VirtualBox

Ticket #18265: IEUser - Win7-2019-01-03-11-55-20.log

File IEUser - Win7-2019-01-03-11-55-20.log, 294.4 KB (added by PetrGasparik, 6 years ago)

VB log of crashed resume

Line 
15e0.1118: Log file opened: 6.0.0r127566 g_hStartupLog=0000000000000068 g_uNtVerCombined=0xa042ee00
25e0.1118: \SystemRoot\System32\ntdll.dll:
35e0.1118: CreationTime: 2018-12-17T19:46:54.265131500Z
45e0.1118: LastWriteTime: 2018-12-08T08:04:53.786979100Z
55e0.1118: ChangeTime: 2018-12-20T16:20:37.633361900Z
65e0.1118: FileAttributes: 0x20
75e0.1118: Size: 0x1da720
85e0.1118: NT Headers: 0xe8
95e0.1118: Timestamp: 0x7e614c22
105e0.1118: Machine: 0x8664 - amd64
115e0.1118: Timestamp: 0x7e614c22
125e0.1118: Image Version: 10.0
135e0.1118: SizeOfImage: 0x1e1000 (1970176)
145e0.1118: Resource Dir: 0x174000 LB 0x6b3e8
155e0.1118: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
165e0.1118: [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)]
175e0.1118: ProductName: Microsoft® Windows® Operating System
185e0.1118: ProductVersion: 10.0.17134.471
195e0.1118: FileVersion: 10.0.17134.471 (WinBuild.160101.0800)
205e0.1118: FileDescription: NT Layer DLL
215e0.1118: \SystemRoot\System32\kernel32.dll:
225e0.1118: CreationTime: 2018-04-11T23:34:40.510607900Z
235e0.1118: LastWriteTime: 2018-04-11T23:34:40.510607900Z
245e0.1118: ChangeTime: 2018-11-16T10:08:09.197813800Z
255e0.1118: FileAttributes: 0x20
265e0.1118: Size: 0xafef8
275e0.1118: NT Headers: 0xe8
285e0.1118: Timestamp: 0x5f488a51
295e0.1118: Machine: 0x8664 - amd64
305e0.1118: Timestamp: 0x5f488a51
315e0.1118: Image Version: 10.0
325e0.1118: SizeOfImage: 0xb2000 (729088)
335e0.1118: Resource Dir: 0xb0000 LB 0x520
345e0.1118: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
355e0.1118: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
365e0.1118: ProductName: Microsoft® Windows® Operating System
375e0.1118: ProductVersion: 10.0.17134.1
385e0.1118: FileVersion: 10.0.17134.1 (WinBuild.160101.0800)
395e0.1118: FileDescription: Windows NT BASE API Client DLL
405e0.1118: \SystemRoot\System32\KernelBase.dll:
415e0.1118: CreationTime: 2018-12-17T19:46:57.451887000Z
425e0.1118: LastWriteTime: 2018-11-09T02:47:52.285920600Z
435e0.1118: ChangeTime: 2018-12-20T16:20:37.630468800Z
445e0.1118: FileAttributes: 0x20
455e0.1118: Size: 0x273b78
465e0.1118: NT Headers: 0xf0
475e0.1118: Timestamp: 0x428de48c
485e0.1118: Machine: 0x8664 - amd64
495e0.1118: Timestamp: 0x428de48c
505e0.1118: Image Version: 10.0
515e0.1118: SizeOfImage: 0x273000 (2568192)
525e0.1118: Resource Dir: 0x251000 LB 0x548
535e0.1118: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
545e0.1118: [Raw version resource data: 0x2510b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
555e0.1118: ProductName: Microsoft® Windows® Operating System
565e0.1118: ProductVersion: 10.0.17134.441
575e0.1118: FileVersion: 10.0.17134.441 (WinBuild.160101.0800)
585e0.1118: FileDescription: Windows NT BASE API Client DLL
595e0.1118: \SystemRoot\System32\apisetschema.dll:
605e0.1118: CreationTime: 2018-04-11T23:34:44.042150700Z
615e0.1118: LastWriteTime: 2018-04-11T23:34:44.042150700Z
625e0.1118: ChangeTime: 2018-11-16T09:10:01.403233100Z
635e0.1118: FileAttributes: 0x20
645e0.1118: Size: 0x1bd98
655e0.1118: NT Headers: 0xd0
665e0.1118: Timestamp: 0xd02ff418
675e0.1118: Machine: 0x8664 - amd64
685e0.1118: Timestamp: 0xd02ff418
695e0.1118: Image Version: 10.0
705e0.1118: SizeOfImage: 0x1c000 (114688)
715e0.1118: Resource Dir: 0x1b000 LB 0x408
725e0.1118: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
735e0.1118: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
745e0.1118: ProductName: Microsoft® Windows® Operating System
755e0.1118: ProductVersion: 10.0.17134.1
765e0.1118: FileVersion: 10.0.17134.1 (WinBuild.160101.0800)
775e0.1118: FileDescription: ApiSet Schema DLL
785e0.1118: NtOpenDirectoryObject failed on \Driver: 0xc0000022
795e0.1118: supR3HardenedWinFindAdversaries: 0x0
805e0.1118: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
815e0.1118: Calling main()
825e0.1118: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
835e0.1118: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
845e0.1118: SUPR3HardenedMain: Respawn #1
855e0.1118: System32: \Device\HarddiskVolume3\Windows\System32
865e0.1118: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
875e0.1118: KnownDllPath: C:\Windows\System32
885e0.1118: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
895e0.1118: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
905e0.1118: supR3HardNtEnableThreadCreation:
915e0.1118: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007fff89514f90 pvNtTerminateThread=00007fff8953b3f0
925e0.1118: supR3HardenedWinDoReSpawn(1): New child 4440.88c [kernel32].
935e0.1118: supR3HardNtChildGatherData: PebBaseAddress=00000000007ca000 cbPeb=0x388
945e0.1118: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007fff894a0000 uNtDllChildAddr=00007fff894a0000
955e0.1118: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007fff89514f90
965e0.1118: supR3HardenedWinSetupChildInit: Start child.
975e0.1118: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
985e0.1118: supR3HardNtChildPurify: Startup delay kludge #1/0: 259 ms, 30 sleeps
995e0.1118: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
1005e0.1118: *0000000000000000-000000000056ffff 0x0001/0x0000 0x0000000
1015e0.1118: *0000000000570000-000000000058ffff 0x0004/0x0004 0x0020000
1025e0.1118: *0000000000590000-00000000005a8fff 0x0002/0x0002 0x0040000
1035e0.1118: 00000000005a9000-00000000005affff 0x0001/0x0000 0x0000000
1045e0.1118: *00000000005b0000-00000000005b3fff 0x0002/0x0002 0x0040000
1055e0.1118: 00000000005b4000-00000000005bffff 0x0001/0x0000 0x0000000
1065e0.1118: *00000000005c0000-00000000005c0fff 0x0004/0x0004 0x0020000
1075e0.1118: 00000000005c1000-00000000005fffff 0x0001/0x0000 0x0000000
1085e0.1118: *0000000000600000-00000000007c9fff 0x0000/0x0004 0x0020000
1095e0.1118: 00000000007ca000-00000000007ccfff 0x0004/0x0004 0x0020000
1105e0.1118: 00000000007cd000-00000000007fffff 0x0000/0x0004 0x0020000
1115e0.1118: *0000000000800000-00000000008fafff 0x0000/0x0004 0x0020000
1125e0.1118: 00000000008fb000-00000000008fdfff 0x0104/0x0004 0x0020000
1135e0.1118: 00000000008fe000-00000000008fffff 0x0004/0x0004 0x0020000
1145e0.1118: 0000000000900000-000000007ffdffff 0x0001/0x0000 0x0000000
1155e0.1118: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
1165e0.1118: 000000007ffe1000-00007ff52098ffff 0x0001/0x0000 0x0000000
1175e0.1118: *00007ff520990000-00007ff5209b2fff 0x0002/0x0002 0x0040000
1185e0.1118: 00007ff5209b3000-00007ff74a31ffff 0x0001/0x0000 0x0000000
1195e0.1118: *00007ff74a320000-00007ff74a320fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1205e0.1118: 00007ff74a321000-00007ff74a393fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1215e0.1118: 00007ff74a394000-00007ff74a394fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1225e0.1118: 00007ff74a395000-00007ff74a3dbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1235e0.1118: 00007ff74a3dc000-00007ff74a3dcfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1245e0.1118: 00007ff74a3dd000-00007ff74a3ddfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1255e0.1118: 00007ff74a3de000-00007ff74a3e2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1265e0.1118: 00007ff74a3e3000-00007ff74a3e3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1275e0.1118: 00007ff74a3e4000-00007ff74a3e4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1285e0.1118: 00007ff74a3e5000-00007ff74a3e8fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1295e0.1118: 00007ff74a3e9000-00007ff74a431fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1305e0.1118: 00007ff74a432000-00007fff8949ffff 0x0001/0x0000 0x0000000
1315e0.1118: *00007fff894a0000-00007fff894a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1325e0.1118: 00007fff894a1000-00007fff895affff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1335e0.1118: 00007fff895b0000-00007fff895f5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1345e0.1118: 00007fff895f6000-00007fff89600fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1355e0.1118: 00007fff89601000-00007fff8960efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1365e0.1118: 00007fff8960f000-00007fff8960ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1375e0.1118: 00007fff89610000-00007fff89612fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1385e0.1118: 00007fff89613000-00007fff89680fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1395e0.1118: 00007fff89681000-00007ffffffeffff 0x0001/0x0000 0x0000000
1405e0.1118: VirtualBoxVM.exe: timestamp 0x5c18e1cd (rc=VINF_SUCCESS)
1415e0.1118: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
1425e0.1118: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
1435e0.1118: supR3HardNtChildPurify: Done after 292 ms and 0 fixes (loop #0).
1444440.88c: Log file opened: 6.0.0r127566 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa042ee00
1454440.88c: supR3HardenedVmProcessInit: uNtDllAddr=00007fff894a0000 g_uNtVerCombined=0xa042ee00
1464440.88c: ntdll.dll: timestamp 0x7e614c22 (rc=VINF_SUCCESS)
1474440.88c: New simple heap: #1 0000000000a00000 LB 0x400000 (for 1970176 allocation)
1485e0.1118: supR3HardNtEnableThreadCreation:
1494440.88c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
1504440.88c: System32: \Device\HarddiskVolume3\Windows\System32
1514440.88c: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
1524440.88c: KnownDllPath: C:\Windows\System32
1534440.88c: supR3HardenedVmProcessInit: Opening vboxdrv stub...
1544440.88c: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
1554440.88c: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
1564440.88c: Registered Dll notification callback with NTDLL.
1574440.88c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
1584440.88c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
1594440.88c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
1604440.88c: supR3HardenedDllNotificationCallback: load 00007fff86430000 LB 0x00273000 C:\Windows\System32\KERNELBASE.dll [fFlags=0x0]
1614440.88c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
1624440.88c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
1634440.88c: supR3HardenedDllNotificationCallback: load 00007fff88570000 LB 0x000b2000 C:\Windows\System32\KERNEL32.DLL [fFlags=0x0]
1644440.88c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
1654440.88c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff88570000 'C:\Windows\System32\KERNEL32.DLL'
1664440.88c: supR3HardenedDllNotificationCallback: load 00007ff74a320000 LB 0x00112000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
1674440.88c: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
1684440.88c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
1694440.88c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1704440.88c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007fff89514f90 pvNtTerminateThread=00007fff8953b3f0
1715e0.1118: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 64 ms.
1724440.88c: \SystemRoot\System32\ntdll.dll:
1734440.88c: CreationTime: 2018-12-17T19:46:54.265131500Z
1744440.88c: LastWriteTime: 2018-12-08T08:04:53.786979100Z
1754440.88c: ChangeTime: 2018-12-20T16:20:37.633361900Z
1764440.88c: FileAttributes: 0x20
1774440.88c: Size: 0x1da720
1784440.88c: NT Headers: 0xe8
1794440.88c: Timestamp: 0x7e614c22
1804440.88c: Machine: 0x8664 - amd64
1814440.88c: Timestamp: 0x7e614c22
1824440.88c: Image Version: 10.0
1834440.88c: SizeOfImage: 0x1e1000 (1970176)
1844440.88c: Resource Dir: 0x174000 LB 0x6b3e8
1854440.88c: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
1864440.88c: [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)]
1874440.88c: ProductName: Microsoft® Windows® Operating System
1884440.88c: ProductVersion: 10.0.17134.471
1894440.88c: FileVersion: 10.0.17134.471 (WinBuild.160101.0800)
1904440.88c: FileDescription: NT Layer DLL
1914440.88c: \SystemRoot\System32\kernel32.dll:
1924440.88c: CreationTime: 2018-04-11T23:34:40.510607900Z
1934440.88c: LastWriteTime: 2018-04-11T23:34:40.510607900Z
1944440.88c: ChangeTime: 2018-11-16T10:08:09.197813800Z
1954440.88c: FileAttributes: 0x20
1964440.88c: Size: 0xafef8
1974440.88c: NT Headers: 0xe8
1984440.88c: Timestamp: 0x5f488a51
1994440.88c: Machine: 0x8664 - amd64
2004440.88c: Timestamp: 0x5f488a51
2014440.88c: Image Version: 10.0
2024440.88c: SizeOfImage: 0xb2000 (729088)
2034440.88c: Resource Dir: 0xb0000 LB 0x520
2044440.88c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
2054440.88c: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
2064440.88c: ProductName: Microsoft® Windows® Operating System
2074440.88c: ProductVersion: 10.0.17134.1
2084440.88c: FileVersion: 10.0.17134.1 (WinBuild.160101.0800)
2094440.88c: FileDescription: Windows NT BASE API Client DLL
2104440.88c: \SystemRoot\System32\KernelBase.dll:
2114440.88c: CreationTime: 2018-12-17T19:46:57.451887000Z
2124440.88c: LastWriteTime: 2018-11-09T02:47:52.285920600Z
2134440.88c: ChangeTime: 2018-12-20T16:20:37.630468800Z
2144440.88c: FileAttributes: 0x20
2154440.88c: Size: 0x273b78
2164440.88c: NT Headers: 0xf0
2174440.88c: Timestamp: 0x428de48c
2184440.88c: Machine: 0x8664 - amd64
2194440.88c: Timestamp: 0x428de48c
2204440.88c: Image Version: 10.0
2214440.88c: SizeOfImage: 0x273000 (2568192)
2224440.88c: Resource Dir: 0x251000 LB 0x548
2234440.88c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
2244440.88c: [Raw version resource data: 0x2510b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
2254440.88c: ProductName: Microsoft® Windows® Operating System
2264440.88c: ProductVersion: 10.0.17134.441
2274440.88c: FileVersion: 10.0.17134.441 (WinBuild.160101.0800)
2284440.88c: FileDescription: Windows NT BASE API Client DLL
2294440.88c: \SystemRoot\System32\apisetschema.dll:
2304440.88c: CreationTime: 2018-04-11T23:34:44.042150700Z
2314440.88c: LastWriteTime: 2018-04-11T23:34:44.042150700Z
2324440.88c: ChangeTime: 2018-11-16T09:10:01.403233100Z
2334440.88c: FileAttributes: 0x20
2344440.88c: Size: 0x1bd98
2354440.88c: NT Headers: 0xd0
2364440.88c: Timestamp: 0xd02ff418
2374440.88c: Machine: 0x8664 - amd64
2384440.88c: Timestamp: 0xd02ff418
2394440.88c: Image Version: 10.0
2404440.88c: SizeOfImage: 0x1c000 (114688)
2414440.88c: Resource Dir: 0x1b000 LB 0x408
2424440.88c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
2434440.88c: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
2444440.88c: ProductName: Microsoft® Windows® Operating System
2454440.88c: ProductVersion: 10.0.17134.1
2464440.88c: FileVersion: 10.0.17134.1 (WinBuild.160101.0800)
2474440.88c: FileDescription: ApiSet Schema DLL
2484440.88c: NtOpenDirectoryObject failed on \Driver: 0xc0000022
2494440.88c: supR3HardenedWinFindAdversaries: 0x0
2504440.88c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
2514440.88c: Calling main()
2524440.88c: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
2534440.88c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
2544440.88c: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
2554440.88c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
2564440.88c: SUPR3HardenedMain: Respawn #2
2574440.88c: supR3HardNtEnableThreadCreation:
2584440.88c: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
2594440.88c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntdll.dll)
2604440.88c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2614440.88c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
2624440.88c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff894a0000 'C:\Windows\System32\ntdll.dll'
2634440.88c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007fff89514f90 pvNtTerminateThread=00007fff8953b3f0
2644440.88c: supR3HardenedWinDoReSpawn(2): New child 546c.5ba0 [kernel32].
2654440.88c: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
2664440.88c: supR3HardNtChildGatherData: PebBaseAddress=000000000095f000 cbPeb=0x388
2674440.88c: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007fff894a0000 uNtDllChildAddr=00007fff894a0000
2684440.88c: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007fff89514f90
2694440.88c: supR3HardenedWinSetupChildInit: Start child.
2704440.88c: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms.
2714440.88c: supR3HardNtChildPurify: Startup delay kludge #1/0: 258 ms, 30 sleeps
2724440.88c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
2734440.88c: *0000000000000000-000000000071ffff 0x0001/0x0000 0x0000000
2744440.88c: *0000000000720000-000000000073ffff 0x0004/0x0004 0x0020000
2754440.88c: *0000000000740000-0000000000758fff 0x0002/0x0002 0x0040000
2764440.88c: 0000000000759000-000000000075ffff 0x0001/0x0000 0x0000000
2774440.88c: *0000000000760000-0000000000763fff 0x0002/0x0002 0x0040000
2784440.88c: 0000000000764000-000000000076ffff 0x0001/0x0000 0x0000000
2794440.88c: *0000000000770000-0000000000770fff 0x0004/0x0004 0x0020000
2804440.88c: 0000000000771000-00000000007fffff 0x0001/0x0000 0x0000000
2814440.88c: *0000000000800000-000000000095efff 0x0000/0x0004 0x0020000
2824440.88c: 000000000095f000-0000000000961fff 0x0004/0x0004 0x0020000
2834440.88c: 0000000000962000-00000000009fffff 0x0000/0x0004 0x0020000
2844440.88c: *0000000000a00000-0000000000afafff 0x0000/0x0004 0x0020000
2854440.88c: 0000000000afb000-0000000000afdfff 0x0104/0x0004 0x0020000
2864440.88c: 0000000000afe000-0000000000afffff 0x0004/0x0004 0x0020000
2874440.88c: 0000000000b00000-000000007ffdffff 0x0001/0x0000 0x0000000
2884440.88c: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
2894440.88c: 000000007ffe1000-00007ff5a4a6ffff 0x0001/0x0000 0x0000000
2904440.88c: *00007ff5a4a70000-00007ff5a4a92fff 0x0002/0x0002 0x0040000
2914440.88c: 00007ff5a4a93000-00007ff74a31ffff 0x0001/0x0000 0x0000000
2924440.88c: *00007ff74a320000-00007ff74a320fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2934440.88c: 00007ff74a321000-00007ff74a393fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2944440.88c: 00007ff74a394000-00007ff74a394fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2954440.88c: 00007ff74a395000-00007ff74a3dbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2964440.88c: 00007ff74a3dc000-00007ff74a3dcfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2974440.88c: 00007ff74a3dd000-00007ff74a3ddfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2984440.88c: 00007ff74a3de000-00007ff74a3e2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2994440.88c: 00007ff74a3e3000-00007ff74a3e3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3004440.88c: 00007ff74a3e4000-00007ff74a3e4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3014440.88c: 00007ff74a3e5000-00007ff74a3e8fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3024440.88c: 00007ff74a3e9000-00007ff74a431fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3034440.88c: 00007ff74a432000-00007fff8949ffff 0x0001/0x0000 0x0000000
3044440.88c: *00007fff894a0000-00007fff894a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3054440.88c: 00007fff894a1000-00007fff895affff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3064440.88c: 00007fff895b0000-00007fff895f5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3074440.88c: 00007fff895f6000-00007fff89600fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3084440.88c: 00007fff89601000-00007fff8960efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3094440.88c: 00007fff8960f000-00007fff8960ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3104440.88c: 00007fff89610000-00007fff89612fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3114440.88c: 00007fff89613000-00007fff89680fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3124440.88c: 00007fff89681000-00007ffffffeffff 0x0001/0x0000 0x0000000
3134440.88c: VirtualBoxVM.exe: timestamp 0x5c18e1cd (rc=VINF_SUCCESS)
3144440.88c: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
3154440.88c: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
3164440.88c: supR3HardNtChildPurify: Done after 284 ms and 0 fixes (loop #0).
317546c.5ba0: Log file opened: 6.0.0r127566 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa042ee00
318546c.5ba0: supR3HardenedVmProcessInit: uNtDllAddr=00007fff894a0000 g_uNtVerCombined=0xa042ee00
319546c.5ba0: ntdll.dll: timestamp 0x7e614c22 (rc=VINF_SUCCESS)
320546c.5ba0: New simple heap: #1 0000000000c00000 LB 0x400000 (for 1970176 allocation)
3214440.88c: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000a00000 LB 0x400000)
3224440.88c: supR3HardNtEnableThreadCreation:
323546c.5ba0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
324546c.5ba0: System32: \Device\HarddiskVolume3\Windows\System32
325546c.5ba0: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
326546c.5ba0: KnownDllPath: C:\Windows\System32
327546c.5ba0: supR3HardenedVmProcessInit: Opening vboxdrv...
328546c.5ba0: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
329546c.5ba0: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
330546c.5ba0: Registered Dll notification callback with NTDLL.
331546c.5ba0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
332546c.5ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
333546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
334546c.5ba0: supR3HardenedDllNotificationCallback: load 00007fff86430000 LB 0x00273000 C:\Windows\System32\KERNELBASE.dll [fFlags=0x0]
335546c.5ba0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
336546c.5ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
337546c.5ba0: supR3HardenedDllNotificationCallback: load 00007fff88570000 LB 0x000b2000 C:\Windows\System32\KERNEL32.DLL [fFlags=0x0]
338546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
339546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff88570000 'C:\Windows\System32\KERNEL32.DLL'
340546c.5ba0: supR3HardenedDllNotificationCallback: load 00007ff74a320000 LB 0x00112000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
341546c.5ba0: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
342546c.5ba0: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
343546c.5ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
344546c.5ba0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007fff89514f90 pvNtTerminateThread=00007fff8953b3f0
3454440.88c: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 81 ms.
346546c.5ba0: \SystemRoot\System32\ntdll.dll:
347546c.5ba0: CreationTime: 2018-12-17T19:46:54.265131500Z
348546c.5ba0: LastWriteTime: 2018-12-08T08:04:53.786979100Z
349546c.5ba0: ChangeTime: 2018-12-20T16:20:37.633361900Z
350546c.5ba0: FileAttributes: 0x20
351546c.5ba0: Size: 0x1da720
352546c.5ba0: NT Headers: 0xe8
353546c.5ba0: Timestamp: 0x7e614c22
354546c.5ba0: Machine: 0x8664 - amd64
355546c.5ba0: Timestamp: 0x7e614c22
356546c.5ba0: Image Version: 10.0
357546c.5ba0: SizeOfImage: 0x1e1000 (1970176)
358546c.5ba0: Resource Dir: 0x174000 LB 0x6b3e8
359546c.5ba0: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
360546c.5ba0: [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)]
361546c.5ba0: ProductName: Microsoft® Windows® Operating System
362546c.5ba0: ProductVersion: 10.0.17134.471
363546c.5ba0: FileVersion: 10.0.17134.471 (WinBuild.160101.0800)
364546c.5ba0: FileDescription: NT Layer DLL
365546c.5ba0: \SystemRoot\System32\kernel32.dll:
366546c.5ba0: CreationTime: 2018-04-11T23:34:40.510607900Z
367546c.5ba0: LastWriteTime: 2018-04-11T23:34:40.510607900Z
368546c.5ba0: ChangeTime: 2018-11-16T10:08:09.197813800Z
369546c.5ba0: FileAttributes: 0x20
370546c.5ba0: Size: 0xafef8
371546c.5ba0: NT Headers: 0xe8
372546c.5ba0: Timestamp: 0x5f488a51
373546c.5ba0: Machine: 0x8664 - amd64
374546c.5ba0: Timestamp: 0x5f488a51
375546c.5ba0: Image Version: 10.0
376546c.5ba0: SizeOfImage: 0xb2000 (729088)
377546c.5ba0: Resource Dir: 0xb0000 LB 0x520
378546c.5ba0: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
379546c.5ba0: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
380546c.5ba0: ProductName: Microsoft® Windows® Operating System
381546c.5ba0: ProductVersion: 10.0.17134.1
382546c.5ba0: FileVersion: 10.0.17134.1 (WinBuild.160101.0800)
383546c.5ba0: FileDescription: Windows NT BASE API Client DLL
384546c.5ba0: \SystemRoot\System32\KernelBase.dll:
385546c.5ba0: CreationTime: 2018-12-17T19:46:57.451887000Z
386546c.5ba0: LastWriteTime: 2018-11-09T02:47:52.285920600Z
387546c.5ba0: ChangeTime: 2018-12-20T16:20:37.630468800Z
388546c.5ba0: FileAttributes: 0x20
389546c.5ba0: Size: 0x273b78
390546c.5ba0: NT Headers: 0xf0
391546c.5ba0: Timestamp: 0x428de48c
392546c.5ba0: Machine: 0x8664 - amd64
393546c.5ba0: Timestamp: 0x428de48c
394546c.5ba0: Image Version: 10.0
395546c.5ba0: SizeOfImage: 0x273000 (2568192)
396546c.5ba0: Resource Dir: 0x251000 LB 0x548
397546c.5ba0: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
398546c.5ba0: [Raw version resource data: 0x2510b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
399546c.5ba0: ProductName: Microsoft® Windows® Operating System
400546c.5ba0: ProductVersion: 10.0.17134.441
401546c.5ba0: FileVersion: 10.0.17134.441 (WinBuild.160101.0800)
402546c.5ba0: FileDescription: Windows NT BASE API Client DLL
403546c.5ba0: \SystemRoot\System32\apisetschema.dll:
404546c.5ba0: CreationTime: 2018-04-11T23:34:44.042150700Z
405546c.5ba0: LastWriteTime: 2018-04-11T23:34:44.042150700Z
406546c.5ba0: ChangeTime: 2018-11-16T09:10:01.403233100Z
407546c.5ba0: FileAttributes: 0x20
408546c.5ba0: Size: 0x1bd98
409546c.5ba0: NT Headers: 0xd0
410546c.5ba0: Timestamp: 0xd02ff418
411546c.5ba0: Machine: 0x8664 - amd64
412546c.5ba0: Timestamp: 0xd02ff418
413546c.5ba0: Image Version: 10.0
414546c.5ba0: SizeOfImage: 0x1c000 (114688)
415546c.5ba0: Resource Dir: 0x1b000 LB 0x408
416546c.5ba0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
417546c.5ba0: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
418546c.5ba0: ProductName: Microsoft® Windows® Operating System
419546c.5ba0: ProductVersion: 10.0.17134.1
420546c.5ba0: FileVersion: 10.0.17134.1 (WinBuild.160101.0800)
421546c.5ba0: FileDescription: ApiSet Schema DLL
422546c.5ba0: NtOpenDirectoryObject failed on \Driver: 0xc0000022
423546c.5ba0: supR3HardenedWinFindAdversaries: 0x0
424546c.5ba0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
425546c.5ba0: Calling main()
426546c.5ba0: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
427546c.5ba0: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
428546c.5ba0: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
429546c.5ba0: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
430546c.5ba0: SUPR3HardenedMain: Final process, opening VBoxDrv...
431546c.5ba0: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000c00000 LB 0x400000)
432546c.5ba0: supR3HardNtEnableThreadCreation:
433546c.5ba0: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
434546c.5ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
435546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
436546c.5ba0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
437546c.5ba0: supR3HardenedDllNotificationCallback: load 00007fff820f0000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
438546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
439546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
440546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
441546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff820f0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
442546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
443546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
444546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff820f0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
445546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff820f0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
446546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
447546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
448546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
449546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
450546c.5ba0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wintrust.dll)
451546c.5ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wintrust.dll
452546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
453546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
454546c.5ba0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll)
455546c.5ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
456546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
457546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
458546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'msasn1.dll'.
459546c.5ba0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\crypt32.dll)
460546c.5ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\crypt32.dll
461546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
462546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
463546c.5ba0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msasn1.dll)
464546c.5ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msasn1.dll
465546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
466546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
467546c.5ba0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcrt.dll)
468546c.5ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
469546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
470546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
471546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
472546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
473546c.5ba0: supR3HardenedDllNotificationCallback: load 00007fff88c30000 LB 0x0009e000 C:\Windows\System32\msvcrt.dll [fFlags=0x0]
474546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
475546c.5ba0: supR3HardenedDllNotificationCallback: load 00007fff857c0000 LB 0x00012000 C:\Windows\System32\MSASN1.dll [fFlags=0x0]
476546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
477546c.5ba0: supR3HardenedDllNotificationCallback: load 00007fff85870000 LB 0x000fa000 C:\Windows\System32\ucrtbase.dll [fFlags=0x0]
478546c.5ba0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ucrtbase.dll)
479546c.5ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ucrtbase.dll
480546c.5ba0: supR3HardenedDllNotificationCallback: load 00007fff85970000 LB 0x001e2000 C:\Windows\System32\CRYPT32.dll [fFlags=0x0]
481546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
482546c.5ba0: supR3HardenedDllNotificationCallback: load 00007fff891f0000 LB 0x00124000 C:\Windows\System32\RPCRT4.dll [fFlags=0x0]
483546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
484546c.5ba0: supR3HardenedDllNotificationCallback: load 00007fff86930000 LB 0x0005b000 C:\Windows\System32\sechost.dll [fFlags=0x0]
485546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
486546c.5ba0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\sechost.dll)
487546c.5ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sechost.dll
488546c.5ba0: supR3HardenedDllNotificationCallback: load 00007fff86990000 LB 0x000a1000 C:\Windows\System32\advapi32.dll [fFlags=0x0]
489546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
490546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.
491546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
492546c.5ba0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\advapi32.dll)
493546c.5ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\advapi32.dll
494546c.5ba0: supR3HardenedDllNotificationCallback: load 00007fff868d0000 LB 0x00057000 C:\Windows\System32\Wintrust.dll [fFlags=0x0]
495546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
496546c.5ba0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
497546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
498546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff86430000 'api-ms-win-core-synch-l1-2-0'
499546c.5ba0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
500546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
501546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff86430000 'api-ms-win-core-fibers-l1-1-1'
502546c.5ba0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
503546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
504546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff86430000 'api-ms-win-core-fibers-l1-1-1'
505546c.5ba0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
506546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
507546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff86430000 'api-ms-win-core-synch-l1-2-0'
508546c.5ba0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
509546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
510546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff86430000 'api-ms-win-core-localization-l1-2-1'
511546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff868d0000 'C:\Windows\system32\Wintrust.dll'
512546c.5ba0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcrypt.dll)
513546c.5ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
514546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
515546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
516546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
517546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
518546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume3\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
519546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\sechost.dll [lacks WinVerifyTrust]
520546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
521546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
522546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
523546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
524546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
525546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
526546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
527546c.5ba0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
528546c.5ba0: supR3HardenedDllNotificationCallback: load 00007fff85310000 LB 0x00025000 C:\Windows\system32\bcrypt.dll [fFlags=0x0]
529546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
530546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff85310000 'C:\Windows\system32\bcrypt.dll'
531546c.5ba0: bcrypt.dll loaded at 00007fff85310000, BCryptOpenAlgorithmProvider at 00007fff85312770, preloading providers:
532546c.5ba0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll)
533546c.5ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
534546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
535546c.5ba0: supR3HardenedDllNotificationCallback: load 00007fff86850000 LB 0x0007a000 C:\Windows\System32\bcryptprimitives.dll [fFlags=0x0]
536546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
537546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff86850000 'C:\Windows\system32\bcryptprimitives.dll'
538546c.5ba0: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=0000000001065910)
539546c.5ba0: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=0000000001070180)
540546c.5ba0: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=0000000001070450)
541546c.5ba0: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000000001070720)
542546c.5ba0: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=00000000010709f0)
543546c.5ba0: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000001070cc0)
544546c.5ba0: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000001070f90)
545546c.5ba0: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000001071260)
546546c.5ba0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptsp.dll)
547546c.5ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptsp.dll
548546c.5ba0: supR3HardenedDllNotificationCallback: load 00007fff85180000 LB 0x00017000 C:\Windows\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
549546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
550546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'bcrypt.dll'.
551546c.5ba0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rsaenh.dll)
552546c.5ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
553546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
554546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
555546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
556546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
557546c.5ba0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
558546c.5ba0: supR3HardenedDllNotificationCallback: load 00007fff84bb0000 LB 0x00033000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
559546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
560546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
561546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
562546c.5ba0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptbase.dll)
563546c.5ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptbase.dll
564546c.5ba0: supR3HardenedDllNotificationCallback: load 00007fff851a0000 LB 0x0000b000 C:\Windows\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
565546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
566546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
567546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
568546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
569546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
570546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
571546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff88570000 'C:\Windows\System32\kernel32.dll'
572546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
573546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
574546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff868d0000 'C:\Windows\System32\WINTRUST.DLL'
575546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
576546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
577546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff85970000 'C:\Windows\System32\CRYPT32.dll'
578546c.5ba0: supR3HardenedDllNotificationCallback: load 00007fff86ae0000 LB 0x0001d000 C:\Windows\System32\imagehlp.dll [fFlags=0x0]
579546c.5ba0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\imagehlp.dll)
580546c.5ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imagehlp.dll
581546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
582546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
583546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
584546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
585546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
586546c.5ba0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gpapi.dll)
587546c.5ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gpapi.dll
588546c.5ba0: supR3HardenedDllNotificationCallback: load 00007fff844c0000 LB 0x00022000 C:\Windows\SYSTEM32\gpapi.dll [fFlags=0x0]
589546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
590546c.5ba0: supR3HardenedDllNotificationCallback: load 00007fff85850000 LB 0x0001f000 C:\Windows\System32\profapi.dll [fFlags=0x0]
591546c.5ba0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\profapi.dll)
592546c.5ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\profapi.dll
593546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
594546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
595546c.5ba0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\cryptnet.dll)
596546c.5ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptnet.dll
597546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
598546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
599546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
600546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
601546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
602546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
603546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
604546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
605546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
606546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
607546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
608546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
609546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
610546c.5ba0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
611546c.5ba0: supR3HardenedDllNotificationCallback: load 00007fff51600000 LB 0x0002e000 C:\Windows\System32\cryptnet.dll [fFlags=0x0]
612546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
613546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
614546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
615546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff51600000 'C:\Windows\System32\cryptnet.dll'
616546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
617546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
618546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff51600000 'C:\Windows\System32\cryptnet.dll'
619546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
620546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
621546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff51600000 'C:\Windows\System32\cryptnet.dll'
622546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
623546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
624546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff51600000 'C:\Windows\System32\cryptnet.dll'
625546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
626546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
627546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff51600000 'C:\Windows\System32\cryptnet.dll'
628546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
629546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
630546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff51600000 'C:\Windows\System32\cryptnet.dll'
631546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
632546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff51600000 'C:\Windows\System32\cryptnet.dll'
633546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
634546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff51600000 'C:\Windows\System32\cryptnet.dll'
635546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
636546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff51600000 'C:\Windows\System32\cryptnet.dll'
637546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
638546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff51600000 'C:\Windows\System32\cryptnet.dll'
639546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
640546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff51600000 'C:\Windows\System32\cryptnet.dll'
641546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff51600000 'C:\Windows\System32\cryptnet.dll'
642546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
643546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff51600000 'C:\Windows\System32\cryptnet.dll'
644546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
645546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
646546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
647546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
648546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
649546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff85970000 'C:\Windows\System32\crypt32.dll'
650546c.5ba0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
651546c.5ba0: supR3HardNtViCallWinVerifyTrustCatFile: New context 000000000167d7d0
652546c.5ba0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000167d7d0
653546c.5ba0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D718C6590C8EC69621641D918F7E93AE14B7CE0C
654546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
655546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
656546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff891f0000 'C:\Windows\System32\rpcrt4.dll'
657546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
658546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
659546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
660546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
661546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
662546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff85970000 'C:\Windows\System32\crypt32.dll'
663546c.5ba0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1759_for_KB4483234~31bf3856ad364e35~amd64~~10.0.1.0.cat'; file='\SystemRoot\System32\ntdll.dll'
664546c.5ba0: g_pfnWinVerifyTrust=00007fff868d9940
665546c.5ba0: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
666546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
667546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
668546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
669546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
670546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
671546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff85970000 'C:\Windows\System32\crypt32.dll'
672546c.5ba0: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\crypt32.dll'
673546c.5ba0: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
674546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
675546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
676546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
677546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
678546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
679546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff85970000 'C:\Windows\System32\crypt32.dll'
680546c.5ba0: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\wintrust.dll'
681546c.5ba0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000390 pwszName=\Device\HarddiskVolume3\Windows\System32\cryptnet.dll
682546c.5ba0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000167d7d0
683546c.5ba0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000167d7d0
684546c.5ba0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2EB3B5899525BF398A932A3B6257F3B13169332E
685546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
686546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
687546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
688546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff85970000 'C:\Windows\System32\crypt32.dll'
689546c.5ba0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0015~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\cryptnet.dll'
690546c.5ba0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
691546c.5ba0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptnet.dll'
692546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
693546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
694546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff85970000 'C:\Windows\System32\crypt32.dll'
695546c.5ba0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\profapi.dll'
696546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
697546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
698546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff85970000 'C:\Windows\System32\crypt32.dll'
699546c.5ba0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gpapi.dll'
700546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
701546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
702546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff85970000 'C:\Windows\System32\crypt32.dll'
703546c.5ba0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imagehlp.dll'
704546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
705546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
706546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff85970000 'C:\Windows\System32\crypt32.dll'
707546c.5ba0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptbase.dll'
708546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
709546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
710546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff85970000 'C:\Windows\System32\crypt32.dll'
711546c.5ba0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rsaenh.dll'
712546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
713546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff85970000 'C:\Windows\System32\crypt32.dll'
714546c.5ba0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptsp.dll'
715546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
716546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
717546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
718546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff85970000 'C:\Windows\System32\crypt32.dll'
719546c.5ba0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll'
720546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
721546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
722546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
723546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff85970000 'C:\Windows\System32\crypt32.dll'
724546c.5ba0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll'
725546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
726546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff85970000 'C:\Windows\System32\crypt32.dll'
727546c.5ba0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\advapi32.dll'
728546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
729546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff85970000 'C:\Windows\System32\crypt32.dll'
730546c.5ba0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\sechost.dll'
731546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
732546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff85970000 'C:\Windows\System32\crypt32.dll'
733546c.5ba0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ucrtbase.dll'
734546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
735546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff85970000 'C:\Windows\System32\crypt32.dll'
736546c.5ba0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll'
737546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
738546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff85970000 'C:\Windows\System32\crypt32.dll'
739546c.5ba0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msasn1.dll'
740546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
741546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff85970000 'C:\Windows\System32\crypt32.dll'
742546c.5ba0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll'
743546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
744546c.5ba0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
745546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
746546c.5ba0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe'
747546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
748546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff85970000 'C:\Windows\System32\crypt32.dll'
749546c.5ba0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\KernelBase.dll'
750546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
751546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff85970000 'C:\Windows\System32\crypt32.dll'
752546c.5ba0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\kernel32.dll'
753546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff85970000 'C:\Windows\system32\crypt32.dll'
754546c.5ba0: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
755546c.5ba0: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
756546c.5ba0: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
757546c.5ba0: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
758546c.5ba0: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
759546c.5ba0: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
760546c.5ba0: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
761546c.5ba0: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
762546c.5ba0: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
763546c.5ba0: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
764546c.5ba0: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
765546c.5ba0: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
766546c.5ba0: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
767546c.5ba0: supR3HardenedWinIsDesiredRootCA: Adding 0xe248b7eeee4af00 C=CH, O=SwissSign AG, CN=SwissSign Gold CA - G2
768546c.5ba0: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
769546c.5ba0: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
770546c.5ba0: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
771546c.5ba0: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
772546c.5ba0: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
773546c.5ba0: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
774546c.5ba0: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
775546c.5ba0: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
776546c.5ba0: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
777546c.5ba0: supR3HardenedWinIsDesiredRootCA: Adding 0xda5f1cc8fc5ca000 C=CZ, O=Česká pošta, s.p. [IČ 47114983], CN=PostSignum Root QCA 2
778546c.5ba0: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
779546c.5ba0: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
780546c.5ba0: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
781546c.5ba0: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
782546c.5ba0: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
783546c.5ba0: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
784546c.5ba0: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
785546c.5ba0: supR3HardenedWinIsDesiredRootCA: Adding 0xb352b1523915d000 C=JP, O=SECOM Trust Systems CO.,LTD., OU=Security Communication RootCA2
786546c.5ba0: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
787546c.5ba0: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
788546c.5ba0: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
789546c.5ba0: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
790546c.5ba0: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
791546c.5ba0: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
792546c.5ba0: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
793546c.5ba0: supR3HardenedWinIsDesiredRootCA: Adding 0x1f78fc529cbacb00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
794546c.5ba0: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
795546c.5ba0: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
796546c.5ba0: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
797546c.5ba0: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=43
798546c.5ba0: SUPR3HardenedMain: Load Runtime...
799546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
800546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
801546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
802546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
803546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
804546c.5ba0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
805546c.5ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
806546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
807546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
808546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
809546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff85970000 'C:\Windows\System32\crypt32.dll'
810546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
811546c.5ba0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ws2_32.dll) WinVerifyTrust
812546c.5ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
813546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
814546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
815546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
816546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
817546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
818546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
819546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
820546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
821546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
822546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
823546c.5ba0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
824546c.5ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
825546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
826546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
827546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
828546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
829546c.5ba0: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
830546c.5ba0: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll)
831546c.5ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
832546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
833546c.5ba0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
834546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
835546c.5ba0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
836546c.5ba0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
837546c.5ba0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
838546c.5ba0: supR3HardenedDllNotificationCallback: load 000000005dd80000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
839546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
840546c.5ba0: supR3HardenedDllNotificationCallback: load 000000005dce0000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
841546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
842546c.5ba0: supR3HardenedDllNotificationCallback: load 00007fff89030000 LB 0x0006c000 C:\Windows\System32\WS2_32.dll [fFlags=0x0]
843546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
844546c.5ba0: supR3HardenedDllNotificationCallback: load 00007fff15640000 LB 0x0052a000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
845546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
846546c.5ba0: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
847546c.5ba0: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
848546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
849546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
850546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15640000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
851546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
852546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
853546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15640000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
854546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
855546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
856546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15640000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
857546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
858546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
859546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15640000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
860546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
861546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
862546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15640000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
863546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
864546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
865546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15640000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
866546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15640000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
867546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15640000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
868546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15640000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
869546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15640000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
870546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15640000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
871546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15640000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
872546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15640000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
873546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
874546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
875546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15640000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
876546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15640000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
877546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15640000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
878546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15640000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
879546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15640000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
880546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15640000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
881546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15640000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
882546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15640000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
883546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15640000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
884546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15640000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
885546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15640000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
886546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15640000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
887546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15640000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
888546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15640000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
889546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15640000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
890546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15640000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
891546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
892546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
893546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15640000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
894546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15640000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
895546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15640000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
896546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15640000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
897546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll
898546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
899546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff868d0000 'C:\Windows\system32\Wintrust.dll'
900546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
901546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff85970000 'C:\Windows\System32\crypt32.dll'
902546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
903546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
904546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
905546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff85970000 'C:\Windows\System32\crypt32.dll'
906546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff85970000 'C:\Windows\system32\crypt32.dll'
907546c.5ba0: SUPR3HardenedMain: Load TrustedMain...
908546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
909546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
910546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxglobal.dll'.
911546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
912546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcp100.dll'.
913546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcr100.dll'.
914546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5corevbox.dll'.
915546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5guivbox.dll'.
916546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5widgetsvbox.dll'.
917546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
918546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
919546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'ole32.dll'.
920546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'oleaut32.dll'.
921546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'winmm.dll'.
922546c.5ba0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll) WinVerifyTrust
923546c.5ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
924546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
925546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
926546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
927546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff85970000 'C:\Windows\System32\crypt32.dll'
928546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
929546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
930546c.5ba0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winmm.dll) WinVerifyTrust
931546c.5ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winmm.dll
932546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
933546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
934546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
935546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
936546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
937546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
938546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
939546c.5ba0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'.
940546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
941546c.5ba0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winmmbase.dll)
942546c.5ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winmmbase.dll
943546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
944546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
945546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
946546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
947546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
948546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
949546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff85970000 'C:\Windows\System32\crypt32.dll'
950546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
951546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
952546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'.
953546c.5ba0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\oleaut32.dll) WinVerifyTrust
954546c.5ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
955546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
956546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
957546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
958546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
959546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
960546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
961546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
962546c.5ba0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
963546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
964546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'bcryptprimitives.dll'.
965546c.5ba0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\combase.dll)
966546c.5ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\combase.dll
967546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
968546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
969546c.5ba0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
970546c.5ba0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll)
971546c.5ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
972546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
973546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
974546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
975546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
976546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
977546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
978546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff85970000 'C:\Windows\System32\crypt32.dll'
979546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'.
980546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #48 'gdi32.dll'.
981546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #49 'user32.dll'.
982546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #50 'combase.dll'.
983546c.5ba0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ole32.dll) WinVerifyTrust
984546c.5ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ole32.dll
985546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
986546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
987546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
988546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
989546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [lacks WinVerifyTrust]
990546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
991546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
992546c.5ba0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
993546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
994546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
995546c.5ba0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\user32.dll)
996546c.5ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\user32.dll
997546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
998546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
999546c.5ba0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
1000546c.5ba0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32.dll)
1001546c.5ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32.dll
1002546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1003546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1004546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1005546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1006546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1007546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1008546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1009546c.5ba0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
1010546c.5ba0: '\Device\HarddiskVolume3\Windows\System32\win32u.dll' has no imports
1011546c.5ba0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\win32u.dll)
1012546c.5ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\win32u.dll
1013546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
1014546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff85970000 'C:\Windows\System32\crypt32.dll'
1015546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
1016546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
1017546c.5ba0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\user32.dll) WinVerifyTrust
1018546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
1019546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
1020546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1021546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1022546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1023546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1024546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1025546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
1026546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
1027546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
1028546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
1029546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
1030546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
1031546c.5ba0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
1032546c.5ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
1033546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1034546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1035546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1036546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1037546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
1038546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1039546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1040546c.5ba0: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'.
1041546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1042546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
1043546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
1044546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
1045546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
1046546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
1047546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
1048546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
1049546c.5ba0: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll)
1050546c.5ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1051546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1052546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1053546c.5ba0: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'.
1054546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
1055546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
1056546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1057546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1058546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
1059546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1060546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1061546c.5ba0: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll)
1062546c.5ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1063546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1064546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1065546c.5ba0: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
1066546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1067546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1068546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
1069546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
1070546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
1071546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1072546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1073546c.5ba0: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll)
1074546c.5ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
1075546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1076546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1077546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
1078546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1079546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1080546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
1081546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1082546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1083546c.5ba0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
1084546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1085546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #74 'user32.dll'.
1086546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #76 'gdi32.dll'.
1087546c.5ba0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shell32.dll)
1088546c.5ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shell32.dll
1089546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1090546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1091546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
1092546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1093546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1094546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
1095546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1096546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1097546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
1098546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1099546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1100546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1101546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1102546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1103546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
1104546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1105546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1106546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
1107546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1108546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1109546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
1110546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1111546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1112546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
1113546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1114546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1115546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1116546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1117546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1118546c.5ba0: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\opengl32.dll'.
1119546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1120546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
1121546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1122546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1123546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'glu32.dll'.
1124546c.5ba0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\opengl32.dll)
1125546c.5ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\opengl32.dll
1126546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1127546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1128546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
1129546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1130546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1131546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
1132546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1133546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1134546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
1135546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
1136546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
1137546c.5ba0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
1138546c.5ba0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\mpr.dll)
1139546c.5ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\mpr.dll
1140546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1141546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1142546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
1143546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1144546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1145546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
1146546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1147546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1148546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
1149546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1150546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1151546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [lacks WinVerifyTrust]
1152546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1153546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1154546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
1155546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
1156546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
1157546c.5ba0: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
1158546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1159546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1160546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'opengl32.dll'.
1161546c.5ba0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\glu32.dll)
1162546c.5ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\glu32.dll
1163546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1164546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1165546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1166546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1167546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1168546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
1169546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1170546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1171546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
1172546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1173546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1174546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
1175546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1176546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1177546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1178546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1179546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1180546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
1181546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1182546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1183546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
1184546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1185546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1186546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
1187546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1188546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1189546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
1190546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1191546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1192546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
1193546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1194546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1195546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
1196546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
1197546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
1198546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1199546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1200546c.5ba0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust
1201546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1202546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1203546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust]
1204546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1205546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1206546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
1207546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1208546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1209546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
1210546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1211546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1212546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [lacks WinVerifyTrust]
1213546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1214546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1215546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
1216546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1217546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1218546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
1219546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1220546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1221546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
1222546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1223546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1224546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1225546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
1226546c.5ba0: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'
1227546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1228546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1229546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust]
1230546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
1231546c.5ba0: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'
1232546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1233546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1234546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [redoing WinVerifyTrust]
1235546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
1236546c.5ba0: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'
1237546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1238546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1239546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
1240546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1241546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1242546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxglobal.dll'...
1243546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxglobal.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxglobal.dll' [rcNtRedir=0xc0150008]
1244546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
1245546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
1246546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcr100.dll'.
1247546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
1248546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
1249546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5widgetsvbox.dll'.
1250546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
1251546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
1252546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'.
1253546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
1254546c.5ba0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGlobal.dll) WinVerifyTrust
1255546c.5ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGlobal.dll
1256546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1257546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1258546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
1259546c.5ba0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000470 pwszName=\Device\HarddiskVolume3\Windows\System32\opengl32.dll
1260546c.5ba0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000167d7d0
1261546c.5ba0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000167d7d0
1262546c.5ba0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=19A1CD90C2208B3BD0567A538CC10CADA852F417
1263546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1264546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1265546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
1266546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1267546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1268546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
1269546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1270546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1271546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
1272546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1273546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1274546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
1275546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1276546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1277546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust]
1278546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1279546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1280546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1281546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1282546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1283546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1284546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1285546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1286546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1287546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1288546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
1289546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff85970000 'C:\Windows\System32\crypt32.dll'
1290546c.5ba0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00112~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\opengl32.dll'
1291546c.5ba0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1292546c.5ba0: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\opengl32.dll'
1293546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
1294546c.5ba0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
1295546c.5ba0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
1296546c.5ba0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGlobal.dll
1297546c.5ba0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1298546c.5ba0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1299546c.5ba0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [avoiding WinVerifyTrust]
1300546c.5ba0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
1301546c.5ba0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
1302546c.5ba0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
1303546c.5ba0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
1304546c.5ba0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
1305546c.5ba0: supR3HardenedDllNotificationCallback: load 00007fff85bb0000 LB 0x00020000 C:\Windows\System32\win32u.dll [fFlags=0x0]
1306546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [avoiding WinVerifyTrust]
1307546c.5ba0: supR3HardenedDllNotificationCallback: load 00007fff85bd0000 LB 0x0009f000 C:\Windows\System32\msvcp_win.dll [fFlags=0x0]
1308546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [avoiding WinVerifyTrust]
1309546c.5ba0: supR3HardenedDllNotificationCallback: load 00007fff866b0000 LB 0x00192000 C:\Windows\System32\gdi32full.dll [fFlags=0x0]
1310546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
1311546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
1312546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'user32.dll'.
1313546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'win32u.dll'.
1314546c.5ba0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32full.dll)
1315546c.5ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32full.dll
1316546c.5ba0: supR3HardenedDllNotificationCallback: load 00007fff87100000 LB 0x00028000 C:\Windows\System32\GDI32.dll [fFlags=0x0]
1317546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [avoiding WinVerifyTrust]
1318546c.5ba0: supR3HardenedDllNotificationCallback: load 00007fff86f50000 LB 0x00190000 C:\Windows\System32\USER32.dll [fFlags=0x0]
1319546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [avoiding WinVerifyTrust]
1320546c.5ba0: supR3HardenedDllNotificationCallback: load 00007fff5e510000 LB 0x0002c000 C:\Windows\SYSTEM32\GLU32.dll [fFlags=0x0]
1321546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
1322546c.5ba0: supR3HardenedDllNotificationCallback: load 00007fff5d890000 LB 0x00120000 C:\Windows\SYSTEM32\OPENGL32.dll [fFlags=0x0]
1323546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
1324546c.5ba0: supR3HardenedDllNotificationCallback: load 00007fff85b60000 LB 0x00049000 C:\Windows\System32\cfgmgr32.dll [fFlags=0x0]
1325546c.5ba0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll)
1326546c.5ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
1327546c.5ba0: supR3HardenedDllNotificationCallback: load 00007fff88700000 LB 0x00322000 C:\Windows\System32\combase.dll [fFlags=0x0]
1328546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [avoiding WinVerifyTrust]
1329546c.5ba0: supR3HardenedDllNotificationCallback: load 00007fff89360000 LB 0x000a9000 C:\Windows\System32\shcore.dll [fFlags=0x0]
1330546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1331546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'rpcrt4.dll'.
1332546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'combase.dll'.
1333546c.5ba0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\SHCore.dll)
1334546c.5ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\SHCore.dll
1335546c.5ba0: supR3HardenedDllNotificationCallback: load 00007fff89410000 LB 0x00051000 C:\Windows\System32\shlwapi.dll [fFlags=0x0]
1336546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1337546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'gdi32.dll'.
1338546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'user32.dll'.
1339546c.5ba0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shlwapi.dll)
1340546c.5ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
1341546c.5ba0: supR3HardenedDllNotificationCallback: load 00007fff85830000 LB 0x00011000 C:\Windows\System32\kernel.appcore.dll [fFlags=0x0]
1342546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'.
1343546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
1344546c.5ba0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll)
1345546c.5ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll
1346546c.5ba0: supR3HardenedDllNotificationCallback: load 00007fff857e0000 LB 0x0004c000 C:\Windows\System32\powrprof.dll [fFlags=0x0]
1347546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
1348546c.5ba0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\powrprof.dll)
1349546c.5ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\powrprof.dll
1350546c.5ba0: supR3HardenedDllNotificationCallback: load 00007fff857b0000 LB 0x0000a000 C:\Windows\System32\FLTLIB.DLL [fFlags=0x0]
1351546c.5ba0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\fltLib.dll)
1352546c.5ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\fltLib.dll
1353546c.5ba0: supR3HardenedDllNotificationCallback: load 00007fff85c70000 LB 0x0070d000 C:\Windows\System32\windows.storage.dll [fFlags=0x0]
1354546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1355546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
1356546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #54 'combase.dll'.
1357546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #58 'profapi.dll'.
1358546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #81 'fltlib.dll'.
1359546c.5ba0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\windows.storage.dll)
1360546c.5ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\windows.storage.dll
1361546c.5ba0: supR3HardenedDllNotificationCallback: load 00007fff87130000 LB 0x01440000 C:\Windows\System32\SHELL32.dll [fFlags=0x0]
1362546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [avoiding WinVerifyTrust]
1363546c.5ba0: supR3HardenedDllNotificationCallback: load 00007fff88d50000 LB 0x00151000 C:\Windows\System32\ole32.dll [fFlags=0x0]
1364546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
1365546c.5ba0: supR3HardenedDllNotificationCallback: load 00007fff79be0000 LB 0x0001a000 C:\Windows\SYSTEM32\MPR.dll [fFlags=0x0]
1366546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
1367546c.5ba0: supR3HardenedDllNotificationCallback: load 000000005d770000 LB 0x00565000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
1368546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1369546c.5ba0: supR3HardenedDllNotificationCallback: load 00007fff10a00000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
1370546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1371546c.5ba0: supR3HardenedDllNotificationCallback: load 000000005d200000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
1372546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [avoiding WinVerifyTrust]
1373546c.5ba0: supR3HardenedDllNotificationCallback: load 00007fff88630000 LB 0x000c2000 C:\Windows\System32\OLEAUT32.dll [fFlags=0x0]
1374546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
1375546c.5ba0: supR3HardenedDllNotificationCallback: load 00007fff15b70000 LB 0x00592000 C:\Program Files\Oracle\VirtualBox\VBoxGlobal.dll [fFlags=0x0]
1376546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGlobal.dll
1377546c.5ba0: supR3HardenedDllNotificationCallback: load 000000005d1a0000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
1378546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
1379546c.5ba0: supR3HardenedDllNotificationCallback: load 00007fff83730000 LB 0x0002a000 C:\Windows\SYSTEM32\WINMMBASE.dll [fFlags=0x0]
1380546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
1381546c.5ba0: supR3HardenedDllNotificationCallback: load 00007fff83860000 LB 0x00023000 C:\Windows\SYSTEM32\WINMM.dll [fFlags=0x0]
1382546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
1383546c.5ba0: supR3HardenedDllNotificationCallback: load 00007ffeff4b0000 LB 0x01f0f000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll [fFlags=0x0]
1384546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
1385546c.5ba0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'.
1386546c.5ba0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' [rescheduled]
1387546c.5ba0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\fltLib.dll'.
1388546c.5ba0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\fltLib.dll' [rescheduled]
1389546c.5ba0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'.
1390546c.5ba0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled]
1391546c.5ba0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'.
1392546c.5ba0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll' [rescheduled]
1393546c.5ba0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'.
1394546c.5ba0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rescheduled]
1395546c.5ba0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'.
1396546c.5ba0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' [rescheduled]
1397546c.5ba0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'.
1398546c.5ba0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rescheduled]
1399546c.5ba0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
1400546c.5ba0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
1401546c.5ba0: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
1402546c.5ba0: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
1403546c.5ba0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
1404546c.5ba0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
1405546c.5ba0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
1406546c.5ba0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
1407546c.5ba0: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
1408546c.5ba0: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
1409546c.5ba0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
1410546c.5ba0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
1411546c.5ba0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
1412546c.5ba0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
1413546c.5ba0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
1414546c.5ba0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
1415546c.5ba0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
1416546c.5ba0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
1417546c.5ba0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
1418546c.5ba0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
1419546c.5ba0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'.
1420546c.5ba0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled]
1421546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
1422546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'fltlib.dll'...
1423546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'fltlib.dll' -> '\Device\HarddiskVolume3\Windows\System32\fltlib.dll' [rcNtRedir=0xc0150008]
1424546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\fltLib.dll [redoing WinVerifyTrust]
1425546c.5ba0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\fltLib.dll'.
1426546c.5ba0: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\fltLib.dll
1427546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
1428546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
1429546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\profapi.dll
1430546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1431546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1432546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [redoing WinVerifyTrust]
1433546c.5ba0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
1434546c.5ba0: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\combase.dll
1435546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1436546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1437546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1438546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1439546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1440546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1441546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1442546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1443546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1444546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1445546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1446546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1447546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [redoing WinVerifyTrust]
1448546c.5ba0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
1449546c.5ba0: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\user32.dll
1450546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1451546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1452546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
1453546c.5ba0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
1454546c.5ba0: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\gdi32.dll
1455546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1456546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1457546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1458546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1459546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [redoing WinVerifyTrust]
1460546c.5ba0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
1461546c.5ba0: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\combase.dll
1462546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1463546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1464546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1465546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1466546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1467546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1468546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [redoing WinVerifyTrust]
1469546c.5ba0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
1470546c.5ba0: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\win32u.dll
1471546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1472546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1473546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [redoing WinVerifyTrust]
1474546c.5ba0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
1475546c.5ba0: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\user32.dll
1476546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1477546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1478546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
1479546c.5ba0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
1480546c.5ba0: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\gdi32.dll
1481546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
1482546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
1483546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
1484546c.5ba0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
1485546c.5ba0: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
1486546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1487546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff88570000 'C:\Windows\System32\kernel32.dll'
1488546c.5ba0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
1489546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1490546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff86430000 'api-ms-win-core-string-l1-1-0'
1491546c.5ba0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
1492546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1493546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff86430000 'api-ms-win-core-datetime-l1-1-1'
1494546c.5ba0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
1495546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1496546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff86430000 'api-ms-win-core-localization-obsolete-l1-2-0'
1497546c.5ba0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
1498546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
1499546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'win32u.dll'.
1500546c.5ba0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\imm32.dll)
1501546c.5ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imm32.dll
1502546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1503546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1504546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [redoing WinVerifyTrust]
1505546c.5ba0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
1506546c.5ba0: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\win32u.dll
1507546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1508546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1509546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [redoing WinVerifyTrust]
1510546c.5ba0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
1511546c.5ba0: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\user32.dll
1512546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
1513546c.5ba0: supR3HardenedDllNotificationCallback: load 00007fff89320000 LB 0x0002d000 C:\Windows\System32\IMM32.DLL [fFlags=0x0]
1514546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
1515546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff89320000 'C:\Windows\system32\IMM32.DLL'
1516546c.5ba0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
1517546c.5ba0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rescheduled]
1518546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
1519546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1520546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff86990000 'C:\Windows\System32\ADVAPI32.DLL'
1521546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeff4b0000 'C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll'
1522546c.5ba0: SUPR3HardenedMain: Calling TrustedMain (00007ffeff4b16c0)...
1523546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
1524546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1525546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
1526546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1527546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
1528546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
1529546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
1530546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
1531546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
1532546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
1533546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
1534546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
1535546c.5ba0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
1536546c.5ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
1537546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1538546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1539546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1540546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1541546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1542546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1543546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1544546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1545546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1546546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1547546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
1548546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1549546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1550546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [redoing WinVerifyTrust]
1551546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
1552546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff85970000 'C:\Windows\System32\crypt32.dll'
1553546c.5ba0: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll'
1554546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1555546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1556546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
1557546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1558546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1559546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
1560546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
1561546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
1562546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [redoing WinVerifyTrust]
1563546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
1564546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff85970000 'C:\Windows\System32\crypt32.dll'
1565546c.5ba0: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll'
1566546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1567546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1568546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [redoing WinVerifyTrust]
1569546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
1570546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff85970000 'C:\Windows\System32\crypt32.dll'
1571546c.5ba0: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\user32.dll'
1572546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1573546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1574546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
1575546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1576546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1577546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
1578546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
1579546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff85970000 'C:\Windows\System32\crypt32.dll'
1580546c.5ba0: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'
1581546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1582546c.5ba0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
1583546c.5ba0: supR3HardenedDllNotificationCallback: load 00007fff6a300000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
1584546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
1585546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6a300000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
1586546c.5ba0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003f0 pwszName=\Device\HarddiskVolume3\Windows\System32\uxtheme.dll
1587546c.5ba0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000167d7d0
1588546c.5ba0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000167d7d0
1589546c.5ba0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=15C67EA66CCB2DD0FE18A5AB58A7BA1C113BBA6A
1590546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
1591546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff85970000 'C:\Windows\System32\crypt32.dll'
1592546c.5ba0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00115~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\uxtheme.dll'
1593546c.5ba0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1594546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1595546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
1596546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'user32.dll'.
1597546c.5ba0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\uxtheme.dll) WinVerifyTrust
1598546c.5ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
1599546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1600546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1601546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1602546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1603546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1604546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1605546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
1606546c.5ba0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
1607546c.5ba0: supR3HardenedDllNotificationCallback: load 00007fff83cd0000 LB 0x00098000 C:\Windows\system32\uxtheme.dll [fFlags=0x0]
1608546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
1609546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff83cd0000 'C:\Windows\system32\uxtheme.dll'
1610546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff86f50000 'C:\Windows\system32\user32.dll'
1611546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
1612546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1613546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff87130000 'C:\Windows\system32\shell32.dll'
1614546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll [redoing WinVerifyTrust]
1615546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
1616546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff85970000 'C:\Windows\System32\crypt32.dll'
1617546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'
1618546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1619546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff89360000 'C:\Windows\system32\SHCore.dll'
1620546c.5ba0: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
1621546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\Windows\system32\wintab32.dll'
1622546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1623546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'win32u.dll'.
1624546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'user32.dll'.
1625546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'gdi32.dll'.
1626546c.5ba0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dwmapi.dll)
1627546c.5ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dwmapi.dll
1628546c.5ba0: supR3HardenedDllNotificationCallback: load 00007fff83e50000 LB 0x00029000 C:\Windows\system32\dwmapi.dll [fFlags=0x0]
1629546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
1630546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1631546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1632546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1633546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1634546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
1635546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1636546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1637546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
1638546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1639546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1640546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
1641546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff85970000 'C:\Windows\System32\crypt32.dll'
1642546c.5ba0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dwmapi.dll'
1643546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
1644546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1645546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff83860000 'C:\Windows\system32\winmm.dll'
1646546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
1647546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1648546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff83860000 'C:\Windows\system32\winmm.dll'
1649546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
1650546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1651546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff87130000 'C:\Windows\system32\shell32.dll'
1652546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
1653546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1654546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff83cd0000 'C:\Windows\system32\uxtheme.dll'
1655546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
1656546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1657546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff86990000 'C:\Windows\system32\advapi32.dll'
1658546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
1659546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff85970000 'C:\Windows\System32\crypt32.dll'
1660546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
1661546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'profapi.dll'.
1662546c.5ba0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\userenv.dll) WinVerifyTrust
1663546c.5ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\userenv.dll
1664546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
1665546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
1666546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\profapi.dll
1667546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1668546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1669546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1670546c.5ba0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll
1671546c.5ba0: supR3HardenedDllNotificationCallback: load 00007fff856e0000 LB 0x00028000 C:\Windows\system32\userenv.dll [fFlags=0x0]
1672546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll
1673546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff856e0000 'C:\Windows\system32\userenv.dll'
1674546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
1675546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1676546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff88570000 'C:\Windows\System32\kernel32.dll'
1677546c.5ba0: supR3HardenedDllNotificationCallback: load 00007fff86a40000 LB 0x000a0000 C:\Windows\System32\clbcatq.dll [fFlags=0x0]
1678546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1679546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'rpcrt4.dll'.
1680546c.5ba0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\clbcatq.dll)
1681546c.5ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\clbcatq.dll
1682546c.3f84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1683546c.3f84: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1684546c.3f84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
1685546c.3f84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1686546c.3f84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1687546c.3f84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
1688546c.3f84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
1689546c.3f84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff85970000 'C:\Windows\System32\crypt32.dll'
1690546c.3f84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\clbcatq.dll'
1691546c.3f84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
1692546c.3f84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1693546c.3f84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
1694546c.3f84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
1695546c.3f84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
1696546c.3f84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
1697546c.3f84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
1698546c.3f84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
1699546c.3f84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
1700546c.3f84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1701546c.3f84: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1702546c.3f84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
1703546c.3f84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1704546c.3f84: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1705546c.3f84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
1706546c.3f84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1707546c.3f84: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1708546c.3f84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
1709546c.3f84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1710546c.3f84: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1711546c.3f84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1712546c.3f84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1713546c.3f84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
1714546c.3f84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1715546c.3f84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1716546c.3f84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
1717546c.3f84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
1718546c.3f84: supR3HardenedDllNotificationCallback: load 00007fff42ff0000 LB 0x003a0000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
1719546c.3f84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
1720546c.3f84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff42ff0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
1721546c.3f84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
1722546c.3f84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1723546c.3f84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
1724546c.3f84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1725546c.3f84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
1726546c.3f84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
1727546c.3f84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
1728546c.3f84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
1729546c.3f84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
1730546c.3f84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
1731546c.3f84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1732546c.3f84: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1733546c.3f84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1734546c.3f84: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1735546c.3f84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
1736546c.3f84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1737546c.3f84: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1738546c.3f84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
1739546c.3f84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1740546c.3f84: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1741546c.3f84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll [redoing WinVerifyTrust]
1742546c.3f84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
1743546c.3f84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff85970000 'C:\Windows\System32\crypt32.dll'
1744546c.3f84: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'
1745546c.3f84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1746546c.3f84: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1747546c.3f84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
1748546c.3f84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1749546c.3f84: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1750546c.3f84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1751546c.3f84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1752546c.3f84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
1753546c.3f84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
1754546c.3f84: supR3HardenedDllNotificationCallback: load 00007fff56060000 LB 0x000d4000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
1755546c.3f84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
1756546c.3f84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff56060000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
1757546c.3f84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
1758546c.3f84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
1759546c.3f84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff88630000 'C:\Windows\System32\oleaut32.dll'
1760546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff87100000 'C:\Windows\system32\gdi32.dll'
1761546c.445c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
1762546c.445c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
1763546c.445c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
1764546c.445c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1765546c.445c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
1766546c.445c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll) WinVerifyTrust
1767546c.445c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
1768546c.445c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1769546c.445c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1770546c.445c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1771546c.445c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1772546c.445c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1773546c.445c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
1774546c.445c: supR3HardenedDllNotificationCallback: load 00007fff81f00000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL [fFlags=0x0]
1775546c.445c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
1776546c.445c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff81f00000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL'
1777546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
1778546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1779546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff87130000 'C:\Windows\system32\shell32.dll'
1780546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
1781546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1782546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
1783546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
1784546c.5ba0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
1785546c.5ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
1786546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1787546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1788546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
1789546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
1790546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
1791546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
1792546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
1793546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
1794546c.5ba0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
1795546c.5ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll
1796546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1797546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1798546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1799546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1800546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
1801546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
1802546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
1803546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1804546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1805546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1806546c.5ba0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
1807546c.5ba0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll
1808546c.5ba0: supR3HardenedDllNotificationCallback: load 000000005d090000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
1809546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll
1810546c.5ba0: supR3HardenedDllNotificationCallback: load 00007fff31f70000 LB 0x00325000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
1811546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
1812546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff31f70000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
1813546c.5ba0: supR3HardenedDllNotificationCallback: load 00007fff88eb0000 LB 0x00173000 C:\Windows\System32\MSCTF.dll [fFlags=0x0]
1814546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1815546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'oleaut32.dll'.
1816546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'user32.dll'.
1817546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'gdi32.dll'.
1818546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'imm32.dll'.
1819546c.5ba0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msctf.dll)
1820546c.5ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msctf.dll
1821546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
1822546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
1823546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll
1824546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1825546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1826546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1827546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1828546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1829546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1830546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
1831546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1832546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1833546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
1834546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff85970000 'C:\Windows\System32\crypt32.dll'
1835546c.5ba0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msctf.dll'
1836546c.5ba0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a00 pwszName=\Device\HarddiskVolume3\Windows\System32\DataExchange.dll
1837546c.5ba0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000167d7d0
1838546c.5ba0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000167d7d0
1839546c.5ba0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=07B480615AD13C4A3DD6B7A2F86ED35195B9CA49
1840546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
1841546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1842546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
1843546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff85970000 'C:\Windows\System32\crypt32.dll'
1844546c.5ba0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0010~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\DataExchange.dll'
1845546c.5ba0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1846546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1847546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shcore.dll'.
1848546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'combase.dll'.
1849546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'd3d11.dll'.
1850546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'dcomp.dll'.
1851546c.5ba0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\DataExchange.dll) WinVerifyTrust
1852546c.5ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\DataExchange.dll
1853546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'...
1854546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume3\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008]
1855546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
1856546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff85970000 'C:\Windows\System32\crypt32.dll'
1857546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
1858546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp_win.dll'.
1859546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'oleaut32.dll'.
1860546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'dxgi.dll'.
1861546c.5ba0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dcomp.dll) WinVerifyTrust
1862546c.5ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dcomp.dll
1863546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
1864546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume3\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
1865546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
1866546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume3\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
1867546c.5ba0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\dxgi.dll'.
1868546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1869546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'win32u.dll'.
1870546c.5ba0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dxgi.dll)
1871546c.5ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dxgi.dll
1872546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1873546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1874546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
1875546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
1876546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
1877546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust]
1878546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1879546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1880546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
1881546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1882546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1883546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
1884546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1885546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1886546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
1887546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff85970000 'C:\Windows\System32\crypt32.dll'
1888546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1889546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'dxgi.dll'.
1890546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'win32u.dll'.
1891546c.5ba0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\d3d11.dll) WinVerifyTrust
1892546c.5ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\d3d11.dll
1893546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1894546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1895546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [redoing WinVerifyTrust]
1896546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1897546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1898546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
1899546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
1900546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume3\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
1901546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dxgi.dll [lacks WinVerifyTrust]
1902546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1903546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1904546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
1905546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff85970000 'C:\Windows\System32\crypt32.dll'
1906546c.5ba0: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\combase.dll'
1907546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
1908546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume3\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
1909546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll
1910546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1911546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1912546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
1913546c.5ba0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DataExchange.dll
1914546c.5ba0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d11.dll
1915546c.5ba0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dcomp.dll
1916546c.5ba0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
1917546c.5ba0: supR3HardenedDllNotificationCallback: load 00007fff84570000 LB 0x000bb000 C:\Windows\system32\dxgi.dll [fFlags=0x0]
1918546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
1919546c.5ba0: supR3HardenedDllNotificationCallback: load 00007fff82960000 LB 0x0030b000 C:\Windows\system32\d3d11.dll [fFlags=0x0]
1920546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d11.dll
1921546c.5ba0: supR3HardenedDllNotificationCallback: load 00007fff83240000 LB 0x0019c000 C:\Windows\system32\dcomp.dll [fFlags=0x0]
1922546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dcomp.dll
1923546c.5ba0: supR3HardenedDllNotificationCallback: load 00007fff5f500000 LB 0x00058000 C:\Windows\system32\dataexchange.dll [fFlags=0x0]
1924546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DataExchange.dll
1925546c.5ba0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\dxgi.dll'.
1926546c.5ba0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\dxgi.dll' [rescheduled]
1927546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll
1928546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1929546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff87100000 'C:\Windows\System32\gdi32.dll'
1930546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff5f500000 'C:\Windows\system32\dataexchange.dll'
1931546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1932546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rmclient.dll'.
1933546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
1934546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'combase.dll'.
1935546c.5ba0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll)
1936546c.5ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll
1937546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1938546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
1939546c.5ba0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rmclient.dll)
1940546c.5ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rmclient.dll
1941546c.5ba0: supR3HardenedDllNotificationCallback: load 00007fff83f30000 LB 0x00021000 C:\Windows\system32\RMCLIENT.dll [fFlags=0x0]
1942546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rmclient.dll [avoiding WinVerifyTrust]
1943546c.5ba0: supR3HardenedDllNotificationCallback: load 00007fff83f90000 LB 0x001b8000 C:\Windows\system32\twinapi.appcore.dll [fFlags=0x0]
1944546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust]
1945546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1946546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1947546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1948546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1949546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1950546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1951546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll
1952546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1953546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1954546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rmclient.dll'...
1955546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rmclient.dll' -> '\Device\HarddiskVolume3\Windows\System32\rmclient.dll' [rcNtRedir=0xc0150008]
1956546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rmclient.dll [lacks WinVerifyTrust]
1957546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1958546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1959546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
1960546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff85970000 'C:\Windows\System32\crypt32.dll'
1961546c.5ba0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rmclient.dll'
1962546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
1963546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff85970000 'C:\Windows\System32\crypt32.dll'
1964546c.5ba0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll'
1965546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll
1966546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Shcore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1967546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff89360000 'C:\Windows\system32\Shcore.dll'
1968546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1969546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'coreuicomponents.dll'.
1970546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'coremessaging.dll'.
1971546c.5ba0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll)
1972546c.5ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll
1973546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1974546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'coremessaging.dll'.
1975546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #48 'shcore.dll'.
1976546c.5ba0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll)
1977546c.5ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll
1978546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1979546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'.
1980546c.5ba0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll)
1981546c.5ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll
1982546c.5ba0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntmarta.dll)
1983546c.5ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntmarta.dll
1984546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'combase.dll'.
1985546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
1986546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'bcryptprimitives.dll'.
1987546c.5ba0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\WinTypes.dll)
1988546c.5ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\WinTypes.dll
1989546c.5ba0: supR3HardenedDllNotificationCallback: load 00007fff848a0000 LB 0x00031000 C:\Windows\SYSTEM32\ntmarta.dll [fFlags=0x0]
1990546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntmarta.dll [avoiding WinVerifyTrust]
1991546c.5ba0: supR3HardenedDllNotificationCallback: load 00007fff83760000 LB 0x000da000 C:\Windows\System32\CoreMessaging.dll [fFlags=0x0]
1992546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [avoiding WinVerifyTrust]
1993546c.5ba0: supR3HardenedDllNotificationCallback: load 00007fff816b0000 LB 0x0014d000 C:\Windows\SYSTEM32\wintypes.dll [fFlags=0x0]
1994546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust]
1995546c.5ba0: supR3HardenedDllNotificationCallback: load 00007fff809e0000 LB 0x0031e000 C:\Windows\System32\CoreUIComponents.dll [fFlags=0x0]
1996546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll [avoiding WinVerifyTrust]
1997546c.5ba0: supR3HardenedDllNotificationCallback: load 00007fff67840000 LB 0x00096000 C:\Windows\System32\TextInputFramework.dll [fFlags=0x0]
1998546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll [avoiding WinVerifyTrust]
1999546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
2000546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
2001546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
2002546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2003546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2004546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
2005546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
2006546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll
2007546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2008546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2009546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2010546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2011546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
2012546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume3\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
2013546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll
2014546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
2015546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume3\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
2016546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
2017546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2018546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2019546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
2020546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume3\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
2021546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
2022546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coreuicomponents.dll'...
2023546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'coreuicomponents.dll' -> '\Device\HarddiskVolume3\Windows\System32\coreuicomponents.dll' [rcNtRedir=0xc0150008]
2024546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll [lacks WinVerifyTrust]
2025546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2026546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2027546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
2028546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff85970000 'C:\Windows\System32\crypt32.dll'
2029546c.5ba0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\WinTypes.dll'
2030546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
2031546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff85970000 'C:\Windows\System32\crypt32.dll'
2032546c.5ba0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ntmarta.dll'
2033546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
2034546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff85970000 'C:\Windows\System32\crypt32.dll'
2035546c.5ba0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll'
2036546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
2037546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff85970000 'C:\Windows\System32\crypt32.dll'
2038546c.5ba0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll'
2039546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
2040546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff85970000 'C:\Windows\System32\crypt32.dll'
2041546c.5ba0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll'
2042546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff88630000 'C:\Windows\System32\OLEAUT32.DLL'
2043546c.5ba0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll) -> 0x0, fPresent=1
2044546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2045546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff86f50000 'ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll'
2046546c.5ba0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll) -> 0x0, fPresent=1
2047546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2048546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff86f50000 'ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll'
2049546c.5ba0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-com-l1-1-0.dll) -> 0x0, fPresent=1
2050546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-com-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2051546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff88700000 'api-ms-win-core-com-l1-1-0.dll'
2052546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msctf.dll
2053546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2054546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff88eb0000 'C:\Windows\System32\MSCTF.dll'
2055546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
2056546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2057546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff88d50000 'C:\Windows\System32\ole32.dll'
2058546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff88630000 'C:\Windows\System32\OLEAUT32.dll'
2059546c.5ba0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b24 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
2060546c.5ba0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000167d7d0
2061546c.5ba0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000167d7d0
2062546c.5ba0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D49375F38056AA009353FFDCCD59474093558A8B
2063546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
2064546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff85970000 'C:\Windows\System32\crypt32.dll'
2065546c.5ba0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll'
2066546c.5ba0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2067546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2068546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
2069546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
2070546c.5ba0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
2071546c.5ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
2072546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
2073546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
2074546c.5ba0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b30 pwszName=\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
2075546c.5ba0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000167d7d0
2076546c.5ba0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000167d7d0
2077546c.5ba0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=85E1C37A6BD4306E57F09FFDB448860467295EFB
2078546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
2079546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff85970000 'C:\Windows\System32\crypt32.dll'
2080546c.5ba0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll'
2081546c.5ba0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2082546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2083546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'bcrypt.dll'.
2084546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'ws2_32.dll'.
2085546c.5ba0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll) WinVerifyTrust
2086546c.5ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
2087546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2088546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2089546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
2090546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2091546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2092546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2093546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2094546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
2095546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
2096546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
2097546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
2098546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2099546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2100546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2101546c.5ba0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
2102546c.5ba0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
2103546c.5ba0: supR3HardenedDllNotificationCallback: load 00007fff5cd90000 LB 0x00083000 C:\Windows\SYSTEM32\wbemcomn.dll [fFlags=0x0]
2104546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
2105546c.5ba0: supR3HardenedDllNotificationCallback: load 00007fff5ce20000 LB 0x00011000 C:\Windows\system32\wbem\wbemprox.dll [fFlags=0x0]
2106546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
2107546c.5ba0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(API-MS-Win-Core-LocalRegistry-L1-1-0.dll) -> 0x0, fPresent=1
2108546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2109546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff86430000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
2110546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff5ce20000 'C:\Windows\system32\wbem\wbemprox.dll'
2111546c.5ba0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b34 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
2112546c.5ba0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000167d7d0
2113546c.5ba0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000167d7d0
2114546c.5ba0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=38422F12A30C69B303E7EBE427C8D87E3024ED12
2115546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
2116546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff85970000 'C:\Windows\System32\crypt32.dll'
2117546c.5ba0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll'
2118546c.5ba0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2119546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2120546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
2121546c.5ba0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
2122546c.5ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
2123546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2124546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2125546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2126546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2127546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2128546c.5ba0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
2129546c.5ba0: supR3HardenedDllNotificationCallback: load 00007fff5a350000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [fFlags=0x0]
2130546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
2131546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff5a350000 'C:\Windows\system32\wbem\wbemsvc.dll'
2132546c.5ba0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-0.dll) -> 0x0, fPresent=1
2133546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2134546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff86430000 'api-ms-win-core-localization-l1-2-0.dll'
2135546c.5ba0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-1-0.dll) -> 0x0, fPresent=1
2136546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2137546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff86430000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
2138546c.5ba0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b68 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
2139546c.5ba0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000167d7d0
2140546c.5ba0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000167d7d0
2141546c.5ba0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=07493B638EF356F68BE9306C76CDBF2D22198E5A
2142546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
2143546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff85970000 'C:\Windows\System32\crypt32.dll'
2144546c.5ba0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll'
2145546c.5ba0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2146546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2147546c.5ba0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'wbemcomn.dll'.
2148546c.5ba0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
2149546c.5ba0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
2150546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
2151546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
2152546c.5ba0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
2153546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2154546c.5ba0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2155546c.5ba0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2156546c.5ba0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
2157546c.5ba0: supR3HardenedDllNotificationCallback: load 00007fff5a450000 LB 0x000f2000 C:\Windows\system32\wbem\fastprox.dll [fFlags=0x0]
2158546c.5ba0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
2159546c.5ba0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff5a450000 'C:\Windows\system32\wbem\fastprox.dll'
2160546c.3734: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
2161546c.4dbc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
2162546c.4dbc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2163546c.4dbc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2164546c.4dbc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2165546c.4dbc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2166546c.4dbc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
2167546c.4dbc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2168546c.4dbc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2169546c.4dbc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2170546c.4dbc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2171546c.4dbc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2172546c.4dbc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2173546c.4dbc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2174546c.4dbc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2175546c.4dbc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2176546c.4dbc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2177546c.4dbc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2178546c.4dbc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2179546c.4dbc: supR3HardenedDllNotificationCallback: load 00007fff7fd90000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
2180546c.4dbc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2181546c.4dbc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff7fd90000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
2182546c.4dbc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff86f50000 'C:\Windows\system32\User32.dll'
2183546c.890: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
2184546c.890: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2185546c.890: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2186546c.890: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2187546c.890: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
2188546c.890: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2189546c.890: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2190546c.890: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2191546c.890: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2192546c.890: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2193546c.890: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2194546c.890: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2195546c.890: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
2196546c.890: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2197546c.890: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2198546c.890: supR3HardenedDllNotificationCallback: load 00007fff7e4c0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
2199546c.890: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2200546c.890: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff7e4c0000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
2201546c.3734: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
2202546c.3734: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2203546c.3734: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff87130000 'C:\Windows\system32\Shell32.dll'
2204546c.3734: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2205546c.3734: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2206546c.3734: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff31f70000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
2207546c.3734: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
2208546c.3734: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2209546c.3734: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2210546c.3734: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2211546c.3734: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
2212546c.3734: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
2213546c.3734: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll) WinVerifyTrust
2214546c.3734: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2215546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2216546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2217546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2218546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2219546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2220546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2221546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2222546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2223546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2224546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2225546c.3734: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2226546c.3734: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2227546c.3734: supR3HardenedDllNotificationCallback: load 00007fff78c70000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
2228546c.3734: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2229546c.3734: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff78c70000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
2230546c.3734: supR3HardenedDllNotificationCallback: Unload 00007fff78c70000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
2231546c.3734: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
2232546c.3734: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
2233546c.3734: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2234546c.3734: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2235546c.3734: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2236546c.3734: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
2237546c.3734: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
2238546c.3734: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
2239546c.3734: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
2240546c.3734: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
2241546c.3734: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
2242546c.3734: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
2243546c.3734: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
2244546c.3734: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
2245546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
2246546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
2247546c.3734: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
2248546c.3734: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff85970000 'C:\Windows\System32\crypt32.dll'
2249546c.3734: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
2250546c.3734: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
2251546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2252546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2253546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2254546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2255546c.3734: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
2256546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2257546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2258546c.3734: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
2259546c.3734: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff85970000 'C:\Windows\System32\crypt32.dll'
2260546c.3734: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2261546c.3734: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'rpcrt4.dll'.
2262546c.3734: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'cfgmgr32.dll'.
2263546c.3734: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\setupapi.dll) WinVerifyTrust
2264546c.3734: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\setupapi.dll
2265546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2266546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2267546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
2268546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
2269546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
2270546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
2271546c.3734: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust]
2272546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2273546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2274546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2275546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2276546c.3734: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
2277546c.3734: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2278546c.3734: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2279546c.3734: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
2280546c.3734: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2281546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
2282546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
2283546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2284546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2285546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2286546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2287546c.3734: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
2288546c.3734: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2289546c.3734: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2290546c.3734: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2291546c.3734: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
2292546c.3734: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
2293546c.3734: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
2294546c.3734: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2295546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2296546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2297546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2298546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2299546c.3734: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2300546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2301546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2302546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2303546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2304546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2305546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2306546c.3734: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
2307546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2308546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2309546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2310546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2311546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2312546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2313546c.3734: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2314546c.3734: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
2315546c.3734: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2316546c.3734: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2317546c.3734: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
2318546c.3734: supR3HardenedDllNotificationCallback: load 00007fff86b00000 LB 0x0044b000 C:\Windows\System32\SETUPAPI.dll [fFlags=0x0]
2319546c.3734: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
2320546c.3734: supR3HardenedDllNotificationCallback: load 00007fff588a0000 LB 0x00063000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
2321546c.3734: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2322546c.3734: supR3HardenedDllNotificationCallback: load 00007fff78c60000 LB 0x0005c000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
2323546c.3734: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2324546c.3734: supR3HardenedDllNotificationCallback: load 00007fff84d50000 LB 0x00038000 C:\Windows\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
2325546c.3734: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
2326546c.3734: supR3HardenedDllNotificationCallback: load 00007fff0b7c0000 LB 0x009d7000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
2327546c.3734: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
2328546c.3734: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff0b7c0000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
2329546c.3734: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
2330546c.3734: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2331546c.3734: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2332546c.3734: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2333546c.3734: supR3HardenedDllNotificationCallback: load 00007fff78c10000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
2334546c.3734: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2335546c.3734: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff78c10000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
2336546c.3734: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
2337546c.3734: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
2338546c.3734: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2339546c.3734: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff42ff0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
2340546c.3734: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
2341546c.3734: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2342546c.3734: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2343546c.3734: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff78c60000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
2344546c.3734: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
2345546c.3734: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
2346546c.3734: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2347546c.3734: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2348546c.3734: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll) WinVerifyTrust
2349546c.3734: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
2350546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2351546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2352546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2353546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2354546c.3734: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2355546c.3734: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
2356546c.3734: supR3HardenedDllNotificationCallback: load 00007fff78bf0000 LB 0x0001e000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [fFlags=0x0]
2357546c.3734: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
2358546c.3734: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff78bf0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL'
2359546c.3734: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
2360546c.3734: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
2361546c.3734: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2362546c.3734: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2363546c.3734: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll) WinVerifyTrust
2364546c.3734: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
2365546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2366546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2367546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2368546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2369546c.3734: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2370546c.3734: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
2371546c.3734: supR3HardenedDllNotificationCallback: load 00007fff78bd0000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL [fFlags=0x0]
2372546c.3734: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
2373546c.3734: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff78bd0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL'
2374546c.3734: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
2375546c.3734: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
2376546c.3734: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2377546c.3734: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2378546c.3734: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll) WinVerifyTrust
2379546c.3734: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
2380546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2381546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2382546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2383546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2384546c.3734: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2385546c.3734: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
2386546c.3734: supR3HardenedDllNotificationCallback: load 00007fff78bb0000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [fFlags=0x0]
2387546c.3734: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
2388546c.3734: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff78bb0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL'
2389546c.3734: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
2390546c.3734: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
2391546c.3734: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2392546c.3734: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2393546c.3734: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll) WinVerifyTrust
2394546c.3734: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
2395546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2396546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2397546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2398546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2399546c.3734: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2400546c.3734: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
2401546c.3734: supR3HardenedDllNotificationCallback: load 00007fff78b90000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [fFlags=0x0]
2402546c.3734: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
2403546c.3734: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff78b90000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL'
2404546c.3734: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
2405546c.d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
2406546c.d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2407546c.d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2408546c.d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2409546c.d8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
2410546c.d8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2411546c.d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2412546c.d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2413546c.d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2414546c.d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2415546c.d8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2416546c.d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2417546c.d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2418546c.d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2419546c.d8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2420546c.d8: supR3HardenedDllNotificationCallback: load 00007fff78b70000 LB 0x00012000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
2421546c.d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2422546c.d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff78b70000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
2423546c.17c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
2424546c.17c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2425546c.17c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2426546c.17c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
2427546c.17c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
2428546c.17c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
2429546c.17c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2430546c.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2431546c.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2432546c.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2433546c.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2434546c.17c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2435546c.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2436546c.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2437546c.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2438546c.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2439546c.17c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2440546c.17c0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2441546c.17c0: supR3HardenedDllNotificationCallback: load 00007fff7e490000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
2442546c.17c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2443546c.17c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff7e490000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
2444546c.4424: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
2445546c.4424: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2446546c.4424: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2447546c.4424: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2448546c.4424: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
2449546c.4424: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2450546c.4424: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2451546c.4424: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2452546c.4424: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2453546c.4424: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2454546c.4424: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2455546c.4424: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2456546c.4424: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2457546c.4424: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2458546c.4424: supR3HardenedDllNotificationCallback: load 00007fff7e420000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
2459546c.4424: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2460546c.4424: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff7e420000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
2461546c.3734: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
2462546c.3734: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
2463546c.3734: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2464546c.3734: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2465546c.3734: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll) WinVerifyTrust
2466546c.3734: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
2467546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2468546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2469546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2470546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2471546c.3734: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2472546c.3734: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
2473546c.3734: supR3HardenedDllNotificationCallback: load 00007fff823a0000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL [fFlags=0x0]
2474546c.3734: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
2475546c.3734: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff823a0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL'
2476546c.3734: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
2477546c.3734: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2478546c.3734: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84d50000 'C:\Windows\system32\Iphlpapi.dll'
2479546c.3734: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
2480546c.3734: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'nsi.dll'.
2481546c.3734: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winnsi.dll)
2482546c.3734: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winnsi.dll
2483546c.3734: supR3HardenedDllNotificationCallback: load 00007fff870f0000 LB 0x00008000 C:\Windows\System32\NSI.dll [fFlags=0x0]
2484546c.3734: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\nsi.dll)
2485546c.3734: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\nsi.dll
2486546c.3734: supR3HardenedDllNotificationCallback: load 00007fff7d680000 LB 0x0000b000 C:\Windows\SYSTEM32\WINNSI.DLL [fFlags=0x0]
2487546c.3734: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winnsi.dll [avoiding WinVerifyTrust]
2488546c.3734: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
2489546c.3734: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll)
2490546c.3734: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll
2491546c.3734: supR3HardenedDllNotificationCallback: load 00007fff760b0000 LB 0x00016000 C:\Windows\SYSTEM32\dhcpcsvc6.DLL [fFlags=0x0]
2492546c.3734: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll [avoiding WinVerifyTrust]
2493546c.3734: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
2494546c.3734: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
2495546c.3734: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'nsi.dll'.
2496546c.3734: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll)
2497546c.3734: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll
2498546c.3734: supR3HardenedDllNotificationCallback: load 00007fff76090000 LB 0x0001a000 C:\Windows\SYSTEM32\dhcpcsvc.DLL [fFlags=0x0]
2499546c.3734: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll [avoiding WinVerifyTrust]
2500546c.3734: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f38 pwszName=\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll
2501546c.3734: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000167d7d0
2502546c.3734: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000167d7d0
2503546c.3734: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9F7955EB983A0B99F7EADAA9D82F084658BFF7D9
2504546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2505546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2506546c.3734: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll [lacks WinVerifyTrust]
2507546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2508546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2509546c.3734: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
2510546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2511546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2512546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2513546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2514546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2515546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2516546c.3734: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll [lacks WinVerifyTrust]
2517546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2518546c.3734: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2519546c.3734: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
2520546c.3734: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
2521546c.3734: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2522546c.3734: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff85970000 'C:\Windows\System32\crypt32.dll'
2523546c.3734: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0015~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll'
2524546c.3734: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2525546c.3734: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll'
2526546c.3734: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f2c pwszName=\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll
2527546c.3734: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000167d7d0
2528546c.3734: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000167d7d0
2529546c.3734: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D65F2124F64B53555EFB8BC0D52BFD144939BAA4
2530546c.3734: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
2531546c.3734: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff85970000 'C:\Windows\System32\crypt32.dll'
2532546c.3734: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0015~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll'
2533546c.3734: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2534546c.3734: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll'
2535546c.3734: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
2536546c.3734: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff85970000 'C:\Windows\System32\crypt32.dll'
2537546c.3734: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\nsi.dll'
2538546c.3734: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
2539546c.3734: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff85970000 'C:\Windows\System32\crypt32.dll'
2540546c.3734: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\winnsi.dll'
2541546c.3734: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff31f70000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
2542546c.3734: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
2543546c.3734: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-kernel32-errorhandling-l1-1-0.dll) -> 0x0, fPresent=1
2544546c.3734: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-kernel32-errorhandling-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2545546c.3734: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff88570000 'ext-ms-win-kernel32-errorhandling-l1-1-0.dll'
2546546c.3734: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff84bb0000 'C:\Windows\system32\rsaenh.dll'
2547546c.3734: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff85970000 'C:\Windows\System32\crypt32.dll'
2548546c.3734: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
2549546c.3734: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntdll.dll) WinVerifyTrust
2550546c.3734: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2551546c.3734: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
2552546c.3734: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff894a0000 'C:\Windows\System32\ntdll.dll'
25534440.88c: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x80000003 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 10443 ms, the end);
25545e0.1118: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x80000003 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 10853 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy