1-0.dll) -> 0x0, fPresent=1
269024e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
269124e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99fcd0000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
269224e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff998470000 'C:\WINDOWS\system32\wbem\wbemprox.dll'
269324e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b1c pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
269424e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002fa5a00
269524e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002fa5a00
269624e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4C70145BD7347C12AB1BF3946D40606389C4D331
269724e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
269824e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
269924e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package01~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll'
270024e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
270124e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
270224e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
270324e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
270424e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
270524e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
270624e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
270724e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
270824e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
270924e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
271024e4.25a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
271124e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff9978f0000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [fFlags=0x0]
271224e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
271324e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9978f0000 'C:\WINDOWS\system32\wbem\wbemsvc.dll'
271424e4.25a8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-0.dll) -> 0x0, fPresent=1
271524e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
271624e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99fcd0000 'api-ms-win-core-localization-l1-2-0.dll'
271724e4.25a8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-1-0.dll) -> 0x0, fPresent=1
271824e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
271924e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99fcd0000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
272024e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b20 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
272124e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002fa5a00
272224e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002fa5a00
272324e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=336CDD3C969CEFC6CE8D502298ED123FE8D2F483
272424e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
272524e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
272624e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package01~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll'
272724e4.25a8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
272824e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
272924e4.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'wbemcomn.dll'.
273024e4.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
273124e4.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
273224e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
273324e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
273424e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
273524e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
273624e4.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
273724e4.25a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
273824e4.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
273924e4.25a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
274024e4.25a8: supR3HardenedDllNotificationCallback: load 00007ff9974f0000 LB 0x000f0000 C:\WINDOWS\system32\wbem\fastprox.dll [fFlags=0x0]
274124e4.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
274224e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9974f0000 'C:\WINDOWS\system32\wbem\fastprox.dll'
274324e4.520: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
274424e4.520: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
274524e4.520: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
274624e4.520: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
274724e4.520: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
274824e4.520: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
274924e4.520: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
275024e4.520: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
275124e4.520: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
275224e4.520: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
275324e4.520: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
275424e4.520: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
275524e4.520: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
275624e4.520: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
275724e4.520: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
275824e4.520: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll
275924e4.520: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
276024e4.520: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
276124e4.520: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
276224e4.520: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
276324e4.520: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
276424e4.520: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
276524e4.520: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
276624e4.520: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
276724e4.520: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
276824e4.520: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
276924e4.520: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
277024e4.520: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll
277124e4.520: supR3HardenedDllNotificationCallback: load 000000006bd10000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
277224e4.520: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll
277324e4.520: supR3HardenedDllNotificationCallback: load 00007ff96a930000 LB 0x002c9000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
277424e4.520: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
277524e4.520: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96a930000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
277624e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
277724e4.3abc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c34 pwszName=\Device\HarddiskVolume3\Windows\System32\NetSetupShim.dll
277824e4.3abc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002fa5a00
277924e4.3abc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002fa5a00
278024e4.3abc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F30E80B88384D221750DC79ADCE84BDFB8A5A73A
278124e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
278224e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
278324e4.3abc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00111~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume3\Windows\System32\NetSetupShim.dll'
278424e4.3abc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
278524e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
278624e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
278724e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'oleaut32.dll'.
278824e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'ws2_32.dll'.
278924e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'netsetupapi.dll'.
279024e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'setupapi.dll'.
279124e4.3abc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\NetSetupShim.dll) WinVerifyTrust
279224e4.3abc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\NetSetupShim.dll
279324e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
279424e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
279524e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
279624e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
279724e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
279824e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'rpcrt4.dll'.
279924e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'cfgmgr32.dll'.
280024e4.3abc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\setupapi.dll) WinVerifyTrust
280124e4.3abc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\setupapi.dll
280224e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netsetupapi.dll'...
280324e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'netsetupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\netsetupapi.dll' [rcNtRedir=0xc0150008]
280424e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
280524e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
280624e4.3abc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
280724e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
280824e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
280924e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
281024e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
281124e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
281224e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
281324e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
281424e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
281524e4.3abc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\NetSetupApi.dll) WinVerifyTrust
281624e4.3abc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\NetSetupApi.dll
281724e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
281824e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
281924e4.3abc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
282024e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
282124e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
282224e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
282324e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
282424e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
282524e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
282624e4.3abc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
282724e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
282824e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
282924e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
283024e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
283124e4.3abc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\NetSetupShim.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
283224e4.3abc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\NetSetupShim.dll
283324e4.3abc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\NetSetupApi.dll
283424e4.3abc: supR3HardenedDllNotificationCallback: load 00007ff998510000 LB 0x00026000 C:\Windows\System32\NetSetupApi.dll [fFlags=0x0]
283524e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\NetSetupApi.dll
283624e4.3abc: supR3HardenedDllNotificationCallback: load 00007ff9a0d60000 LB 0x0044e000 C:\WINDOWS\System32\setupapi.dll [fFlags=0x0]
283724e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
283824e4.3abc: supR3HardenedDllNotificationCallback: load 00007ff998360000 LB 0x0007d000 C:\Windows\System32\NetSetupShim.dll [fFlags=0x0]
283924e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\NetSetupShim.dll
284024e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff998360000 'C:\Windows\System32\NetSetupShim.dll'
284124e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
284224e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
284324e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
284424e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'.
284524e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'nsi.dll'.
284624e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'winnsi.dll'.
284724e4.3abc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\NetSetupEngine.dll) WinVerifyTrust
284824e4.3abc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\NetSetupEngine.dll
284924e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
285024e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
285124e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
285224e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
285324e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
285424e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'nsi.dll'.
285524e4.3abc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winnsi.dll) WinVerifyTrust
285624e4.3abc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winnsi.dll
285724e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
285824e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
285924e4.3abc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll
286024e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
286124e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
286224e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
286324e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
286424e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
286524e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
286624e4.3abc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll
286724e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
286824e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
286924e4.3abc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\NetSetupEngine.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
287024e4.3abc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\NetSetupEngine.dll
287124e4.3abc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winnsi.dll
287224e4.3abc: supR3HardenedDllNotificationCallback: load 00007ff99bd00000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\WINNSI.DLL [fFlags=0x0]
287324e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winnsi.dll
287424e4.3abc: supR3HardenedDllNotificationCallback: load 00007ff97a780000 LB 0x000c1000 C:\Windows\System32\NetSetupEngine.dll [fFlags=0x0]
287524e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\NetSetupEngine.dll
287624e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff97a780000 'C:\Windows\System32\NetSetupEngine.dll'
287724e4.3abc: supR3HardenedDllNotificationCallback: Unload 00007ff97a780000 LB 0x000c1000 C:\Windows\System32\NetSetupEngine.dll [flags=0x0]
287824e4.3abc: supR3HardenedDllNotificationCallback: Unload 00007ff99bd00000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\WINNSI.DLL [flags=0x0]
287924e4.3908: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
288024e4.3908: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
288124e4.3908: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
288224e4.3908: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
288324e4.3908: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
288424e4.3908: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
288524e4.3908: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
288624e4.3908: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
288724e4.3908: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
288824e4.3908: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
288924e4.3908: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
289024e4.3908: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
289124e4.3908: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
289224e4.3908: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
289324e4.3908: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
289424e4.3908: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
289524e4.3908: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
289624e4.3908: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
289724e4.3908: supR3HardenedDllNotificationCallback: load 00007ff99d980000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
289824e4.3908: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
289924e4.3908: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99d980000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
290024e4.3908: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a1670000 'C:\WINDOWS\system32\User32.dll'
290124e4.1b04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
290224e4.1b04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
290324e4.1b04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
290424e4.1b04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
290524e4.1b04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
290624e4.1b04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
290724e4.1b04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
290824e4.1b04: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
290924e4.1b04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
291024e4.1b04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
291124e4.1b04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
291224e4.1b04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
291324e4.1b04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
291424e4.1b04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
291524e4.1b04: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
291624e4.1b04: supR3HardenedDllNotificationCallback: load 00007ff99d970000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
291724e4.1b04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
291824e4.1b04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99d970000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
291924e4.898: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
292024e4.898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
292124e4.898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
292224e4.898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
292324e4.898: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
292424e4.898: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
292524e4.898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
292624e4.898: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
292724e4.898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
292824e4.898: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
292924e4.898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
293024e4.898: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
293124e4.898: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
293224e4.898: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
293324e4.898: supR3HardenedDllNotificationCallback: load 00007ff99d880000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
293424e4.898: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
293524e4.898: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99d880000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
293624e4.2774: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
293724e4.2774: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
293824e4.2774: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
293924e4.2774: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
294024e4.2774: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
294124e4.2774: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
294224e4.2774: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
294324e4.2774: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
294424e4.2774: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
294524e4.2774: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
294624e4.2774: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
294724e4.2774: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
294824e4.2774: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
294924e4.2774: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
295024e4.2774: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
295124e4.2774: supR3HardenedDllNotificationCallback: load 00007ff99d870000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
295224e4.2774: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
295324e4.2774: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99d870000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
295424e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a2120000 'C:\WINDOWS\system32\Shell32.dll'
295524e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
295624e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
295724e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
295824e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
295924e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
296024e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
296124e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
296224e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
296324e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
296424e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
296524e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
296624e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
296724e4.3abc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
296824e4.3abc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
296924e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
297024e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
297124e4.3abc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
297224e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
297324e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
297424e4.3abc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
297524e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
297624e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
297724e4.3abc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
297824e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
297924e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
298024e4.3abc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
298124e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
298224e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
298324e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
298424e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
298524e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
298624e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
298724e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
298824e4.3abc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
298924e4.3abc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
299024e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
299124e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
299224e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
299324e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
299424e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
299524e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
299624e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
299724e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
299824e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
299924e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
300024e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
300124e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
300224e4.3abc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
300324e4.3abc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
300424e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
300524e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
300624e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
300724e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
300824e4.3abc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
300924e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
301024e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
301124e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
301224e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
301324e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
301424e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
301524e4.3abc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
301624e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
301724e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
301824e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
301924e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
302024e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
302124e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
302224e4.3abc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
302324e4.3abc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
302424e4.3abc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
302524e4.3abc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
302624e4.3abc: supR3HardenedDllNotificationCallback: load 00007ff94a970000 LB 0x00063000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
302724e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
302824e4.3abc: supR3HardenedDllNotificationCallback: load 00007ff993790000 LB 0x0005d000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
302924e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
303024e4.3abc: supR3HardenedDllNotificationCallback: load 00007ff95d3b0000 LB 0x009c3000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
303124e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
303224e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff95d3b0000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
303324e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
303424e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
303524e4.3abc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
303624e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff93ec60000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
303724e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
303824e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
303924e4.3abc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
304024e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff993790000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
304124e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
304224e4.38b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
304324e4.38b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
304424e4.38b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
304524e4.38b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
304624e4.38b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
304724e4.38b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
304824e4.38b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
304924e4.38b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
305024e4.38b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
305124e4.38b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
305224e4.38b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
305324e4.38b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
305424e4.38b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
305524e4.38b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
305624e4.38b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
305724e4.38b4: supR3HardenedDllNotificationCallback: load 00007ff99d550000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
305824e4.38b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
305924e4.38b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99d550000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
306024e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
306124e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
306224e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
306324e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
306424e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'devobj.dll'.
306524e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'propsys.dll'.
306624e4.3abc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll) WinVerifyTrust
306724e4.3abc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
306824e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
306924e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume3\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
307024e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
307124e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
307224e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
307324e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'oleaut32.dll'.
307424e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'rpcrt4.dll'.
307524e4.3abc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\propsys.dll) WinVerifyTrust
307624e4.3abc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\propsys.dll
307724e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
307824e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume3\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
307924e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
308024e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
308124e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
308224e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
308324e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
308424e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
308524e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
308624e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
308724e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'cfgmgr32.dll'.
308824e4.3abc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\devobj.dll) WinVerifyTrust
308924e4.3abc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\devobj.dll
309024e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
309124e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
309224e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
309324e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
309424e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
309524e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
309624e4.3abc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
309724e4.3abc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
309824e4.3abc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
309924e4.3abc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devobj.dll
310024e4.3abc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\propsys.dll
310124e4.3abc: supR3HardenedDllNotificationCallback: load 00007ff99f7a0000 LB 0x00027000 C:\WINDOWS\System32\DEVOBJ.dll [fFlags=0x0]
310224e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devobj.dll
310324e4.3abc: supR3HardenedDllNotificationCallback: load 00007ff99b080000 LB 0x001b1000 C:\WINDOWS\System32\PROPSYS.dll [fFlags=0x0]
310424e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\propsys.dll
310524e4.3abc: supR3HardenedDllNotificationCallback: load 00007ff9983e0000 LB 0x0006f000 C:\WINDOWS\System32\MMDevApi.dll [fFlags=0x0]
310624e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
310724e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9983e0000 'C:\WINDOWS\System32\MMDevApi.dll'
310824e4.3abc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e7c pwszName=\Device\HarddiskVolume3\Windows\System32\dsound.dll
310924e4.3abc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002fa5a00
311024e4.3abc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002fa5a00
311124e4.3abc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=149E0A5A40CD1471B9EF3D3043A8C754805FEC76
311224e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
311324e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
311424e4.3abc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume3\Windows\System32\dsound.dll'
311524e4.3abc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
311624e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
311724e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'winmm.dll'.
311824e4.3abc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dsound.dll) WinVerifyTrust
311924e4.3abc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dsound.dll
312024e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
312124e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
312224e4.3abc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
312324e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
312424e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
312524e4.3abc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
312624e4.3abc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
312724e4.3abc: supR3HardenedDllNotificationCallback: load 00007ff9826e0000 LB 0x0008f000 C:\WINDOWS\System32\dsound.dll [fFlags=0x0]
312824e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
312924e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
313024e4.3abc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
313124e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9826e0000 'C:\WINDOWS\System32\dsound.dll'
313224e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9826e0000 'C:\WINDOWS\System32\dsound.dll'
313324e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
313424e4.3abc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
313524e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9826e0000 'C:\WINDOWS\system32\dsound.dll'
313624e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
313724e4.3abc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
313824e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9983e0000 'C:\WINDOWS\System32\MMDEVAPI.DLL'
313924e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
314024e4.3abc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
314124e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9956c0000 'C:\WINDOWS\System32\winmm.dll'
314224e4.3abc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000fa0 pwszName=\Device\HarddiskVolume3\Windows\System32\wdmaud.drv
314324e4.3abc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002fa5a00
314424e4.3abc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002fa5a00
314524e4.3abc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=47392EB8EC6AC07C788B971D8BB592B6FD619920
314624e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
314724e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
314824e4.3abc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume3\Windows\System32\wdmaud.drv'
314924e4.3abc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
315024e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
315124e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'mmdevapi.dll'.
315224e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'ksuser.dll'.
315324e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'avrt.dll'.
315424e4.3abc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wdmaud.drv) WinVerifyTrust
315524e4.3abc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
315624e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
315724e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
315824e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
315924e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
316024e4.3abc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\avrt.dll) WinVerifyTrust
316124e4.3abc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\avrt.dll
316224e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
316324e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume3\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
316424e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
316524e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
316624e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
316724e4.3abc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ksuser.dll) WinVerifyTrust
316824e4.3abc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ksuser.dll
316924e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
317024e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
317124e4.3abc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
317224e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
317324e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
317424e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
317524e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
317624e4.3abc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
317724e4.3abc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
317824e4.3abc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ksuser.dll
317924e4.3abc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\avrt.dll
318024e4.3abc: supR3HardenedDllNotificationCallback: load 00007ff999510000 LB 0x00009000 C:\WINDOWS\SYSTEM32\ksuser.dll [fFlags=0x0]
318124e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ksuser.dll
318224e4.3abc: supR3HardenedDllNotificationCallback: load 00007ff99a470000 LB 0x0000a000 C:\WINDOWS\SYSTEM32\AVRT.dll [fFlags=0x0]
318324e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\avrt.dll
318424e4.3abc: supR3HardenedDllNotificationCallback: load 00007ff993df0000 LB 0x00042000 C:\WINDOWS\System32\wdmaud.drv [fFlags=0x0]
318524e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
318624e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff993df0000 'C:\WINDOWS\System32\wdmaud.drv'
318724e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
318824e4.3abc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
318924e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff993df0000 'C:\WINDOWS\System32\wdmaud.drv'
319024e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
319124e4.3abc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
319224e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff993df0000 'C:\WINDOWS\System32\wdmaud.drv'
319324e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
319424e4.3abc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
319524e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff993df0000 'C:\WINDOWS\System32\wdmaud.drv'
319624e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
319724e4.3abc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
319824e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff993df0000 'C:\WINDOWS\System32\wdmaud.drv'
319924e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
320024e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
320124e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
320224e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
320324e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'.
320424e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #55 'mmdevapi.dll'.
320524e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #56 'avrt.dll'.
320624e4.3abc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\AudioSes.dll) WinVerifyTrust
320724e4.3abc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\AudioSes.dll
320824e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
320924e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
321024e4.3abc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\avrt.dll
321124e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
321224e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
321324e4.3abc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
321424e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
321524e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
321624e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
321724e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
321824e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
321924e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
322024e4.3abc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
322124e4.3abc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
322224e4.3abc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\AudioSes.dll
322324e4.3abc: supR3HardenedDllNotificationCallback: load 00007ff995740000 LB 0x00122000 C:\WINDOWS\System32\AUDIOSES.DLL [fFlags=0x0]
322424e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\AudioSes.dll
322524e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff995740000 'C:\WINDOWS\System32\AUDIOSES.DLL'
322624e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
322724e4.3abc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
322824e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff993df0000 'C:\WINDOWS\System32\wdmaud.drv'
322924e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
323024e4.3abc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
323124e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff993df0000 'C:\WINDOWS\System32\wdmaud.drv'
323224e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff993df0000 'C:\WINDOWS\System32\wdmaud.drv'
323324e4.3abc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d4 pwszName=\Device\HarddiskVolume3\Windows\System32\msacm32.drv
323424e4.3abc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002fa5a00
323524e4.3abc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002fa5a00
323624e4.3abc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8069FA07F8A743E03BD7E2DA392DE4429701D8E6
323724e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
323824e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
323924e4.3abc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume3\Windows\System32\msacm32.drv'
324024e4.3abc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
324124e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
324224e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'mmdevapi.dll'.
324324e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'msacm32.dll'.
324424e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'winmmbase.dll'.
324524e4.3abc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msacm32.drv) WinVerifyTrust
324624e4.3abc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msacm32.drv
324724e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
324824e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
324924e4.3abc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmmbase.dll [redoing WinVerifyTrust]
325024e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
325124e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
325224e4.3abc: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'
325324e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
325424e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
325524e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
325624e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
325724e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
325824e4.3abc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msacm32.dll) WinVerifyTrust
325924e4.3abc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msacm32.dll
326024e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
326124e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
326224e4.3abc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
326324e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
326424e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
326524e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
326624e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
326724e4.3abc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
326824e4.3abc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
326924e4.3abc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.dll
327024e4.3abc: supR3HardenedDllNotificationCallback: load 00007ff995f50000 LB 0x0001c000 C:\WINDOWS\SYSTEM32\MSACM32.dll [fFlags=0x0]
327124e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.dll
327224e4.3abc: supR3HardenedDllNotificationCallback: load 00007ff9960c0000 LB 0x0000c000 C:\WINDOWS\System32\msacm32.drv [fFlags=0x0]
327324e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
327424e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9960c0000 'C:\WINDOWS\System32\msacm32.drv'
327524e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
327624e4.3abc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
327724e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9960c0000 'C:\WINDOWS\System32\msacm32.drv'
327824e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
327924e4.3abc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
328024e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9960c0000 'C:\WINDOWS\System32\msacm32.drv'
328124e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
328224e4.3abc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
328324e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9960c0000 'C:\WINDOWS\System32\msacm32.drv'
328424e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
328524e4.3abc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
328624e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9960c0000 'C:\WINDOWS\System32\msacm32.drv'
328724e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
328824e4.3abc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
328924e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9960c0000 'C:\WINDOWS\System32\msacm32.drv'
329024e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
329124e4.3abc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
329224e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9960c0000 'C:\WINDOWS\System32\msacm32.drv'
329324e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9960c0000 'C:\WINDOWS\System32\msacm32.drv'
329424e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9960c0000 'C:\WINDOWS\System32\msacm32.drv'
329524e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9960c0000 'C:\WINDOWS\System32\msacm32.drv'
329624e4.3abc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ff4 pwszName=\Device\HarddiskVolume3\Windows\System32\midimap.dll
329724e4.3abc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002fa5a00
329824e4.3abc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002fa5a00
329924e4.3abc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=725292B88FCE45C617EE0258A333B14CA2D7EF04
330024e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99edd0000 'C:\WINDOWS\system32\rsaenh.dll'
330124e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a0940000 'C:\WINDOWS\System32\crypt32.dll'
330224e4.3abc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume3\Windows\System32\midimap.dll'
330324e4.3abc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
330424e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
330524e4.3abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'winmm.dll'.
330624e4.3abc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\midimap.dll) WinVerifyTrust
330724e4.3abc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\midimap.dll
330824e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
330924e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
331024e4.3abc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
331124e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
331224e4.3abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
331324e4.3abc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
331424e4.3abc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
331524e4.3abc: supR3HardenedDllNotificationCallback: load 00007ff995f40000 LB 0x0000a000 C:\WINDOWS\System32\midimap.dll [fFlags=0x0]
331624e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
331724e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff995f40000 'C:\WINDOWS\System32\midimap.dll'
331824e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
331924e4.3abc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
332024e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff995f40000 'C:\WINDOWS\System32\midimap.dll'
332124e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
332224e4.3abc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
332324e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff995f40000 'C:\WINDOWS\System32\midimap.dll'
332424e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
332524e4.3abc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
332624e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff995f40000 'C:\WINDOWS\System32\midimap.dll'
332724e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9956c0000 'C:\WINDOWS\System32\winmm.dll'
332824e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9956c0000 'C:\WINDOWS\System32\winmm.dll'
332924e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9956c0000 'C:\WINDOWS\System32\winmm.dll'
333024e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9956c0000 'C:\WINDOWS\System32\winmm.dll'
333124e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9956c0000 'C:\WINDOWS\System32\winmm.dll'
333224e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9956c0000 'C:\WINDOWS\System32\winmm.dll'
333324e4.3abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
333424e4.3abc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
333524e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9826e0000 'C:\WINDOWS\system32\dsound.dll'
333624e4.3abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9956c0000 'C:\WINDOWS\System32\winmm.dll'
333724e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a2120000 'C:\WINDOWS\system32\shell32.dll'
333824e4.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a2120000 'C:\WINDOWS\system32\shell32.dll'
333924e4.38b4: supR3HardenedDllNotificationCallback: Unload 00007ff99d550000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [flags=0x0]
334024e4.2774: supR3HardenedDllNotificationCallback: Unload 00007ff99d870000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [flags=0x0]
334124e4.898: supR3HardenedDllNotificationCallback: Unload 00007ff99d880000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [flags=0x0]
334224e4.1b04: supR3HardenedDllNotificationCallback: Unload 00007ff99d970000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [flags=0x0]
334324e4.3908: supR3HardenedDllNotificationCallback: Unload 00007ff99d980000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [flags=0x0]
334424e4.3abc: supR3HardenedDllNotificationCallback: Unload 00007ff95d3b0000 LB 0x009c3000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [flags=0x0]
334524e4.3abc: supR3HardenedDllNotificationCallback: Unload 00007ff94a970000 LB 0x00063000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [flags=0x0]
334624e4.3abc: supR3HardenedDllNotificationCallback: Unload 00007ff993790000 LB 0x0005d000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [flags=0x0]
334724e4.25a8: supR3HardenedDllNotificationCallback: Unload 00007ff9978f0000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [flags=0x0]
334824e4.25a8: supR3HardenedDllNotificationCallback: Unload 00007ff977820000 LB 0x0004f000 C:\WINDOWS\system32\dataexchange.dll [flags=0x0]
334924e4.25a8: supR3HardenedDllNotificationCallback: Unload 00007ff99c5c0000 LB 0x002e2000 C:\WINDOWS\system32\d3d11.dll [flags=0x0]
335024e4.25a8: supR3HardenedDllNotificationCallback: Unload 00007ff99e800000 LB 0x000af000 C:\WINDOWS\system32\dxgi.dll [flags=0x0]
335124e4.25a8: supR3HardenedDllNotificationCallback: Unload 00007ff99cf60000 LB 0x00142000 C:\WINDOWS\system32\dcomp.dll [flags=0x0]
335224e4.25a8: supR3HardenedDllNotificationCallback: Unload 00007ff99e1a0000 LB 0x0017b000 C:\WINDOWS\system32\twinapi.appcore.dll [flags=0x0]
335324e4.25a8: supR3HardenedDllNotificationCallback: Unload 00007ff99e180000 LB 0x00020000 C:\WINDOWS\system32\RMCLIENT.dll [flags=0x0]
335424e4.25a8: supR3HardenedDllNotificationCallback: Unload 00007ff9974f0000 LB 0x000f0000 C:\WINDOWS\system32\wbem\fastprox.dll [flags=0x0]
335524e4.25a8: supR3HardenedDllNotificationCallback: Unload 00007ff96ace0000 LB 0x000ba000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [flags=0x0]
335624e4.25a8: supR3HardenedDllNotificationCallback: Unload 00007ff998470000 LB 0x0000f000 C:\WINDOWS\system32\wbem\wbemprox.dll [flags=0x0]
335724e4.25a8: supR3HardenedDllNotificationCallback: Unload 00007ff998ab0000 LB 0x00081000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [flags=0x0]
335824e4.25a8: supR3HardenedDllNotificationCallback: Unload 00007ff93ec60000 LB 0x00545000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [flags=0x0]
335924e4.25a8: supR3HardenedDllNotificationCallback: Unload 00007ff998360000 LB 0x0007d000 C:\Windows\System32\NetSetupShim.dll [flags=0x0]
336024e4.25a8: supR3HardenedDllNotificationCallback: Unload 00007ff998510000 LB 0x00026000 C:\Windows\System32\NetSetupApi.dll [flags=0x0]
336124e4.25a8: supR3HardenedDllNotificationCallback: Unload 00007ff9a0d60000 LB 0x0044e000 C:\WINDOWS\System32\setupapi.dll [flags=0x0]
336224e4.25a8: Terminating the normal way: rcExit=0
33633cac.325c: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 55046 ms, the end);
33642c64.2c10: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 56106 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy