VirtualBox

Ticket #18253: CentOS-7-1-2018-12-31-18-17-04.log

File CentOS-7-1-2018-12-31-18-17-04.log, 247.8 KB (added by solan, 6 years ago)
Line 
1b38.3a0: Log file opened: 6.0.0r127566 g_hStartupLog=0000000000000084 g_uNtVerCombined=0xa0456300
2b38.3a0: \SystemRoot\System32\ntdll.dll:
3b38.3a0: CreationTime: 2018-12-27T06:50:18.768983700Z
4b38.3a0: LastWriteTime: 2018-12-27T06:50:18.784618700Z
5b38.3a0: ChangeTime: 2018-12-27T06:51:36.498484200Z
6b38.3a0: FileAttributes: 0x20
7b38.3a0: Size: 0x1e7010
8b38.3a0: NT Headers: 0xe0
9b38.3a0: Timestamp: 0xe8b54827
10b38.3a0: Machine: 0x8664 - amd64
11b38.3a0: Timestamp: 0xe8b54827
12b38.3a0: Image Version: 10.0
13b38.3a0: SizeOfImage: 0x1ed000 (2019328)
14b38.3a0: Resource Dir: 0x17d000 LB 0x6ea08
15b38.3a0: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
16b38.3a0: [Raw version resource data: 0x17d0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
17b38.3a0: ProductName: Microsoft® Windows® Operating System
18b38.3a0: ProductVersion: 10.0.17763.194
19b38.3a0: FileVersion: 10.0.17763.194 (WinBuild.160101.0800)
20b38.3a0: FileDescription: NT Layer DLL
21b38.3a0: \SystemRoot\System32\kernel32.dll:
22b38.3a0: CreationTime: 2018-09-15T07:28:44.342269900Z
23b38.3a0: LastWriteTime: 2018-09-15T07:28:44.342269900Z
24b38.3a0: ChangeTime: 2018-12-27T05:37:55.479116700Z
25b38.3a0: FileAttributes: 0x20
26b38.3a0: Size: 0xb1380
27b38.3a0: NT Headers: 0xe8
28b38.3a0: Timestamp: 0x65614da1
29b38.3a0: Machine: 0x8664 - amd64
30b38.3a0: Timestamp: 0x65614da1
31b38.3a0: Image Version: 10.0
32b38.3a0: SizeOfImage: 0xb3000 (733184)
33b38.3a0: Resource Dir: 0xb1000 LB 0x520
34b38.3a0: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
35b38.3a0: [Raw version resource data: 0xb10b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
36b38.3a0: ProductName: Microsoft® Windows® Operating System
37b38.3a0: ProductVersion: 10.0.17763.1
38b38.3a0: FileVersion: 10.0.17763.1 (WinBuild.160101.0800)
39b38.3a0: FileDescription: Windows NT BASE API Client DLL
40b38.3a0: \SystemRoot\System32\KernelBase.dll:
41b38.3a0: CreationTime: 2018-12-27T06:50:18.519047400Z
42b38.3a0: LastWriteTime: 2018-12-27T06:50:18.534664300Z
43b38.3a0: ChangeTime: 2018-12-27T06:51:36.636329200Z
44b38.3a0: FileAttributes: 0x20
45b38.3a0: Size: 0x293cc8
46b38.3a0: NT Headers: 0xf8
47b38.3a0: Timestamp: 0x1659a33b
48b38.3a0: Machine: 0x8664 - amd64
49b38.3a0: Timestamp: 0x1659a33b
50b38.3a0: Image Version: 10.0
51b38.3a0: SizeOfImage: 0x293000 (2699264)
52b38.3a0: Resource Dir: 0x26f000 LB 0x548
53b38.3a0: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
54b38.3a0: [Raw version resource data: 0x26f0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
55b38.3a0: ProductName: Microsoft® Windows® Operating System
56b38.3a0: ProductVersion: 10.0.17763.134
57b38.3a0: FileVersion: 10.0.17763.134 (WinBuild.160101.0800)
58b38.3a0: FileDescription: Windows NT BASE API Client DLL
59b38.3a0: \SystemRoot\System32\apisetschema.dll:
60b38.3a0: CreationTime: 2018-09-15T07:28:25.403122600Z
61b38.3a0: LastWriteTime: 2018-09-15T07:28:25.403122600Z
62b38.3a0: ChangeTime: 2018-12-27T21:36:23.404060600Z
63b38.3a0: FileAttributes: 0x20
64b38.3a0: Size: 0x1c738
65b38.3a0: NT Headers: 0xd0
66b38.3a0: Timestamp: 0x33775897
67b38.3a0: Machine: 0x8664 - amd64
68b38.3a0: Timestamp: 0x33775897
69b38.3a0: Image Version: 10.0
70b38.3a0: SizeOfImage: 0x1d000 (118784)
71b38.3a0: Resource Dir: 0x1c000 LB 0x408
72b38.3a0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
73b38.3a0: [Raw version resource data: 0x1c060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
74b38.3a0: ProductName: Microsoft® Windows® Operating System
75b38.3a0: ProductVersion: 10.0.17763.1
76b38.3a0: FileVersion: 10.0.17763.1 (WinBuild.160101.0800)
77b38.3a0: FileDescription: ApiSet Schema DLL
78b38.3a0: NtOpenDirectoryObject failed on \Driver: 0xc0000022
79b38.3a0: supR3HardenedWinFindAdversaries: 0x0
80b38.3a0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
81b38.3a0: Calling main()
82b38.3a0: SUPR3HardenedMain: pszProgName=VBoxHeadless fFlags=0x0
83b38.3a0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
84b38.3a0: SUPR3HardenedMain: Respawn #1
85b38.3a0: System32: \Device\HarddiskVolume3\Windows\System32
86b38.3a0: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
87b38.3a0: KnownDllPath: C:\Windows\System32
88b38.3a0: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
89b38.3a0: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe)
90b38.3a0: supR3HardNtEnableThreadCreation:
91b38.3a0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffa75d85640 pvNtTerminateThread=00007ffa75db00b0
92b38.3a0: supR3HardenedWinDoReSpawn(1): New child 1424.26a0 [kernel32].
93b38.3a0: supR3HardNtChildGatherData: PebBaseAddress=00000000003b2000 cbPeb=0x388
94b38.3a0: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffa75d10000 uNtDllChildAddr=00007ffa75d10000
95b38.3a0: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffa75d85640
96b38.3a0: supR3HardenedWinSetupChildInit: Start child.
97b38.3a0: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
98b38.3a0: supR3HardNtChildPurify: Startup delay kludge #1/0: 270 ms, 17 sleeps
99b38.3a0: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
100b38.3a0: *0000000000000000-00000000000effff 0x0001/0x0000 0x0000000
101b38.3a0: *00000000000f0000-000000000010ffff 0x0004/0x0004 0x0020000
102b38.3a0: *0000000000110000-0000000000129fff 0x0002/0x0002 0x0040000
103b38.3a0: 000000000012a000-000000000012ffff 0x0001/0x0000 0x0000000
104b38.3a0: *0000000000130000-0000000000133fff 0x0002/0x0002 0x0040000
105b38.3a0: 0000000000134000-000000000013ffff 0x0001/0x0000 0x0000000
106b38.3a0: *0000000000140000-0000000000141fff 0x0004/0x0004 0x0020000
107b38.3a0: 0000000000142000-00000000001fffff 0x0001/0x0000 0x0000000
108b38.3a0: *0000000000200000-00000000003b1fff 0x0000/0x0004 0x0020000
109b38.3a0: 00000000003b2000-00000000003b4fff 0x0004/0x0004 0x0020000
110b38.3a0: 00000000003b5000-00000000003fffff 0x0000/0x0004 0x0020000
111b38.3a0: *0000000000400000-00000000004fafff 0x0000/0x0004 0x0020000
112b38.3a0: 00000000004fb000-00000000004fdfff 0x0104/0x0004 0x0020000
113b38.3a0: 00000000004fe000-00000000004fffff 0x0004/0x0004 0x0020000
114b38.3a0: 0000000000500000-000000007ffdffff 0x0001/0x0000 0x0000000
115b38.3a0: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
116b38.3a0: 000000007ffe1000-000000007ffebfff 0x0001/0x0000 0x0000000
117b38.3a0: *000000007ffec000-000000007ffecfff 0x0002/0x0002 0x0020000
118b38.3a0: 000000007ffed000-00007ff55105ffff 0x0001/0x0000 0x0000000
119b38.3a0: *00007ff551060000-00007ff551060fff 0x0002/0x0002 0x0040000
120b38.3a0: 00007ff551061000-00007ff55106ffff 0x0001/0x0000 0x0000000
121b38.3a0: *00007ff551070000-00007ff5510a2fff 0x0002/0x0002 0x0040000
122b38.3a0: 00007ff5510a3000-00007ff71627ffff 0x0001/0x0000 0x0000000
123b38.3a0: *00007ff716280000-00007ff716280fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
124b38.3a0: 00007ff716281000-00007ff7162f3fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
125b38.3a0: 00007ff7162f4000-00007ff7162f4fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
126b38.3a0: 00007ff7162f5000-00007ff71633bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
127b38.3a0: 00007ff71633c000-00007ff71633cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
128b38.3a0: 00007ff71633d000-00007ff71633dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
129b38.3a0: 00007ff71633e000-00007ff716342fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
130b38.3a0: 00007ff716343000-00007ff716343fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
131b38.3a0: 00007ff716344000-00007ff716344fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
132b38.3a0: 00007ff716345000-00007ff716348fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
133b38.3a0: 00007ff716349000-00007ff716391fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
134b38.3a0: 00007ff716392000-00007ffa75d0ffff 0x0001/0x0000 0x0000000
135b38.3a0: *00007ffa75d10000-00007ffa75d10fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
136b38.3a0: 00007ffa75d11000-00007ffa75e27fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
137b38.3a0: 00007ffa75e28000-00007ffa75e6efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
138b38.3a0: 00007ffa75e6f000-00007ffa75e79fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
139b38.3a0: 00007ffa75e7a000-00007ffa75e87fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
140b38.3a0: 00007ffa75e88000-00007ffa75e88fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
141b38.3a0: 00007ffa75e89000-00007ffa75e8bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
142b38.3a0: 00007ffa75e8c000-00007ffa75efcfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
143b38.3a0: 00007ffa75efd000-00007ffffffeffff 0x0001/0x0000 0x0000000
144b38.3a0: VBoxHeadless.exe: timestamp 0x5c18e1cd (rc=VINF_SUCCESS)
145b38.3a0: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
146b38.3a0: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
147b38.3a0: supR3HardNtChildPurify: Done after 301 ms and 0 fixes (loop #0).
1481424.26a0: Log file opened: 6.0.0r127566 g_hStartupLog=0000000000000008 g_uNtVerCombined=0xa0456300
1491424.26a0: supR3HardenedVmProcessInit: uNtDllAddr=00007ffa75d10000 g_uNtVerCombined=0xa0456300
150b38.3a0: supR3HardNtEnableThreadCreation:
1511424.26a0: ntdll.dll: timestamp 0xe8b54827 (rc=VINF_SUCCESS)
1521424.26a0: New simple heap: #1 0000000000600000 LB 0x400000 (for 2019328 allocation)
1531424.26a0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
1541424.26a0: System32: \Device\HarddiskVolume3\Windows\System32
1551424.26a0: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
1561424.26a0: KnownDllPath: C:\Windows\System32
1571424.26a0: supR3HardenedVmProcessInit: Opening vboxdrv stub...
1581424.26a0: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
1591424.26a0: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
1601424.26a0: Registered Dll notification callback with NTDLL.
1611424.26a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
1621424.26a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
1631424.26a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
1641424.26a0: supR3HardenedDllNotificationCallback: load 00007ffa72980000 LB 0x00293000 C:\Windows\System32\KERNELBASE.dll [fFlags=0x0]
1651424.26a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
1661424.26a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
1671424.26a0: supR3HardenedDllNotificationCallback: load 00007ffa75830000 LB 0x000b3000 C:\Windows\System32\KERNEL32.DLL [fFlags=0x0]
1681424.26a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
1691424.26a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa75830000 'C:\Windows\System32\KERNEL32.DLL'
1701424.26a0: supR3HardenedDllNotificationCallback: load 00007ff716280000 LB 0x00112000 D:\Program Files\Oracle\VirtualBox\VBoxHeadless.exe [fFlags=0x0]
1711424.26a0: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
1721424.26a0: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe)
1731424.26a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
1741424.26a0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffa75d85640 pvNtTerminateThread=00007ffa75db00b0
175b38.3a0: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 65 ms.
1761424.26a0: \SystemRoot\System32\ntdll.dll:
1771424.26a0: CreationTime: 2018-12-27T06:50:18.768983700Z
1781424.26a0: LastWriteTime: 2018-12-27T06:50:18.784618700Z
1791424.26a0: ChangeTime: 2018-12-27T06:51:36.498484200Z
1801424.26a0: FileAttributes: 0x20
1811424.26a0: Size: 0x1e7010
1821424.26a0: NT Headers: 0xe0
1831424.26a0: Timestamp: 0xe8b54827
1841424.26a0: Machine: 0x8664 - amd64
1851424.26a0: Timestamp: 0xe8b54827
1861424.26a0: Image Version: 10.0
1871424.26a0: SizeOfImage: 0x1ed000 (2019328)
1881424.26a0: Resource Dir: 0x17d000 LB 0x6ea08
1891424.26a0: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
1901424.26a0: [Raw version resource data: 0x17d0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
1911424.26a0: ProductName: Microsoft® Windows® Operating System
1921424.26a0: ProductVersion: 10.0.17763.194
1931424.26a0: FileVersion: 10.0.17763.194 (WinBuild.160101.0800)
1941424.26a0: FileDescription: NT Layer DLL
1951424.26a0: \SystemRoot\System32\kernel32.dll:
1961424.26a0: CreationTime: 2018-09-15T07:28:44.342269900Z
1971424.26a0: LastWriteTime: 2018-09-15T07:28:44.342269900Z
1981424.26a0: ChangeTime: 2018-12-27T05:37:55.479116700Z
1991424.26a0: FileAttributes: 0x20
2001424.26a0: Size: 0xb1380
2011424.26a0: NT Headers: 0xe8
2021424.26a0: Timestamp: 0x65614da1
2031424.26a0: Machine: 0x8664 - amd64
2041424.26a0: Timestamp: 0x65614da1
2051424.26a0: Image Version: 10.0
2061424.26a0: SizeOfImage: 0xb3000 (733184)
2071424.26a0: Resource Dir: 0xb1000 LB 0x520
2081424.26a0: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
2091424.26a0: [Raw version resource data: 0xb10b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
2101424.26a0: ProductName: Microsoft® Windows® Operating System
2111424.26a0: ProductVersion: 10.0.17763.1
2121424.26a0: FileVersion: 10.0.17763.1 (WinBuild.160101.0800)
2131424.26a0: FileDescription: Windows NT BASE API Client DLL
2141424.26a0: \SystemRoot\System32\KernelBase.dll:
2151424.26a0: CreationTime: 2018-12-27T06:50:18.519047400Z
2161424.26a0: LastWriteTime: 2018-12-27T06:50:18.534664300Z
2171424.26a0: ChangeTime: 2018-12-27T06:51:36.636329200Z
2181424.26a0: FileAttributes: 0x20
2191424.26a0: Size: 0x293cc8
2201424.26a0: NT Headers: 0xf8
2211424.26a0: Timestamp: 0x1659a33b
2221424.26a0: Machine: 0x8664 - amd64
2231424.26a0: Timestamp: 0x1659a33b
2241424.26a0: Image Version: 10.0
2251424.26a0: SizeOfImage: 0x293000 (2699264)
2261424.26a0: Resource Dir: 0x26f000 LB 0x548
2271424.26a0: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
2281424.26a0: [Raw version resource data: 0x26f0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
2291424.26a0: ProductName: Microsoft® Windows® Operating System
2301424.26a0: ProductVersion: 10.0.17763.134
2311424.26a0: FileVersion: 10.0.17763.134 (WinBuild.160101.0800)
2321424.26a0: FileDescription: Windows NT BASE API Client DLL
2331424.26a0: \SystemRoot\System32\apisetschema.dll:
2341424.26a0: CreationTime: 2018-09-15T07:28:25.403122600Z
2351424.26a0: LastWriteTime: 2018-09-15T07:28:25.403122600Z
2361424.26a0: ChangeTime: 2018-12-27T21:36:23.404060600Z
2371424.26a0: FileAttributes: 0x20
2381424.26a0: Size: 0x1c738
2391424.26a0: NT Headers: 0xd0
2401424.26a0: Timestamp: 0x33775897
2411424.26a0: Machine: 0x8664 - amd64
2421424.26a0: Timestamp: 0x33775897
2431424.26a0: Image Version: 10.0
2441424.26a0: SizeOfImage: 0x1d000 (118784)
2451424.26a0: Resource Dir: 0x1c000 LB 0x408
2461424.26a0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
2471424.26a0: [Raw version resource data: 0x1c060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
2481424.26a0: ProductName: Microsoft® Windows® Operating System
2491424.26a0: ProductVersion: 10.0.17763.1
2501424.26a0: FileVersion: 10.0.17763.1 (WinBuild.160101.0800)
2511424.26a0: FileDescription: ApiSet Schema DLL
2521424.26a0: NtOpenDirectoryObject failed on \Driver: 0xc0000022
2531424.26a0: supR3HardenedWinFindAdversaries: 0x0
2541424.26a0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
2551424.26a0: Calling main()
2561424.26a0: SUPR3HardenedMain: pszProgName=VBoxHeadless fFlags=0x0
2571424.26a0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
2581424.26a0: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
2591424.26a0: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe)
2601424.26a0: SUPR3HardenedMain: Respawn #2
2611424.26a0: supR3HardNtEnableThreadCreation:
2621424.26a0: supR3HardenedDllNotificationCallback: load 00007ffa72fd0000 LB 0x00122000 C:\Windows\System32\RPCRT4.dll [fFlags=0x0]
2631424.26a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll)
2641424.26a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
2651424.26a0: supR3HardenedDllNotificationCallback: load 00007ffa755c0000 LB 0x0009e000 C:\Windows\System32\sechost.dll [fFlags=0x0]
2661424.26a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
2671424.26a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\sechost.dll)
2681424.26a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sechost.dll
2691424.26a0: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
2701424.26a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntdll.dll)
2711424.26a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2721424.26a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2731424.26a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2741424.26a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
2751424.26a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
2761424.26a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa75d10000 'C:\Windows\System32\ntdll.dll'
2771424.26a0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffa75d85640 pvNtTerminateThread=00007ffa75db00b0
2781424.26a0: supR3HardenedWinDoReSpawn(2): New child 1ed4.2218 [kernel32].
2791424.26a0: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
2801424.26a0: supR3HardNtChildGatherData: PebBaseAddress=0000000000a89000 cbPeb=0x388
2811424.26a0: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffa75d10000 uNtDllChildAddr=00007ffa75d10000
2821424.26a0: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffa75d85640
2831424.26a0: supR3HardenedWinSetupChildInit: Start child.
2841424.26a0: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
2851424.26a0: supR3HardNtChildPurify: Startup delay kludge #1/0: 260 ms, 17 sleeps
2861424.26a0: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
2871424.26a0: *0000000000000000-000000000092ffff 0x0001/0x0000 0x0000000
2881424.26a0: *0000000000930000-000000000094ffff 0x0004/0x0004 0x0020000
2891424.26a0: *0000000000950000-0000000000969fff 0x0002/0x0002 0x0040000
2901424.26a0: 000000000096a000-000000000096ffff 0x0001/0x0000 0x0000000
2911424.26a0: *0000000000970000-0000000000973fff 0x0002/0x0002 0x0040000
2921424.26a0: 0000000000974000-000000000097ffff 0x0001/0x0000 0x0000000
2931424.26a0: *0000000000980000-0000000000981fff 0x0004/0x0004 0x0020000
2941424.26a0: 0000000000982000-00000000009fffff 0x0001/0x0000 0x0000000
2951424.26a0: *0000000000a00000-0000000000a88fff 0x0000/0x0004 0x0020000
2961424.26a0: 0000000000a89000-0000000000a8bfff 0x0004/0x0004 0x0020000
2971424.26a0: 0000000000a8c000-0000000000bfffff 0x0000/0x0004 0x0020000
2981424.26a0: *0000000000c00000-0000000000cfafff 0x0000/0x0004 0x0020000
2991424.26a0: 0000000000cfb000-0000000000cfdfff 0x0104/0x0004 0x0020000
3001424.26a0: 0000000000cfe000-0000000000cfffff 0x0004/0x0004 0x0020000
3011424.26a0: 0000000000d00000-000000007ffdffff 0x0001/0x0000 0x0000000
3021424.26a0: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
3031424.26a0: 000000007ffe1000-000000007ffebfff 0x0001/0x0000 0x0000000
3041424.26a0: *000000007ffec000-000000007ffecfff 0x0002/0x0002 0x0020000
3051424.26a0: 000000007ffed000-00007ff574baffff 0x0001/0x0000 0x0000000
3061424.26a0: *00007ff574bb0000-00007ff574bb0fff 0x0002/0x0002 0x0040000
3071424.26a0: 00007ff574bb1000-00007ff574bbffff 0x0001/0x0000 0x0000000
3081424.26a0: *00007ff574bc0000-00007ff574bf2fff 0x0002/0x0002 0x0040000
3091424.26a0: 00007ff574bf3000-00007ff71627ffff 0x0001/0x0000 0x0000000
3101424.26a0: *00007ff716280000-00007ff716280fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
3111424.26a0: 00007ff716281000-00007ff7162f3fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
3121424.26a0: 00007ff7162f4000-00007ff7162f4fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
3131424.26a0: 00007ff7162f5000-00007ff71633bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
3141424.26a0: 00007ff71633c000-00007ff71633cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
3151424.26a0: 00007ff71633d000-00007ff71633dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
3161424.26a0: 00007ff71633e000-00007ff716342fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
3171424.26a0: 00007ff716343000-00007ff716343fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
3181424.26a0: 00007ff716344000-00007ff716344fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
3191424.26a0: 00007ff716345000-00007ff716348fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
3201424.26a0: 00007ff716349000-00007ff716391fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
3211424.26a0: 00007ff716392000-00007ffa75d0ffff 0x0001/0x0000 0x0000000
3221424.26a0: *00007ffa75d10000-00007ffa75d10fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3231424.26a0: 00007ffa75d11000-00007ffa75e27fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3241424.26a0: 00007ffa75e28000-00007ffa75e6efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3251424.26a0: 00007ffa75e6f000-00007ffa75e79fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3261424.26a0: 00007ffa75e7a000-00007ffa75e87fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3271424.26a0: 00007ffa75e88000-00007ffa75e88fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3281424.26a0: 00007ffa75e89000-00007ffa75e8bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3291424.26a0: 00007ffa75e8c000-00007ffa75efcfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3301424.26a0: 00007ffa75efd000-00007ffffffeffff 0x0001/0x0000 0x0000000
3311424.26a0: VBoxHeadless.exe: timestamp 0x5c18e1cd (rc=VINF_SUCCESS)
3321424.26a0: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
3331424.26a0: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
3341424.26a0: supR3HardNtChildPurify: Done after 298 ms and 0 fixes (loop #0).
3351ed4.2218: Log file opened: 6.0.0r127566 g_hStartupLog=0000000000000008 g_uNtVerCombined=0xa0456300
3361ed4.2218: supR3HardenedVmProcessInit: uNtDllAddr=00007ffa75d10000 g_uNtVerCombined=0xa0456300
3371ed4.2218: ntdll.dll: timestamp 0xe8b54827 (rc=VINF_SUCCESS)
3381ed4.2218: New simple heap: #1 0000000000e00000 LB 0x400000 (for 2019328 allocation)
3391424.26a0: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000600000 LB 0x400000)
3401424.26a0: supR3HardNtEnableThreadCreation:
3411ed4.2218: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
3421ed4.2218: System32: \Device\HarddiskVolume3\Windows\System32
3431ed4.2218: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
3441ed4.2218: KnownDllPath: C:\Windows\System32
3451ed4.2218: supR3HardenedVmProcessInit: Opening vboxdrv...
3461ed4.2218: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
3471ed4.2218: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
3481ed4.2218: Registered Dll notification callback with NTDLL.
3491ed4.2218: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
3501ed4.2218: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
3511ed4.2218: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
3521ed4.2218: supR3HardenedDllNotificationCallback: load 00007ffa72980000 LB 0x00293000 C:\Windows\System32\KERNELBASE.dll [fFlags=0x0]
3531ed4.2218: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
3541ed4.2218: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
3551ed4.2218: supR3HardenedDllNotificationCallback: load 00007ffa75830000 LB 0x000b3000 C:\Windows\System32\KERNEL32.DLL [fFlags=0x0]
3561ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
3571ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa75830000 'C:\Windows\System32\KERNEL32.DLL'
3581ed4.2218: supR3HardenedDllNotificationCallback: load 00007ff716280000 LB 0x00112000 D:\Program Files\Oracle\VirtualBox\VBoxHeadless.exe [fFlags=0x0]
3591ed4.2218: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
3601ed4.2218: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe)
3611ed4.2218: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
3621ed4.2218: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffa75d85640 pvNtTerminateThread=00007ffa75db00b0
3631424.26a0: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 73 ms.
3641ed4.2218: \SystemRoot\System32\ntdll.dll:
3651ed4.2218: CreationTime: 2018-12-27T06:50:18.768983700Z
3661ed4.2218: LastWriteTime: 2018-12-27T06:50:18.784618700Z
3671ed4.2218: ChangeTime: 2018-12-27T06:51:36.498484200Z
3681ed4.2218: FileAttributes: 0x20
3691ed4.2218: Size: 0x1e7010
3701ed4.2218: NT Headers: 0xe0
3711ed4.2218: Timestamp: 0xe8b54827
3721ed4.2218: Machine: 0x8664 - amd64
3731ed4.2218: Timestamp: 0xe8b54827
3741ed4.2218: Image Version: 10.0
3751ed4.2218: SizeOfImage: 0x1ed000 (2019328)
3761ed4.2218: Resource Dir: 0x17d000 LB 0x6ea08
3771ed4.2218: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
3781ed4.2218: [Raw version resource data: 0x17d0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
3791ed4.2218: ProductName: Microsoft® Windows® Operating System
3801ed4.2218: ProductVersion: 10.0.17763.194
3811ed4.2218: FileVersion: 10.0.17763.194 (WinBuild.160101.0800)
3821ed4.2218: FileDescription: NT Layer DLL
3831ed4.2218: \SystemRoot\System32\kernel32.dll:
3841ed4.2218: CreationTime: 2018-09-15T07:28:44.342269900Z
3851ed4.2218: LastWriteTime: 2018-09-15T07:28:44.342269900Z
3861ed4.2218: ChangeTime: 2018-12-27T05:37:55.479116700Z
3871ed4.2218: FileAttributes: 0x20
3881ed4.2218: Size: 0xb1380
3891ed4.2218: NT Headers: 0xe8
3901ed4.2218: Timestamp: 0x65614da1
3911ed4.2218: Machine: 0x8664 - amd64
3921ed4.2218: Timestamp: 0x65614da1
3931ed4.2218: Image Version: 10.0
3941ed4.2218: SizeOfImage: 0xb3000 (733184)
3951ed4.2218: Resource Dir: 0xb1000 LB 0x520
3961ed4.2218: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
3971ed4.2218: [Raw version resource data: 0xb10b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
3981ed4.2218: ProductName: Microsoft® Windows® Operating System
3991ed4.2218: ProductVersion: 10.0.17763.1
4001ed4.2218: FileVersion: 10.0.17763.1 (WinBuild.160101.0800)
4011ed4.2218: FileDescription: Windows NT BASE API Client DLL
4021ed4.2218: \SystemRoot\System32\KernelBase.dll:
4031ed4.2218: CreationTime: 2018-12-27T06:50:18.519047400Z
4041ed4.2218: LastWriteTime: 2018-12-27T06:50:18.534664300Z
4051ed4.2218: ChangeTime: 2018-12-27T06:51:36.636329200Z
4061ed4.2218: FileAttributes: 0x20
4071ed4.2218: Size: 0x293cc8
4081ed4.2218: NT Headers: 0xf8
4091ed4.2218: Timestamp: 0x1659a33b
4101ed4.2218: Machine: 0x8664 - amd64
4111ed4.2218: Timestamp: 0x1659a33b
4121ed4.2218: Image Version: 10.0
4131ed4.2218: SizeOfImage: 0x293000 (2699264)
4141ed4.2218: Resource Dir: 0x26f000 LB 0x548
4151ed4.2218: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
4161ed4.2218: [Raw version resource data: 0x26f0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
4171ed4.2218: ProductName: Microsoft® Windows® Operating System
4181ed4.2218: ProductVersion: 10.0.17763.134
4191ed4.2218: FileVersion: 10.0.17763.134 (WinBuild.160101.0800)
4201ed4.2218: FileDescription: Windows NT BASE API Client DLL
4211ed4.2218: \SystemRoot\System32\apisetschema.dll:
4221ed4.2218: CreationTime: 2018-09-15T07:28:25.403122600Z
4231ed4.2218: LastWriteTime: 2018-09-15T07:28:25.403122600Z
4241ed4.2218: ChangeTime: 2018-12-27T21:36:23.404060600Z
4251ed4.2218: FileAttributes: 0x20
4261ed4.2218: Size: 0x1c738
4271ed4.2218: NT Headers: 0xd0
4281ed4.2218: Timestamp: 0x33775897
4291ed4.2218: Machine: 0x8664 - amd64
4301ed4.2218: Timestamp: 0x33775897
4311ed4.2218: Image Version: 10.0
4321ed4.2218: SizeOfImage: 0x1d000 (118784)
4331ed4.2218: Resource Dir: 0x1c000 LB 0x408
4341ed4.2218: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
4351ed4.2218: [Raw version resource data: 0x1c060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
4361ed4.2218: ProductName: Microsoft® Windows® Operating System
4371ed4.2218: ProductVersion: 10.0.17763.1
4381ed4.2218: FileVersion: 10.0.17763.1 (WinBuild.160101.0800)
4391ed4.2218: FileDescription: ApiSet Schema DLL
4401ed4.2218: NtOpenDirectoryObject failed on \Driver: 0xc0000022
4411ed4.2218: supR3HardenedWinFindAdversaries: 0x0
4421ed4.2218: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
4431ed4.2218: Calling main()
4441ed4.2218: SUPR3HardenedMain: pszProgName=VBoxHeadless fFlags=0x0
4451ed4.2218: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
4461ed4.2218: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
4471ed4.2218: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe)
4481ed4.2218: SUPR3HardenedMain: Final process, opening VBoxDrv...
4491ed4.2218: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000e00000 LB 0x400000)
4501ed4.2218: supR3HardNtEnableThreadCreation:
4511ed4.2218: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
4521ed4.2218: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
4531ed4.2218: supR3HardenedMonitor_LdrLoadDll: pName=D:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
4541ed4.2218: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
4551ed4.2218: supR3HardenedDllNotificationCallback: load 00007ffa6c2a0000 LB 0x00005000 D:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
4561ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
4571ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
4581ed4.2218: supR3HardenedMonitor_LdrLoadDll: pName=D:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
4591ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6c2a0000 'D:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
4601ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
4611ed4.2218: supR3HardenedMonitor_LdrLoadDll: pName=D:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
4621ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6c2a0000 'D:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
4631ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6c2a0000 'D:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
4641ed4.2218: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
4651ed4.2218: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
4661ed4.2218: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
4671ed4.2218: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
4681ed4.2218: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wintrust.dll)
4691ed4.2218: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wintrust.dll
4701ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
4711ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
4721ed4.2218: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll)
4731ed4.2218: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
4741ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
4751ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
4761ed4.2218: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'msasn1.dll'.
4771ed4.2218: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\crypt32.dll)
4781ed4.2218: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\crypt32.dll
4791ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
4801ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
4811ed4.2218: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msasn1.dll)
4821ed4.2218: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msasn1.dll
4831ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
4841ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
4851ed4.2218: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcrt.dll)
4861ed4.2218: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
4871ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
4881ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
4891ed4.2218: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
4901ed4.2218: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
4911ed4.2218: supR3HardenedDllNotificationCallback: load 00007ffa75520000 LB 0x0009e000 C:\Windows\System32\msvcrt.dll [fFlags=0x0]
4921ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
4931ed4.2218: supR3HardenedDllNotificationCallback: load 00007ffa71dc0000 LB 0x00012000 C:\Windows\System32\MSASN1.dll [fFlags=0x0]
4941ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
4951ed4.2218: supR3HardenedDllNotificationCallback: load 00007ffa72710000 LB 0x000fc000 C:\Windows\System32\ucrtbase.dll [fFlags=0x0]
4961ed4.2218: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ucrtbase.dll)
4971ed4.2218: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ucrtbase.dll
4981ed4.2218: supR3HardenedDllNotificationCallback: load 00007ffa71de0000 LB 0x001db000 C:\Windows\System32\CRYPT32.dll [fFlags=0x0]
4991ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
5001ed4.2218: supR3HardenedDllNotificationCallback: load 00007ffa72fd0000 LB 0x00122000 C:\Windows\System32\RPCRT4.dll [fFlags=0x0]
5011ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
5021ed4.2218: supR3HardenedDllNotificationCallback: load 00007ffa72c40000 LB 0x00058000 C:\Windows\System32\Wintrust.dll [fFlags=0x0]
5031ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5041ed4.2218: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
5051ed4.2218: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5061ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa72980000 'api-ms-win-core-synch-l1-2-0'
5071ed4.2218: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
5081ed4.2218: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5091ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa72980000 'api-ms-win-core-fibers-l1-1-1'
5101ed4.2218: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
5111ed4.2218: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5121ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa72980000 'api-ms-win-core-fibers-l1-1-1'
5131ed4.2218: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
5141ed4.2218: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5151ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa72980000 'api-ms-win-core-synch-l1-2-0'
5161ed4.2218: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
5171ed4.2218: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5181ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa72980000 'api-ms-win-core-localization-l1-2-1'
5191ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa72c40000 'C:\Windows\system32\Wintrust.dll'
5201ed4.2218: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcrypt.dll)
5211ed4.2218: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
5221ed4.2218: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5231ed4.2218: supR3HardenedDllNotificationCallback: load 00007ffa72ca0000 LB 0x00026000 C:\Windows\System32\bcrypt.dll [fFlags=0x0]
5241ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
5251ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa72ca0000 'C:\Windows\system32\bcrypt.dll'
5261ed4.2218: bcrypt.dll loaded at 00007ffa72ca0000, BCryptOpenAlgorithmProvider at 00007ffa72ca4d60, preloading providers:
5271ed4.2218: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll)
5281ed4.2218: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
5291ed4.2218: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5301ed4.2218: supR3HardenedDllNotificationCallback: load 00007ffa72810000 LB 0x0007e000 C:\Windows\System32\bcryptprimitives.dll [fFlags=0x0]
5311ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
5321ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa72810000 'C:\Windows\system32\bcryptprimitives.dll'
5331ed4.2218: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=000000000120e1f0)
5341ed4.2218: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=000000000120f760)
5351ed4.2218: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=000000000120fa60)
5361ed4.2218: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=000000000120fd60)
5371ed4.2218: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000001210060)
5381ed4.2218: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000001210360)
5391ed4.2218: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000001210660)
5401ed4.2218: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000001210d70)
5411ed4.2218: supR3HardenedDllNotificationCallback: load 00007ffa72c20000 LB 0x00017000 C:\Windows\System32\CRYPTSP.dll [fFlags=0x0]
5421ed4.2218: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptsp.dll)
5431ed4.2218: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptsp.dll
5441ed4.2218: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'bcrypt.dll'.
5451ed4.2218: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rsaenh.dll)
5461ed4.2218: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
5471ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
5481ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
5491ed4.2218: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
5501ed4.2218: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5511ed4.2218: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
5521ed4.2218: supR3HardenedDllNotificationCallback: load 00007ffa71160000 LB 0x00033000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
5531ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
5541ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
5551ed4.2218: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
5561ed4.2218: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptbase.dll)
5571ed4.2218: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptbase.dll
5581ed4.2218: supR3HardenedDllNotificationCallback: load 00007ffa71770000 LB 0x0000c000 C:\Windows\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
5591ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
5601ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
5611ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
5621ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
5631ed4.2218: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
5641ed4.2218: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5651ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa75830000 'C:\Windows\System32\kernel32.dll'
5661ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5671ed4.2218: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5681ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa72c40000 'C:\Windows\System32\WINTRUST.DLL'
5691ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
5701ed4.2218: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
5711ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71de0000 'C:\Windows\System32\CRYPT32.dll'
5721ed4.2218: supR3HardenedDllNotificationCallback: load 00007ffa74910000 LB 0x0001d000 C:\Windows\System32\imagehlp.dll [fFlags=0x0]
5731ed4.2218: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\imagehlp.dll)
5741ed4.2218: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imagehlp.dll
5751ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
5761ed4.2218: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5771ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
5781ed4.2218: supR3HardenedDllNotificationCallback: load 00007ffa755c0000 LB 0x0009e000 C:\Windows\System32\sechost.dll [fFlags=0x0]
5791ed4.2218: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
5801ed4.2218: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\sechost.dll)
5811ed4.2218: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sechost.dll
5821ed4.2218: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
5831ed4.2218: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
5841ed4.2218: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gpapi.dll)
5851ed4.2218: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gpapi.dll
5861ed4.2218: supR3HardenedDllNotificationCallback: load 00007ffa70a00000 LB 0x00022000 C:\Windows\SYSTEM32\gpapi.dll [fFlags=0x0]
5871ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
5881ed4.2218: supR3HardenedDllNotificationCallback: load 00007ffa71d90000 LB 0x00024000 C:\Windows\System32\profapi.dll [fFlags=0x0]
5891ed4.2218: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\profapi.dll)
5901ed4.2218: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\profapi.dll
5911ed4.2218: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
5921ed4.2218: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
5931ed4.2218: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\cryptnet.dll)
5941ed4.2218: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptnet.dll
5951ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
5961ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
5971ed4.2218: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
5981ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
5991ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6001ed4.2218: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6011ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6021ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6031ed4.2218: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
6041ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6051ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6061ed4.2218: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6071ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6081ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6091ed4.2218: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
6101ed4.2218: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6111ed4.2218: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6121ed4.2218: supR3HardenedDllNotificationCallback: load 00007ffa5c040000 LB 0x0002f000 C:\Windows\System32\cryptnet.dll [fFlags=0x0]
6131ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6141ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6151ed4.2218: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6161ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5c040000 'C:\Windows\System32\cryptnet.dll'
6171ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6181ed4.2218: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6191ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5c040000 'C:\Windows\System32\cryptnet.dll'
6201ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6211ed4.2218: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6221ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5c040000 'C:\Windows\System32\cryptnet.dll'
6231ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6241ed4.2218: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6251ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5c040000 'C:\Windows\System32\cryptnet.dll'
6261ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6271ed4.2218: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6281ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5c040000 'C:\Windows\System32\cryptnet.dll'
6291ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6301ed4.2218: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6311ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5c040000 'C:\Windows\System32\cryptnet.dll'
6321ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6331ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5c040000 'C:\Windows\System32\cryptnet.dll'
6341ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6351ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5c040000 'C:\Windows\System32\cryptnet.dll'
6361ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6371ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5c040000 'C:\Windows\System32\cryptnet.dll'
6381ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6391ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5c040000 'C:\Windows\System32\cryptnet.dll'
6401ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6411ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5c040000 'C:\Windows\System32\cryptnet.dll'
6421ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5c040000 'C:\Windows\System32\cryptnet.dll'
6431ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6441ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5c040000 'C:\Windows\System32\cryptnet.dll'
6451ed4.2218: supR3HardenedDllNotificationCallback: load 00007ffa74860000 LB 0x000a3000 C:\Windows\System32\advapi32.dll [fFlags=0x0]
6461ed4.2218: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6471ed4.2218: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.
6481ed4.2218: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
6491ed4.2218: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\advapi32.dll)
6501ed4.2218: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\advapi32.dll
6511ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6521ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6531ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6541ed4.2218: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
6551ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
6561ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume3\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
6571ed4.2218: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\sechost.dll [lacks WinVerifyTrust]
6581ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6591ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6601ed4.2218: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6611ed4.2218: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6621ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
6631ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
6641ed4.2218: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6651ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71de0000 'C:\Windows\System32\crypt32.dll'
6661ed4.2218: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
6671ed4.2218: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000012f0370
6681ed4.2218: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000012f0370
6691ed4.2218: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E118BAE0A2CBC497F05FE519F5B8FB6FCD99D346
6701ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
6711ed4.2218: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6721ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa72fd0000 'C:\Windows\System32\rpcrt4.dll'
6731ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6741ed4.2218: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6751ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
6761ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
6771ed4.2218: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6781ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71de0000 'C:\Windows\System32\crypt32.dll'
6791ed4.2218: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_352_for_KB4483235~31bf3856ad364e35~amd64~~10.0.1.1.cat'; file='\SystemRoot\System32\ntdll.dll'
6801ed4.2218: g_pfnWinVerifyTrust=00007ffa72c46370
6811ed4.2218: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
6821ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6831ed4.2218: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6841ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
6851ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
6861ed4.2218: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6871ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71de0000 'C:\Windows\System32\crypt32.dll'
6881ed4.2218: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\crypt32.dll'
6891ed4.2218: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
6901ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6911ed4.2218: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6921ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
6931ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
6941ed4.2218: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6951ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71de0000 'C:\Windows\System32\crypt32.dll'
6961ed4.2218: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\wintrust.dll'
6971ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6981ed4.2218: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6991ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
7001ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71de0000 'C:\Windows\System32\crypt32.dll'
7011ed4.2218: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\advapi32.dll'
7021ed4.2218: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003b4 pwszName=\Device\HarddiskVolume3\Windows\System32\cryptnet.dll
7031ed4.2218: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000012f0370
7041ed4.2218: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000012f0370
7051ed4.2218: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A71FAF93E7F6555CF5752D6A603A870E378E49E6
7061ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7071ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
7081ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71de0000 'C:\Windows\System32\crypt32.dll'
7091ed4.2218: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0316~31bf3856ad364e35~amd64~~10.0.17763.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\cryptnet.dll'
7101ed4.2218: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
7111ed4.2218: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptnet.dll'
7121ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7131ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
7141ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71de0000 'C:\Windows\System32\crypt32.dll'
7151ed4.2218: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\profapi.dll'
7161ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7171ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
7181ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71de0000 'C:\Windows\System32\crypt32.dll'
7191ed4.2218: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gpapi.dll'
7201ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7211ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
7221ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71de0000 'C:\Windows\System32\crypt32.dll'
7231ed4.2218: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\sechost.dll'
7241ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7251ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
7261ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71de0000 'C:\Windows\System32\crypt32.dll'
7271ed4.2218: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imagehlp.dll'
7281ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7291ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
7301ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71de0000 'C:\Windows\System32\crypt32.dll'
7311ed4.2218: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptbase.dll'
7321ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7331ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
7341ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
7351ed4.2218: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7361ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71de0000 'C:\Windows\System32\crypt32.dll'
7371ed4.2218: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rsaenh.dll'
7381ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
7391ed4.2218: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7401ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
7411ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71de0000 'C:\Windows\System32\crypt32.dll'
7421ed4.2218: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptsp.dll'
7431ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
7441ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71de0000 'C:\Windows\System32\crypt32.dll'
7451ed4.2218: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll'
7461ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
7471ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71de0000 'C:\Windows\System32\crypt32.dll'
7481ed4.2218: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll'
7491ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
7501ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71de0000 'C:\Windows\System32\crypt32.dll'
7511ed4.2218: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ucrtbase.dll'
7521ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
7531ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71de0000 'C:\Windows\System32\crypt32.dll'
7541ed4.2218: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll'
7551ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
7561ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71de0000 'C:\Windows\System32\crypt32.dll'
7571ed4.2218: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msasn1.dll'
7581ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
7591ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71de0000 'C:\Windows\System32\crypt32.dll'
7601ed4.2218: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll'
7611ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
7621ed4.2218: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
7631ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
7641ed4.2218: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe'
7651ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
7661ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71de0000 'C:\Windows\System32\crypt32.dll'
7671ed4.2218: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\KernelBase.dll'
7681ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
7691ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71de0000 'C:\Windows\System32\crypt32.dll'
7701ed4.2218: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\kernel32.dll'
7711ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71de0000 'C:\Windows\system32\crypt32.dll'
7721ed4.2218: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
7731ed4.2218: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
7741ed4.2218: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
7751ed4.2218: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
7761ed4.2218: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
7771ed4.2218: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
7781ed4.2218: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
7791ed4.2218: supR3HardenedWinIsDesiredRootCA: Adding 0xf3bb4d7e894b420 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC TS Root Certificate Authority 2018
7801ed4.2218: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
7811ed4.2218: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
7821ed4.2218: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018
7831ed4.2218: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
7841ed4.2218: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
7851ed4.2218: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
7861ed4.2218: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
7871ed4.2218: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
7881ed4.2218: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
7891ed4.2218: supR3HardenedWinIsDesiredRootCA: Adding 0x1591b8ac8dcabd00 C=CN, O=WoSign CA Limited, CN=Certification Authority of WoSign
7901ed4.2218: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
7911ed4.2218: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
7921ed4.2218: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
7931ed4.2218: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
7941ed4.2218: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
7951ed4.2218: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
7961ed4.2218: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
7971ed4.2218: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
7981ed4.2218: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
7991ed4.2218: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
8001ed4.2218: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
8011ed4.2218: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
8021ed4.2218: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
8031ed4.2218: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
8041ed4.2218: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
8051ed4.2218: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
8061ed4.2218: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
8071ed4.2218: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
8081ed4.2218: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
8091ed4.2218: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
8101ed4.2218: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
8111ed4.2218: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=39
8121ed4.2218: SUPR3HardenedMain: Load Runtime...
8131ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
8141ed4.2218: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
8151ed4.2218: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
8161ed4.2218: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
8171ed4.2218: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
8181ed4.2218: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
8191ed4.2218: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
8201ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
8211ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
8221ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
8231ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71de0000 'C:\Windows\System32\crypt32.dll'
8241ed4.2218: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
8251ed4.2218: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ws2_32.dll) WinVerifyTrust
8261ed4.2218: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
8271ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8281ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8291ed4.2218: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
8301ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
8311ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
8321ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8331ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8341ed4.2218: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
8351ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
8361ed4.2218: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
8371ed4.2218: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
8381ed4.2218: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
8391ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
8401ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
8411ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
8421ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
8431ed4.2218: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
8441ed4.2218: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll)
8451ed4.2218: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
8461ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
8471ed4.2218: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
8481ed4.2218: supR3HardenedMonitor_LdrLoadDll: pName=D:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
8491ed4.2218: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
8501ed4.2218: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
8511ed4.2218: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
8521ed4.2218: supR3HardenedDllNotificationCallback: load 0000000057760000 LB 0x000d2000 D:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
8531ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
8541ed4.2218: supR3HardenedDllNotificationCallback: load 0000000057150000 LB 0x00098000 D:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
8551ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
8561ed4.2218: supR3HardenedDllNotificationCallback: load 00007ffa75090000 LB 0x0006d000 C:\Windows\System32\WS2_32.dll [fFlags=0x0]
8571ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
8581ed4.2218: supR3HardenedDllNotificationCallback: load 00007ffa381b0000 LB 0x0052a000 D:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
8591ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
8601ed4.2218: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
8611ed4.2218: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
8621ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
8631ed4.2218: supR3HardenedMonitor_LdrLoadDll: pName=D:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8641ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa381b0000 'D:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8651ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
8661ed4.2218: supR3HardenedMonitor_LdrLoadDll: pName=D:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8671ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa381b0000 'D:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8681ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
8691ed4.2218: supR3HardenedMonitor_LdrLoadDll: pName=D:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8701ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa381b0000 'D:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8711ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
8721ed4.2218: supR3HardenedMonitor_LdrLoadDll: pName=D:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8731ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa381b0000 'D:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8741ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
8751ed4.2218: supR3HardenedMonitor_LdrLoadDll: pName=D:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8761ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa381b0000 'D:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8771ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
8781ed4.2218: supR3HardenedMonitor_LdrLoadDll: pName=D:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8791ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa381b0000 'D:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8801ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa381b0000 'D:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8811ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa381b0000 'D:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8821ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa381b0000 'D:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8831ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa381b0000 'D:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8841ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa381b0000 'D:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8851ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa381b0000 'D:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8861ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa381b0000 'D:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8871ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
8881ed4.2218: supR3HardenedMonitor_LdrLoadDll: pName=D:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8891ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa381b0000 'D:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8901ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa381b0000 'D:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8911ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa381b0000 'D:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8921ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa381b0000 'D:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8931ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa381b0000 'D:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8941ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa381b0000 'D:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8951ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa381b0000 'D:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8961ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa381b0000 'D:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8971ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa381b0000 'D:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8981ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa381b0000 'D:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8991ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa381b0000 'D:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9001ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa381b0000 'D:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9011ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa381b0000 'D:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9021ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa381b0000 'D:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9031ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa381b0000 'D:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9041ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa381b0000 'D:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9051ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
9061ed4.2218: supR3HardenedMonitor_LdrLoadDll: pName=D:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9071ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa381b0000 'D:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9081ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa381b0000 'D:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9091ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa381b0000 'D:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9101ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa381b0000 'D:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9111ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll
9121ed4.2218: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
9131ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa72c40000 'C:\Windows\system32\Wintrust.dll'
9141ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
9151ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71de0000 'C:\Windows\System32\crypt32.dll'
9161ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
9171ed4.2218: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9181ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
9191ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71de0000 'C:\Windows\System32\crypt32.dll'
9201ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71de0000 'C:\Windows\system32\crypt32.dll'
9211ed4.2218: SUPR3HardenedMain: Load TrustedMain...
9221ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
9231ed4.2218: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
9241ed4.2218: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
9251ed4.2218: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'.
9261ed4.2218: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
9271ed4.2218: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
9281ed4.2218: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
9291ed4.2218: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.dll) WinVerifyTrust
9301ed4.2218: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.dll
9311ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
9321ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
9331ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
9341ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71de0000 'C:\Windows\System32\crypt32.dll'
9351ed4.2218: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
9361ed4.2218: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
9371ed4.2218: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\user32.dll) WinVerifyTrust
9381ed4.2218: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\user32.dll
9391ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
9401ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
9411ed4.2218: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
9421ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
9431ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
9441ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
9451ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
9461ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
9471ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
9481ed4.2218: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
9491ed4.2218: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32.dll)
9501ed4.2218: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32.dll
9511ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
9521ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
9531ed4.2218: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
9541ed4.2218: '\Device\HarddiskVolume3\Windows\System32\win32u.dll' has no imports
9551ed4.2218: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\win32u.dll)
9561ed4.2218: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\win32u.dll
9571ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
9581ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
9591ed4.2218: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9601ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71de0000 'C:\Windows\System32\crypt32.dll'
9611ed4.2218: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
9621ed4.2218: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
9631ed4.2218: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'.
9641ed4.2218: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\oleaut32.dll) WinVerifyTrust
9651ed4.2218: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
9661ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
9671ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
9681ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9691ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9701ed4.2218: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
9711ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
9721ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
9731ed4.2218: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
9741ed4.2218: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
9751ed4.2218: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #46 'bcryptprimitives.dll'.
9761ed4.2218: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\combase.dll)
9771ed4.2218: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\combase.dll
9781ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
9791ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
9801ed4.2218: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
9811ed4.2218: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll)
9821ed4.2218: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
9831ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
9841ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
9851ed4.2218: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
9861ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9871ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9881ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
9891ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71de0000 'C:\Windows\System32\crypt32.dll'
9901ed4.2218: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
9911ed4.2218: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #55 'gdi32.dll'.
9921ed4.2218: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #56 'user32.dll'.
9931ed4.2218: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #57 'combase.dll'.
9941ed4.2218: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ole32.dll) WinVerifyTrust
9951ed4.2218: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ole32.dll
9961ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
9971ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
9981ed4.2218: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [redoing WinVerifyTrust]
9991ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
10001ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
10011ed4.2218: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [lacks WinVerifyTrust]
10021ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
10031ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
10041ed4.2218: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
10051ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
10061ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
10071ed4.2218: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
10081ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
10091ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
10101ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
10111ed4.2218: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'
10121ed4.2218: supR3HardenedMonitor_LdrLoadDll: pName=D:\Program Files\Oracle\VirtualBox\VBoxHeadless.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
10131ed4.2218: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.dll
10141ed4.2218: supR3HardenedDllNotificationCallback: load 00007ffa758f0000 LB 0x0032d000 C:\Windows\System32\combase.dll [fFlags=0x0]
10151ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [avoiding WinVerifyTrust]
10161ed4.2218: supR3HardenedDllNotificationCallback: load 00007ffa728e0000 LB 0x000a0000 C:\Windows\System32\msvcp_win.dll [fFlags=0x0]
10171ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [avoiding WinVerifyTrust]
10181ed4.2218: supR3HardenedDllNotificationCallback: load 00007ffa72cd0000 LB 0x00020000 C:\Windows\System32\win32u.dll [fFlags=0x0]
10191ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [avoiding WinVerifyTrust]
10201ed4.2218: supR3HardenedDllNotificationCallback: load 00007ffa751c0000 LB 0x00197000 C:\Windows\System32\USER32.dll [fFlags=0x0]
10211ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
10221ed4.2218: supR3HardenedDllNotificationCallback: load 00007ffa72cf0000 LB 0x0019a000 C:\Windows\System32\gdi32full.dll [fFlags=0x0]
10231ed4.2218: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
10241ed4.2218: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
10251ed4.2218: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'user32.dll'.
10261ed4.2218: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'win32u.dll'.
10271ed4.2218: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32full.dll)
10281ed4.2218: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32full.dll
10291ed4.2218: supR3HardenedDllNotificationCallback: load 00007ffa72fa0000 LB 0x00029000 C:\Windows\System32\GDI32.dll [fFlags=0x0]
10301ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [avoiding WinVerifyTrust]
10311ed4.2218: supR3HardenedDllNotificationCallback: load 00007ffa75360000 LB 0x00155000 C:\Windows\System32\ole32.dll [fFlags=0x0]
10321ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
10331ed4.2218: supR3HardenedDllNotificationCallback: load 00007ffa74930000 LB 0x000cb000 C:\Windows\System32\OLEAUT32.dll [fFlags=0x0]
10341ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
10351ed4.2218: supR3HardenedDllNotificationCallback: load 00007ffa60930000 LB 0x00052000 D:\Program Files\Oracle\VirtualBox\VBoxHeadless.dll [fFlags=0x0]
10361ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.dll
10371ed4.2218: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
10381ed4.2218: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
10391ed4.2218: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
10401ed4.2218: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
10411ed4.2218: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
10421ed4.2218: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
10431ed4.2218: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
10441ed4.2218: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
10451ed4.2218: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
10461ed4.2218: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
10471ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
10481ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
10491ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
10501ed4.2218: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [redoing WinVerifyTrust]
10511ed4.2218: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
10521ed4.2218: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\win32u.dll
10531ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
10541ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
10551ed4.2218: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
10561ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
10571ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
10581ed4.2218: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
10591ed4.2218: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
10601ed4.2218: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\gdi32.dll
10611ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
10621ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
10631ed4.2218: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
10641ed4.2218: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
10651ed4.2218: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
10661ed4.2218: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
10671ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa75830000 'C:\Windows\System32\kernel32.dll'
10681ed4.2218: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
10691ed4.2218: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
10701ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa72980000 'api-ms-win-core-string-l1-1-0'
10711ed4.2218: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
10721ed4.2218: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
10731ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa72980000 'api-ms-win-core-datetime-l1-1-1'
10741ed4.2218: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
10751ed4.2218: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
10761ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa72980000 'api-ms-win-core-localization-obsolete-l1-2-0'
10771ed4.2218: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
10781ed4.2218: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
10791ed4.2218: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'win32u.dll'.
10801ed4.2218: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\imm32.dll)
10811ed4.2218: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imm32.dll
10821ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
10831ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
10841ed4.2218: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [redoing WinVerifyTrust]
10851ed4.2218: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
10861ed4.2218: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\win32u.dll
10871ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
10881ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
10891ed4.2218: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
10901ed4.2218: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
10911ed4.2218: supR3HardenedDllNotificationCallback: load 00007ffa75110000 LB 0x0002e000 C:\Windows\System32\IMM32.DLL [fFlags=0x0]
10921ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
10931ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa75110000 'C:\Windows\system32\IMM32.DLL'
10941ed4.2218: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
10951ed4.2218: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rescheduled]
10961ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa60930000 'D:\Program Files\Oracle\VirtualBox\VBoxHeadless.dll'
10971ed4.2218: SUPR3HardenedMain: Calling TrustedMain (00007ffa60932d10)...
10981ed4.2218: supR3HardenedDllNotificationCallback: load 00007ffa71d70000 LB 0x00011000 C:\Windows\System32\kernel.appcore.dll [fFlags=0x0]
10991ed4.2218: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'.
11001ed4.2218: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
11011ed4.2218: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll)
11021ed4.2218: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll
11031ed4.2218: supR3HardenedDllNotificationCallback: load 00007ffa75c30000 LB 0x000a2000 C:\Windows\System32\clbcatq.dll [fFlags=0x0]
11041ed4.2218: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11051ed4.2218: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'rpcrt4.dll'.
11061ed4.2218: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\clbcatq.dll)
11071ed4.2218: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\clbcatq.dll
11081ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
11091ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
11101ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11111ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11121ed4.2218: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
11131ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
11141ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
11151ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11161ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11171ed4.2218: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
11181ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
11191ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71de0000 'C:\Windows\System32\crypt32.dll'
11201ed4.2218: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\clbcatq.dll'
11211ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
11221ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71de0000 'C:\Windows\System32\crypt32.dll'
11231ed4.2218: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'
11241ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
11251ed4.2218: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
11261ed4.2218: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
11271ed4.2218: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
11281ed4.2218: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
11291ed4.2218: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
11301ed4.2218: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
11311ed4.2218: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
11321ed4.2218: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
11331ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
11341ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
11351ed4.2218: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
11361ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
11371ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
11381ed4.2218: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
11391ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
11401ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
11411ed4.2218: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
11421ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
11431ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
11441ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
11451ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
11461ed4.2218: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
11471ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
11481ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
11491ed4.2218: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
11501ed4.2218: supR3HardenedMonitor_LdrLoadDll: pName=D:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
11511ed4.2218: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
11521ed4.2218: supR3HardenedDllNotificationCallback: load 00007ffa36f90000 LB 0x003a0000 D:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
11531ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
11541ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa36f90000 'D:\Program Files\Oracle\VirtualBox\VBoxC.dll'
11551ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
11561ed4.2218: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
11571ed4.2218: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
11581ed4.2218: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
11591ed4.2218: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
11601ed4.2218: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
11611ed4.2218: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
11621ed4.2218: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
11631ed4.2218: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
11641ed4.2218: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
11651ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
11661ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
11671ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
11681ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
11691ed4.2218: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
11701ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
11711ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
11721ed4.2218: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
11731ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
11741ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
11751ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
11761ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71de0000 'C:\Windows\System32\crypt32.dll'
11771ed4.2218: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
11781ed4.2218: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'gdi32.dll'.
11791ed4.2218: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'user32.dll'.
11801ed4.2218: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shlwapi.dll) WinVerifyTrust
11811ed4.2218: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
11821ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
11831ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
11841ed4.2218: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
11851ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
11861ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
11871ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
11881ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
11891ed4.2218: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
11901ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
11911ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
11921ed4.2218: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
11931ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
11941ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
11951ed4.2218: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
11961ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
11971ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71de0000 'C:\Windows\System32\crypt32.dll'
11981ed4.2218: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'
11991ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12001ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12011ed4.2218: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
12021ed4.2218: supR3HardenedMonitor_LdrLoadDll: pName=D:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
12031ed4.2218: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
12041ed4.2218: supR3HardenedDllNotificationCallback: load 00007ffa754c0000 LB 0x00052000 C:\Windows\System32\SHLWAPI.dll [fFlags=0x0]
12051ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
12061ed4.2218: supR3HardenedDllNotificationCallback: load 00007ffa58bc0000 LB 0x000d4000 D:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
12071ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
12081ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa58bc0000 'D:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
12091ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
12101ed4.2218: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
12111ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa74930000 'C:\Windows\System32\oleaut32.dll'
12121ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
12131ed4.2218: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12141ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa75360000 'C:\Windows\System32\ole32.dll'
12151ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
12161ed4.2218: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12171ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa74930000 'C:\Windows\System32\OLEAUT32.dll'
12181ed4.2218: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000007b4 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
12191ed4.2218: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000012f0370
12201ed4.2218: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000012f0370
12211ed4.2218: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=61B08AF50BF6163BDE34EB0C9B6605297BA2441A
12221ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
12231ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71de0000 'C:\Windows\System32\crypt32.dll'
12241ed4.2218: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package02~31bf3856ad364e35~amd64~~10.0.17763.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll'
12251ed4.2218: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12261ed4.2218: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12271ed4.2218: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
12281ed4.2218: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
12291ed4.2218: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
12301ed4.2218: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
12311ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
12321ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
12331ed4.2218: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000007c0 pwszName=\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
12341ed4.2218: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000012f0370
12351ed4.2218: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000012f0370
12361ed4.2218: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=585E55607969886FF9DCECA6C86E3FD6D59F65D2
12371ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
12381ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71de0000 'C:\Windows\System32\crypt32.dll'
12391ed4.2218: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package02~31bf3856ad364e35~amd64~~10.0.17763.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll'
12401ed4.2218: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12411ed4.2218: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12421ed4.2218: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'bcrypt.dll'.
12431ed4.2218: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'ws2_32.dll'.
12441ed4.2218: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll) WinVerifyTrust
12451ed4.2218: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
12461ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
12471ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
12481ed4.2218: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
12491ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12501ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12511ed4.2218: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
12521ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
12531ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
12541ed4.2218: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
12551ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
12561ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
12571ed4.2218: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
12581ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12591ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12601ed4.2218: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
12611ed4.2218: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
12621ed4.2218: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
12631ed4.2218: supR3HardenedDllNotificationCallback: load 00007ffa5cfe0000 LB 0x00085000 C:\Windows\SYSTEM32\wbemcomn.dll [fFlags=0x0]
12641ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
12651ed4.2218: supR3HardenedDllNotificationCallback: load 00007ffa5af50000 LB 0x00011000 C:\Windows\system32\wbem\wbemprox.dll [fFlags=0x0]
12661ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
12671ed4.2218: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(API-MS-Win-Core-LocalRegistry-L1-1-0.dll) -> 0x0, fPresent=1
12681ed4.2218: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
12691ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa72980000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
12701ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5af50000 'C:\Windows\system32\wbem\wbemprox.dll'
12711ed4.2218: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000007c4 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
12721ed4.2218: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000012f0370
12731ed4.2218: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000012f0370
12741ed4.2218: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2479751D59078C3499423233D67A94D93457E663
12751ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
12761ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71de0000 'C:\Windows\System32\crypt32.dll'
12771ed4.2218: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package02~31bf3856ad364e35~amd64~~10.0.17763.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll'
12781ed4.2218: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12791ed4.2218: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12801ed4.2218: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
12811ed4.2218: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
12821ed4.2218: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
12831ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
12841ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
12851ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12861ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12871ed4.2218: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
12881ed4.2218: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
12891ed4.2218: supR3HardenedDllNotificationCallback: load 00007ffa5c630000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [fFlags=0x0]
12901ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
12911ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5c630000 'C:\Windows\system32\wbem\wbemsvc.dll'
12921ed4.2218: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-0.dll) -> 0x0, fPresent=1
12931ed4.2218: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
12941ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa72980000 'api-ms-win-core-localization-l1-2-0.dll'
12951ed4.2218: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-1-0.dll) -> 0x0, fPresent=1
12961ed4.2218: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
12971ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa72980000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
12981ed4.2218: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000784 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
12991ed4.2218: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000012f0370
13001ed4.2218: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000012f0370
13011ed4.2218: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5D738E4890595C8890290239456518F354997BFD
13021ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
13031ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71de0000 'C:\Windows\System32\crypt32.dll'
13041ed4.2218: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package02~31bf3856ad364e35~amd64~~10.0.17763.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll'
13051ed4.2218: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13061ed4.2218: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
13071ed4.2218: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'wbemcomn.dll'.
13081ed4.2218: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
13091ed4.2218: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
13101ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
13111ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
13121ed4.2218: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
13131ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13141ed4.2218: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13151ed4.2218: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
13161ed4.2218: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
13171ed4.2218: supR3HardenedDllNotificationCallback: load 00007ffa5c7a0000 LB 0x000f1000 C:\Windows\system32\wbem\fastprox.dll [fFlags=0x0]
13181ed4.2218: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
13191ed4.2218: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5c7a0000 'C:\Windows\system32\wbem\fastprox.dll'
13201ed4.2988: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
13211ed4.2988: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
13221ed4.2988: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
13231ed4.2988: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
13241ed4.2988: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
13251ed4.2988: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
13261ed4.2988: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
13271ed4.2988: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
13281ed4.2988: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
13291ed4.2988: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
13301ed4.2988: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
13311ed4.2988: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
13321ed4.2988: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
13331ed4.2988: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
13341ed4.2988: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
13351ed4.2988: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll
13361ed4.2988: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
13371ed4.2988: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
13381ed4.2988: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
13391ed4.2988: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13401ed4.2988: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13411ed4.2988: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
13421ed4.2988: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
13431ed4.2988: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
13441ed4.2988: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
13451ed4.2988: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
13461ed4.2988: supR3HardenedMonitor_LdrLoadDll: pName=D:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
13471ed4.2988: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
13481ed4.2988: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll
13491ed4.2988: supR3HardenedDllNotificationCallback: load 0000000057040000 LB 0x0010b000 D:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
13501ed4.2988: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll
13511ed4.2988: supR3HardenedDllNotificationCallback: load 00007ffa387e0000 LB 0x00325000 D:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
13521ed4.2988: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
13531ed4.2988: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa387e0000 'D:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
13541ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
13551ed4.29b8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000086c pwszName=\Device\HarddiskVolume3\Windows\System32\NetSetupShim.dll
13561ed4.29b8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000012f0370
13571ed4.29b8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000012f0370
13581ed4.29b8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0B2433C408432C42F4E295613BAF5910A41852D3
13591ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
13601ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71de0000 'C:\Windows\System32\crypt32.dll'
13611ed4.29b8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03113~31bf3856ad364e35~amd64~~10.0.17763.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\NetSetupShim.dll'
13621ed4.29b8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13631ed4.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
13641ed4.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'rpcrt4.dll'.
13651ed4.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'oleaut32.dll'.
13661ed4.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'ws2_32.dll'.
13671ed4.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'netsetupapi.dll'.
13681ed4.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'setupapi.dll'.
13691ed4.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'devrtl.dll'.
13701ed4.29b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\NetSetupShim.dll) WinVerifyTrust
13711ed4.29b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\NetSetupShim.dll
13721ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devrtl.dll'...
13731ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'devrtl.dll' -> '\Device\HarddiskVolume3\Windows\System32\devrtl.dll' [rcNtRedir=0xc0150008]
13741ed4.29b8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000898 pwszName=\Device\HarddiskVolume3\Windows\System32\devrtl.dll
13751ed4.29b8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000012f0370
13761ed4.29b8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000012f0370
13771ed4.29b8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9620C5F1DBCEC911C088602DD5FE1F576B1B6DD9
13781ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
13791ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71de0000 'C:\Windows\System32\crypt32.dll'
13801ed4.29b8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0316~31bf3856ad364e35~amd64~~10.0.17763.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\devrtl.dll'
13811ed4.29b8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13821ed4.29b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\devrtl.dll) WinVerifyTrust
13831ed4.29b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\devrtl.dll
13841ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
13851ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
13861ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
13871ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71de0000 'C:\Windows\System32\crypt32.dll'
13881ed4.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
13891ed4.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'rpcrt4.dll'.
13901ed4.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'cfgmgr32.dll'.
13911ed4.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #41 'bcrypt.dll'.
13921ed4.29b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\setupapi.dll) WinVerifyTrust
13931ed4.29b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\setupapi.dll
13941ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netsetupapi.dll'...
13951ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'netsetupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\netsetupapi.dll' [rcNtRedir=0xc0150008]
13961ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
13971ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
13981ed4.29b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
13991ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
14001ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
14011ed4.29b8: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'.
14021ed4.29b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll)
14031ed4.29b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
14041ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
14051ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
14061ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
14071ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
14081ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
14091ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71de0000 'C:\Windows\System32\crypt32.dll'
14101ed4.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14111ed4.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
14121ed4.29b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\NetSetupApi.dll) WinVerifyTrust
14131ed4.29b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\NetSetupApi.dll
14141ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
14151ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
14161ed4.29b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
14171ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
14181ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
14191ed4.29b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
14201ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
14211ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
14221ed4.29b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
14231ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
14241ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
14251ed4.29b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
14261ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
14271ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
14281ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
14291ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
14301ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
14311ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71de0000 'C:\Windows\System32\crypt32.dll'
14321ed4.29b8: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'
14331ed4.29b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\NetSetupShim.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
14341ed4.29b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\NetSetupShim.dll
14351ed4.29b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\NetSetupApi.dll
14361ed4.29b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devrtl.dll
14371ed4.29b8: supR3HardenedDllNotificationCallback: load 00007ffa72890000 LB 0x0004a000 C:\Windows\System32\cfgmgr32.dll [fFlags=0x0]
14381ed4.29b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll [avoiding WinVerifyTrust]
14391ed4.29b8: supR3HardenedDllNotificationCallback: load 00007ffa5b7a0000 LB 0x00025000 C:\Windows\System32\NetSetupApi.dll [fFlags=0x0]
14401ed4.29b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\NetSetupApi.dll
14411ed4.29b8: supR3HardenedDllNotificationCallback: load 00007ffa74a60000 LB 0x00475000 C:\Windows\System32\setupapi.dll [fFlags=0x0]
14421ed4.29b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
14431ed4.29b8: supR3HardenedDllNotificationCallback: load 00007ffa5eb10000 LB 0x00013000 C:\Windows\System32\DEVRTL.dll [fFlags=0x0]
14441ed4.29b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devrtl.dll
14451ed4.29b8: supR3HardenedDllNotificationCallback: load 00007ffa5a980000 LB 0x00081000 C:\Windows\System32\NetSetupShim.dll [fFlags=0x0]
14461ed4.29b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\NetSetupShim.dll
14471ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5a980000 'C:\Windows\System32\NetSetupShim.dll'
14481ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
14491ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71de0000 'C:\Windows\System32\crypt32.dll'
14501ed4.29b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'
14511ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
14521ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71de0000 'C:\Windows\System32\crypt32.dll'
14531ed4.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14541ed4.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'.
14551ed4.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'nsi.dll'.
14561ed4.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'winnsi.dll'.
14571ed4.29b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\NetSetupEngine.dll) WinVerifyTrust
14581ed4.29b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\NetSetupEngine.dll
14591ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
14601ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
14611ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
14621ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71de0000 'C:\Windows\System32\crypt32.dll'
14631ed4.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
14641ed4.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'nsi.dll'.
14651ed4.29b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winnsi.dll) WinVerifyTrust
14661ed4.29b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winnsi.dll
14671ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
14681ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
14691ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
14701ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
14711ed4.29b8: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\nsi.dll'.
14721ed4.29b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\nsi.dll)
14731ed4.29b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\nsi.dll
14741ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
14751ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
14761ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
14771ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71de0000 'C:\Windows\System32\crypt32.dll'
14781ed4.29b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\nsi.dll) WinVerifyTrust
14791ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
14801ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
14811ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
14821ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
14831ed4.29b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\NetSetupEngine.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
14841ed4.29b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\NetSetupEngine.dll
14851ed4.29b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winnsi.dll
14861ed4.29b8: supR3HardenedDllNotificationCallback: load 00007ffa75c20000 LB 0x00008000 C:\Windows\System32\NSI.dll [fFlags=0x0]
14871ed4.29b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll [avoiding WinVerifyTrust]
14881ed4.29b8: supR3HardenedDllNotificationCallback: load 00007ffa64860000 LB 0x0000b000 C:\Windows\SYSTEM32\WINNSI.DLL [fFlags=0x0]
14891ed4.29b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winnsi.dll
14901ed4.29b8: supR3HardenedDllNotificationCallback: load 00007ffa48710000 LB 0x000cc000 C:\Windows\System32\NetSetupEngine.dll [fFlags=0x0]
14911ed4.29b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\NetSetupEngine.dll
14921ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa48710000 'C:\Windows\System32\NetSetupEngine.dll'
14931ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
14941ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71de0000 'C:\Windows\System32\crypt32.dll'
14951ed4.29b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\nsi.dll'
14961ed4.299c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
14971ed4.299c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
14981ed4.299c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
14991ed4.299c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
15001ed4.299c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
15011ed4.299c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
15021ed4.299c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
15031ed4.299c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15041ed4.299c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15051ed4.299c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
15061ed4.299c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
15071ed4.299c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
15081ed4.299c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
15091ed4.299c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
15101ed4.299c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
15111ed4.299c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
15121ed4.299c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
15131ed4.299c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
15141ed4.299c: supR3HardenedMonitor_LdrLoadDll: pName=D:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
15151ed4.299c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
15161ed4.299c: supR3HardenedDllNotificationCallback: load 00007ffa6c290000 LB 0x0000b000 D:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
15171ed4.299c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
15181ed4.299c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6c290000 'D:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
15191ed4.299c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
15201ed4.299c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\User32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
15211ed4.299c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa751c0000 'C:\Windows\system32\User32.dll'
15221ed4.2908: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009cc pwszName=\Device\HarddiskVolume3\Windows\System32\uxtheme.dll
15231ed4.2908: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000012f0370
15241ed4.2908: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000012f0370
15251ed4.2960: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
15261ed4.2908: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9E9C9DBAFB6FF286F236C72F471A61F524EAC54D
15271ed4.2908: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
15281ed4.2908: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71de0000 'C:\Windows\System32\crypt32.dll'
15291ed4.2960: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
15301ed4.2960: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
15311ed4.2960: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
15321ed4.2960: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
15331ed4.2960: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
15341ed4.2960: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
15351ed4.2960: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
15361ed4.2960: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
15371ed4.2960: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
15381ed4.2960: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
15391ed4.2960: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
15401ed4.2960: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
15411ed4.2960: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
15421ed4.2960: supR3HardenedMonitor_LdrLoadDll: pName=D:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
15431ed4.2960: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
15441ed4.2960: supR3HardenedDllNotificationCallback: load 00007ffa68630000 LB 0x0000d000 D:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
15451ed4.2960: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
15461ed4.2960: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa68630000 'D:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
15471ed4.2908: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0315~31bf3856ad364e35~amd64~~10.0.17763.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\uxtheme.dll'
15481ed4.2908: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15491ed4.2908: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
15501ed4.2908: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
15511ed4.2908: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'user32.dll'.
15521ed4.2908: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\uxtheme.dll) WinVerifyTrust
15531ed4.2908: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
15541ed4.2908: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15551ed4.2908: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15561ed4.2908: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
15571ed4.2908: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15581ed4.2908: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15591ed4.2908: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll
15601ed4.2908: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15611ed4.2908: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15621ed4.2908: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
15631ed4.2908: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
15641ed4.2908: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
15651ed4.2908: supR3HardenedDllNotificationCallback: load 00007ffa6d9e0000 LB 0x0009c000 C:\Windows\system32\uxtheme.dll [fFlags=0x0]
15661ed4.2908: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
15671ed4.2908: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6d9e0000 'C:\Windows\system32\uxtheme.dll'
15681ed4.2908: supR3HardenedDllNotificationCallback: load 00007ffa756c0000 LB 0x0016a000 C:\Windows\System32\MSCTF.dll [fFlags=0x0]
15691ed4.2908: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
15701ed4.2908: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'oleaut32.dll'.
15711ed4.2908: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'user32.dll'.
15721ed4.2908: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'gdi32.dll'.
15731ed4.2908: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'imm32.dll'.
15741ed4.2908: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msctf.dll)
15751ed4.2908: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msctf.dll
15761ed4.29b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
15771ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
15781ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
15791ed4.29b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [lacks WinVerifyTrust]
15801ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15811ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15821ed4.29b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll
15831ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15841ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15851ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
15861ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
15871ed4.29b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
15881ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15891ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15901ed4.29b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
15911ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
15921ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71de0000 'C:\Windows\System32\crypt32.dll'
15931ed4.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
15941ed4.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #75 'user32.dll'.
15951ed4.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #77 'gdi32.dll'.
15961ed4.29b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shell32.dll) WinVerifyTrust
15971ed4.29b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shell32.dll
15981ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15991ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16001ed4.29b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll
16011ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16021ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16031ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16041ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16051ed4.29b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16061ed4.29b8: supR3HardenedDllNotificationCallback: load 00007ffa747a0000 LB 0x000a8000 C:\Windows\System32\shcore.dll [fFlags=0x0]
16071ed4.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16081ed4.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'rpcrt4.dll'.
16091ed4.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'combase.dll'.
16101ed4.29b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\SHCore.dll)
16111ed4.29b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\SHCore.dll
16121ed4.29b8: supR3HardenedDllNotificationCallback: load 00007ffa71d10000 LB 0x0005d000 C:\Windows\System32\powrprof.dll [fFlags=0x0]
16131ed4.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
16141ed4.29b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\powrprof.dll)
16151ed4.29b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\powrprof.dll
16161ed4.29b8: supR3HardenedDllNotificationCallback: load 00007ffa71fc0000 LB 0x0074a000 C:\Windows\System32\windows.storage.dll [fFlags=0x0]
16171ed4.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'combase.dll'.
16181ed4.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'msvcp_win.dll'.
16191ed4.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'rpcrt4.dll'.
16201ed4.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #56 'profapi.dll'.
16211ed4.29b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\windows.storage.dll)
16221ed4.29b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\windows.storage.dll
16231ed4.29b8: supR3HardenedDllNotificationCallback: load 00007ffa732b0000 LB 0x014ef000 C:\Windows\System32\Shell32.dll [fFlags=0x0]
16241ed4.29b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
16251ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa732b0000 'C:\Windows\system32\Shell32.dll'
16261ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
16271ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
16281ed4.29b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\profapi.dll
16291ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
16301ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
16311ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
16321ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
16331ed4.29b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
16341ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
16351ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
16361ed4.29b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [lacks WinVerifyTrust]
16371ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
16381ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
16391ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
16401ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
16411ed4.29b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [lacks WinVerifyTrust]
16421ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
16431ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
16441ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16451ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16461ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
16471ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71de0000 'C:\Windows\System32\crypt32.dll'
16481ed4.29b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'
16491ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
16501ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71de0000 'C:\Windows\System32\crypt32.dll'
16511ed4.29b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'
16521ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
16531ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71de0000 'C:\Windows\System32\crypt32.dll'
16541ed4.29b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'
16551ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
16561ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71de0000 'C:\Windows\System32\crypt32.dll'
16571ed4.29b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msctf.dll'
16581ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
16591ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
16601ed4.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
16611ed4.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
16621ed4.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
16631ed4.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
16641ed4.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
16651ed4.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
16661ed4.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
16671ed4.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
16681ed4.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
16691ed4.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
16701ed4.29b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
16711ed4.29b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
16721ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
16731ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
16741ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
16751ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71de0000 'C:\Windows\System32\crypt32.dll'
16761ed4.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
16771ed4.29b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
16781ed4.29b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
16791ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
16801ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
16811ed4.29b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
16821ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
16831ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
16841ed4.29b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
16851ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
16861ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
16871ed4.29b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
16881ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16891ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16901ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
16911ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
16921ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
16931ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
16941ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
16951ed4.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
16961ed4.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
16971ed4.29b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
16981ed4.29b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
16991ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
17001ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
17011ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
17021ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
17031ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
17041ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
17051ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
17061ed4.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
17071ed4.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
17081ed4.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
17091ed4.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
17101ed4.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
17111ed4.29b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
17121ed4.29b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
17131ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
17141ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
17151ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
17161ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
17171ed4.29b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
17181ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
17191ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
17201ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
17211ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
17221ed4.29b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
17231ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
17241ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
17251ed4.29b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
17261ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17271ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17281ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
17291ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
17301ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
17311ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
17321ed4.29b8: supR3HardenedMonitor_LdrLoadDll: pName=D:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17331ed4.29b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
17341ed4.29b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
17351ed4.29b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
17361ed4.29b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
17371ed4.29b8: supR3HardenedDllNotificationCallback: load 00007ffa5ebe0000 LB 0x00063000 D:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
17381ed4.29b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
17391ed4.29b8: supR3HardenedDllNotificationCallback: load 00007ffa5cc20000 LB 0x0005c000 D:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
17401ed4.29b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
17411ed4.29b8: supR3HardenedDllNotificationCallback: load 00007ffa71300000 LB 0x0003d000 C:\Windows\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
17421ed4.29b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
17431ed4.29b8: supR3HardenedDllNotificationCallback: load 00007ffa365b0000 LB 0x009d7000 D:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
17441ed4.29b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
17451ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa365b0000 'D:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
17461ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
17471ed4.29b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
17481ed4.29b8: supR3HardenedMonitor_LdrLoadDll: pName=D:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17491ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa36f90000 'D:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
17501ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
17511ed4.29b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
17521ed4.29b8: supR3HardenedMonitor_LdrLoadDll: pName=D:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17531ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5cc20000 'D:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
17541ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
17551ed4.2aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
17561ed4.2aec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
17571ed4.2aec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
17581ed4.2aec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
17591ed4.2aec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
17601ed4.2aec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
17611ed4.2aec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
17621ed4.2aec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
17631ed4.2aec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
17641ed4.2aec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
17651ed4.2aec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
17661ed4.2aec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
17671ed4.2aec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
17681ed4.2aec: supR3HardenedMonitor_LdrLoadDll: pName=D:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17691ed4.2aec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
17701ed4.2aec: supR3HardenedDllNotificationCallback: load 00007ffa66920000 LB 0x00012000 D:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
17711ed4.2aec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
17721ed4.2aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa66920000 'D:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
17731ed4.2ae4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
17741ed4.2ae4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
17751ed4.2ae4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
17761ed4.2ae4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
17771ed4.2ae4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
17781ed4.2ae4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
17791ed4.2ae4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
17801ed4.2ae4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
17811ed4.2ae4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
17821ed4.2ae4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
17831ed4.2ae4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
17841ed4.2ae4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
17851ed4.2ae4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
17861ed4.2ae4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
17871ed4.2ae4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
17881ed4.2ae4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
17891ed4.2ae4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
17901ed4.2ae4: supR3HardenedMonitor_LdrLoadDll: pName=D:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17911ed4.2ae4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
17921ed4.2ae4: supR3HardenedDllNotificationCallback: load 00007ffa68620000 LB 0x0000c000 D:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
17931ed4.2ae4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
17941ed4.2ae4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa68620000 'D:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
17951ed4.2b08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
17961ed4.2b08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
17971ed4.2b08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
17981ed4.2b08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
17991ed4.2b08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
18001ed4.2b08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
18011ed4.2b08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
18021ed4.2b08: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
18031ed4.2b08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
18041ed4.2b08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
18051ed4.2b08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
18061ed4.2b08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
18071ed4.2b08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
18081ed4.2b08: supR3HardenedMonitor_LdrLoadDll: pName=D:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18091ed4.2b08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
18101ed4.2b08: supR3HardenedDllNotificationCallback: load 00007ffa670e0000 LB 0x0000d000 D:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
18111ed4.2b08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
18121ed4.2b08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa670e0000 'D:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
18131ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
18141ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71de0000 'C:\Windows\System32\crypt32.dll'
18151ed4.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
18161ed4.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'devobj.dll'.
18171ed4.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'propsys.dll'.
18181ed4.29b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll) WinVerifyTrust
18191ed4.29b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
18201ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
18211ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume3\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
18221ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
18231ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71de0000 'C:\Windows\System32\crypt32.dll'
18241ed4.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18251ed4.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'oleaut32.dll'.
18261ed4.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'rpcrt4.dll'.
18271ed4.29b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\propsys.dll) WinVerifyTrust
18281ed4.29b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\propsys.dll
18291ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
18301ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume3\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
18311ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
18321ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
18331ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
18341ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
18351ed4.29b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
18361ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18371ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18381ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
18391ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71de0000 'C:\Windows\System32\crypt32.dll'
18401ed4.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'cfgmgr32.dll'.
18411ed4.29b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\devobj.dll) WinVerifyTrust
18421ed4.29b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\devobj.dll
18431ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
18441ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
18451ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
18461ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
18471ed4.29b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
18481ed4.29b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
18491ed4.29b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
18501ed4.29b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devobj.dll
18511ed4.29b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\propsys.dll
18521ed4.29b8: supR3HardenedDllNotificationCallback: load 00007ffa71b40000 LB 0x00029000 C:\Windows\System32\DEVOBJ.dll [fFlags=0x0]
18531ed4.29b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devobj.dll
18541ed4.29b8: supR3HardenedDllNotificationCallback: load 00007ffa6fb20000 LB 0x001a8000 C:\Windows\System32\PROPSYS.dll [fFlags=0x0]
18551ed4.29b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\propsys.dll
18561ed4.29b8: supR3HardenedDllNotificationCallback: load 00007ffa67540000 LB 0x00070000 C:\Windows\System32\MMDevApi.dll [fFlags=0x0]
18571ed4.29b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
18581ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa67540000 'C:\Windows\System32\MMDevApi.dll'
18591ed4.29b8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000cb8 pwszName=\Device\HarddiskVolume3\Windows\System32\dsound.dll
18601ed4.29b8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000012f0370
18611ed4.29b8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000012f0370
18621ed4.29b8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B973A852091636F8493626192E69AE7AC7CBBB7F
18631ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
18641ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71de0000 'C:\Windows\System32\crypt32.dll'
18651ed4.29b8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.17763.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\dsound.dll'
18661ed4.29b8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18671ed4.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18681ed4.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'winmm.dll'.
18691ed4.29b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dsound.dll) WinVerifyTrust
18701ed4.29b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dsound.dll
18711ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
18721ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
18731ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
18741ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71de0000 'C:\Windows\System32\crypt32.dll'
18751ed4.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
18761ed4.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
18771ed4.29b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winmm.dll) WinVerifyTrust
18781ed4.29b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winmm.dll
18791ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18801ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18811ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18821ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18831ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
18841ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
18851ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
18861ed4.29b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
18871ed4.29b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18881ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71de0000 'C:\Windows\System32\crypt32.dll'
18891ed4.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18901ed4.29b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winmmbase.dll) WinVerifyTrust
18911ed4.29b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winmmbase.dll
18921ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18931ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18941ed4.29b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
18951ed4.29b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
18961ed4.29b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
18971ed4.29b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmmbase.dll
18981ed4.29b8: supR3HardenedDllNotificationCallback: load 00007ffa6ba70000 LB 0x0002d000 C:\Windows\System32\WINMMBASE.dll [fFlags=0x0]
18991ed4.29b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmmbase.dll
19001ed4.29b8: supR3HardenedDllNotificationCallback: load 00007ffa6baa0000 LB 0x00024000 C:\Windows\System32\WINMM.dll [fFlags=0x0]
19011ed4.29b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
19021ed4.29b8: supR3HardenedDllNotificationCallback: load 00007ffa54030000 LB 0x00096000 C:\Windows\System32\dsound.dll [fFlags=0x0]
19031ed4.29b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
19041ed4.29b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
19051ed4.29b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
19061ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa54030000 'C:\Windows\System32\dsound.dll'
19071ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa54030000 'C:\Windows\System32\dsound.dll'
19081ed4.29b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
19091ed4.29b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
19101ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa54030000 'C:\Windows\system32\dsound.dll'
19111ed4.29b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
19121ed4.29b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
19131ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa67540000 'C:\Windows\System32\MMDEVAPI.DLL'
19141ed4.29b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
19151ed4.29b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
19161ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6baa0000 'C:\Windows\System32\winmm.dll'
19171ed4.29b8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d1c pwszName=\Device\HarddiskVolume3\Windows\System32\wdmaud.drv
19181ed4.29b8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000012f0370
19191ed4.29b8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000012f0370
19201ed4.29b8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=22E5B934FBB9B8EED168F5BD0121AD902CCB797A
19211ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
19221ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71de0000 'C:\Windows\System32\crypt32.dll'
19231ed4.29b8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.17763.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\wdmaud.drv'
19241ed4.29b8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19251ed4.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19261ed4.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'mmdevapi.dll'.
19271ed4.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'ksuser.dll'.
19281ed4.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'avrt.dll'.
19291ed4.29b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wdmaud.drv) WinVerifyTrust
19301ed4.29b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
19311ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
19321ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
19331ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
19341ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71de0000 'C:\Windows\System32\crypt32.dll'
19351ed4.29b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\avrt.dll) WinVerifyTrust
19361ed4.29b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\avrt.dll
19371ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
19381ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume3\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
19391ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
19401ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71de0000 'C:\Windows\System32\crypt32.dll'
19411ed4.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19421ed4.29b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ksuser.dll) WinVerifyTrust
19431ed4.29b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ksuser.dll
19441ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
19451ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
19461ed4.29b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
19471ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19481ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19491ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19501ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19511ed4.29b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
19521ed4.29b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
19531ed4.29b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ksuser.dll
19541ed4.29b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\avrt.dll
19551ed4.29b8: supR3HardenedDllNotificationCallback: load 00007ffa684c0000 LB 0x00009000 C:\Windows\SYSTEM32\ksuser.dll [fFlags=0x0]
19561ed4.29b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ksuser.dll
19571ed4.29b8: supR3HardenedDllNotificationCallback: load 00007ffa6b210000 LB 0x0000a000 C:\Windows\SYSTEM32\AVRT.dll [fFlags=0x0]
19581ed4.29b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\avrt.dll
19591ed4.29b8: supR3HardenedDllNotificationCallback: load 00007ffa674f0000 LB 0x00044000 C:\Windows\System32\wdmaud.drv [fFlags=0x0]
19601ed4.29b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
19611ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa674f0000 'C:\Windows\System32\wdmaud.drv'
19621ed4.29b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
19631ed4.29b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
19641ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa674f0000 'C:\Windows\System32\wdmaud.drv'
19651ed4.29b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
19661ed4.29b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
19671ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa674f0000 'C:\Windows\System32\wdmaud.drv'
19681ed4.29b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
19691ed4.29b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
19701ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa674f0000 'C:\Windows\System32\wdmaud.drv'
19711ed4.29b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
19721ed4.29b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
19731ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa674f0000 'C:\Windows\System32\wdmaud.drv'
19741ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
19751ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71de0000 'C:\Windows\System32\crypt32.dll'
19761ed4.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
19771ed4.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
19781ed4.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'.
19791ed4.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #57 'mmdevapi.dll'.
19801ed4.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #58 'avrt.dll'.
19811ed4.29b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\AudioSes.dll) WinVerifyTrust
19821ed4.29b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\AudioSes.dll
19831ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
19841ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
19851ed4.29b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\avrt.dll
19861ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
19871ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
19881ed4.29b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
19891ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
19901ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
19911ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
19921ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
19931ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
19941ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
19951ed4.29b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
19961ed4.29b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
19971ed4.29b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\AudioSes.dll
19981ed4.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'combase.dll'.
19991ed4.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'.
20001ed4.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'bcryptprimitives.dll'.
20011ed4.29b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\WinTypes.dll)
20021ed4.29b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\WinTypes.dll
20031ed4.29b8: supR3HardenedDllNotificationCallback: load 00007ffa6ea20000 LB 0x00153000 C:\Windows\SYSTEM32\wintypes.dll [fFlags=0x0]
20041ed4.29b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust]
20051ed4.29b8: supR3HardenedDllNotificationCallback: load 00007ffa67d70000 LB 0x00148000 C:\Windows\System32\AUDIOSES.DLL [fFlags=0x0]
20061ed4.29b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\AudioSes.dll
20071ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa67d70000 'C:\Windows\System32\AUDIOSES.DLL'
20081ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
20091ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
20101ed4.29b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
20111ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
20121ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
20131ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
20141ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
20151ed4.29b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [lacks WinVerifyTrust]
20161ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
20171ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71de0000 'C:\Windows\System32\crypt32.dll'
20181ed4.29b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\WinTypes.dll'
20191ed4.29b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
20201ed4.29b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
20211ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa674f0000 'C:\Windows\System32\wdmaud.drv'
20221ed4.29b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
20231ed4.29b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
20241ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa674f0000 'C:\Windows\System32\wdmaud.drv'
20251ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa674f0000 'C:\Windows\System32\wdmaud.drv'
20261ed4.29b8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d8c pwszName=\Device\HarddiskVolume3\Windows\System32\msacm32.drv
20271ed4.29b8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000012f0370
20281ed4.29b8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000012f0370
20291ed4.29b8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DF9222E8F115E50DE05D7AD2D27BDC071ADD62AF
20301ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
20311ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71de0000 'C:\Windows\System32\crypt32.dll'
20321ed4.29b8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.17763.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\msacm32.drv'
20331ed4.29b8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20341ed4.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20351ed4.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'mmdevapi.dll'.
20361ed4.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'msacm32.dll'.
20371ed4.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'winmmbase.dll'.
20381ed4.29b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msacm32.drv) WinVerifyTrust
20391ed4.29b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msacm32.drv
20401ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
20411ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
20421ed4.29b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmmbase.dll
20431ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
20441ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
20451ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
20461ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71de0000 'C:\Windows\System32\crypt32.dll'
20471ed4.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20481ed4.29b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msacm32.dll) WinVerifyTrust
20491ed4.29b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msacm32.dll
20501ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
20511ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
20521ed4.29b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
20531ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20541ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20551ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20561ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20571ed4.29b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
20581ed4.29b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
20591ed4.29b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.dll
20601ed4.29b8: supR3HardenedDllNotificationCallback: load 00007ffa674a0000 LB 0x0001c000 C:\Windows\SYSTEM32\MSACM32.dll [fFlags=0x0]
20611ed4.29b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.dll
20621ed4.29b8: supR3HardenedDllNotificationCallback: load 00007ffa674c0000 LB 0x0000d000 C:\Windows\System32\msacm32.drv [fFlags=0x0]
20631ed4.29b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
20641ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa674c0000 'C:\Windows\System32\msacm32.drv'
20651ed4.29b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
20661ed4.29b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
20671ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa674c0000 'C:\Windows\System32\msacm32.drv'
20681ed4.29b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
20691ed4.29b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
20701ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa674c0000 'C:\Windows\System32\msacm32.drv'
20711ed4.29b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
20721ed4.29b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
20731ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa674c0000 'C:\Windows\System32\msacm32.drv'
20741ed4.29b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
20751ed4.29b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
20761ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa674c0000 'C:\Windows\System32\msacm32.drv'
20771ed4.29b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
20781ed4.29b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
20791ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa674c0000 'C:\Windows\System32\msacm32.drv'
20801ed4.29b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
20811ed4.29b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
20821ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa674c0000 'C:\Windows\System32\msacm32.drv'
20831ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa674c0000 'C:\Windows\System32\msacm32.drv'
20841ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa674c0000 'C:\Windows\System32\msacm32.drv'
20851ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa674c0000 'C:\Windows\System32\msacm32.drv'
20861ed4.29b8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d84 pwszName=\Device\HarddiskVolume3\Windows\System32\midimap.dll
20871ed4.29b8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000012f0370
20881ed4.29b8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000012f0370
20891ed4.29b8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FE1B51D5EFA4634DA5F3478BB920BDCB24116539
20901ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
20911ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71de0000 'C:\Windows\System32\crypt32.dll'
20921ed4.29b8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.17763.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\midimap.dll'
20931ed4.29b8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20941ed4.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20951ed4.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'winmm.dll'.
20961ed4.29b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\midimap.dll) WinVerifyTrust
20971ed4.29b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\midimap.dll
20981ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
20991ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
21001ed4.29b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
21011ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21021ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21031ed4.29b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
21041ed4.29b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
21051ed4.29b8: supR3HardenedDllNotificationCallback: load 00007ffa67490000 LB 0x0000a000 C:\Windows\System32\midimap.dll [fFlags=0x0]
21061ed4.29b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
21071ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa67490000 'C:\Windows\System32\midimap.dll'
21081ed4.29b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
21091ed4.29b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
21101ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa67490000 'C:\Windows\System32\midimap.dll'
21111ed4.29b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
21121ed4.29b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
21131ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa67490000 'C:\Windows\System32\midimap.dll'
21141ed4.29b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
21151ed4.29b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
21161ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa67490000 'C:\Windows\System32\midimap.dll'
21171ed4.29b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
21181ed4.29b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21191ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6baa0000 'C:\Windows\System32\winmm.dll'
21201ed4.29b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
21211ed4.29b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21221ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6baa0000 'C:\Windows\System32\winmm.dll'
21231ed4.29b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
21241ed4.29b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21251ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6baa0000 'C:\Windows\System32\winmm.dll'
21261ed4.29b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
21271ed4.29b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21281ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6baa0000 'C:\Windows\System32\winmm.dll'
21291ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6baa0000 'C:\Windows\System32\winmm.dll'
21301ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6baa0000 'C:\Windows\System32\winmm.dll'
21311ed4.29b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
21321ed4.29b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21331ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa54030000 'C:\Windows\system32\dsound.dll'
21341ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6baa0000 'C:\Windows\System32\winmm.dll'
21351ed4.29b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
21361ed4.29b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21371ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa54030000 'C:\Windows\system32\dsound.dll'
21381ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6baa0000 'C:\Windows\System32\winmm.dll'
21391ed4.1980: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21401ed4.1980: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
21411ed4.1980: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ResourcePolicyClient.dll)
21421ed4.1980: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ResourcePolicyClient.dll
21431ed4.1980: supR3HardenedDllNotificationCallback: load 00007ffa70310000 LB 0x00014000 C:\Windows\SYSTEM32\resourcepolicyclient.dll [fFlags=0x0]
21441ed4.1980: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ResourcePolicyClient.dll [avoiding WinVerifyTrust]
21451ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
21461ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
21471ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21481ed4.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21491ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71160000 'C:\Windows\system32\rsaenh.dll'
21501ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa71de0000 'C:\Windows\System32\crypt32.dll'
21511ed4.29b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ResourcePolicyClient.dll'
21521ed4.29b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
21531ed4.29b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21541ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa54030000 'C:\Windows\system32\dsound.dll'
21551ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6baa0000 'C:\Windows\System32\winmm.dll'
21561ed4.29b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
21571ed4.29b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21581ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa54030000 'C:\Windows\system32\dsound.dll'
21591ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6baa0000 'C:\Windows\System32\winmm.dll'
21601ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa54030000 'C:\Windows\system32\dsound.dll'
21611ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6baa0000 'C:\Windows\System32\winmm.dll'
21621ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa54030000 'C:\Windows\system32\dsound.dll'
21631ed4.29b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
21641ed4.29b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21651ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6baa0000 'C:\Windows\System32\winmm.dll'
21661ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa54030000 'C:\Windows\system32\dsound.dll'
21671ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6baa0000 'C:\Windows\System32\winmm.dll'
21681ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa54030000 'C:\Windows\system32\dsound.dll'
21691ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6baa0000 'C:\Windows\System32\winmm.dll'
21701ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa54030000 'C:\Windows\system32\dsound.dll'
21711ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6baa0000 'C:\Windows\System32\winmm.dll'
21721ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa54030000 'C:\Windows\system32\dsound.dll'
21731ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6baa0000 'C:\Windows\System32\winmm.dll'
21741ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6baa0000 'C:\Windows\System32\winmm.dll'
21751ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6baa0000 'C:\Windows\System32\winmm.dll'
21761ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6baa0000 'C:\Windows\System32\winmm.dll'
21771ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa54030000 'C:\Windows\system32\dsound.dll'
21781ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6baa0000 'C:\Windows\System32\winmm.dll'
21791ed4.29b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
21801ed4.29b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21811ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa54030000 'C:\Windows\system32\dsound.dll'
21821ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6baa0000 'C:\Windows\System32\winmm.dll'
21831ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa54030000 'C:\Windows\system32\dsound.dll'
21841ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6baa0000 'C:\Windows\System32\winmm.dll'
21851ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa54030000 'C:\Windows\system32\dsound.dll'
21861ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6baa0000 'C:\Windows\System32\winmm.dll'
21871ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa54030000 'C:\Windows\system32\dsound.dll'
21881ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6baa0000 'C:\Windows\System32\winmm.dll'
21891ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa54030000 'C:\Windows\system32\dsound.dll'
21901ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6baa0000 'C:\Windows\System32\winmm.dll'
21911ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa54030000 'C:\Windows\system32\dsound.dll'
21921ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6baa0000 'C:\Windows\System32\winmm.dll'
21931ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa54030000 'C:\Windows\system32\dsound.dll'
21941ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6baa0000 'C:\Windows\System32\winmm.dll'
21951ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa54030000 'C:\Windows\system32\dsound.dll'
21961ed4.29b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
21971ed4.29b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21981ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6baa0000 'C:\Windows\System32\winmm.dll'
21991ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa54030000 'C:\Windows\system32\dsound.dll'
22001ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6baa0000 'C:\Windows\System32\winmm.dll'
22011ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa54030000 'C:\Windows\system32\dsound.dll'
22021ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6baa0000 'C:\Windows\System32\winmm.dll'
22031ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa54030000 'C:\Windows\system32\dsound.dll'
22041ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6baa0000 'C:\Windows\System32\winmm.dll'
22051ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa54030000 'C:\Windows\system32\dsound.dll'
22061ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6baa0000 'C:\Windows\System32\winmm.dll'
22071ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa54030000 'C:\Windows\system32\dsound.dll'
22081ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6baa0000 'C:\Windows\System32\winmm.dll'
22091ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa54030000 'C:\Windows\system32\dsound.dll'
22101ed4.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6baa0000 'C:\Windows\System32\winmm.dll'

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy