VirtualBox

Ticket #18512: VBoxHardening.log

File VBoxHardening.log, 361.5 KB (added by ghassenboy, 6 years ago)

VBoxHardening.log

Line 
1ba64.bb64: Log file opened: 6.0.4r128413 g_hStartupLog=0000000000000068 g_uNtVerCombined=0xa042ee00
2ba64.bb64: \SystemRoot\System32\ntdll.dll:
3ba64.bb64: CreationTime: 2019-03-19T08:48:10.725724200Z
4ba64.bb64: LastWriteTime: 2019-01-09T05:39:12.294139300Z
5ba64.bb64: ChangeTime: 2019-03-19T19:00:17.479865400Z
6ba64.bb64: FileAttributes: 0x20
7ba64.bb64: Size: 0x1da658
8ba64.bb64: NT Headers: 0xe8
9ba64.bb64: Timestamp: 0x74bed8b0
10ba64.bb64: Machine: 0x8664 - amd64
11ba64.bb64: Timestamp: 0x74bed8b0
12ba64.bb64: Image Version: 10.0
13ba64.bb64: SizeOfImage: 0x1e1000 (1970176)
14ba64.bb64: Resource Dir: 0x174000 LB 0x6b3e8
15ba64.bb64: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
16ba64.bb64: [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)]
17ba64.bb64: ProductName: Microsoft® Windows® Operating System
18ba64.bb64: ProductVersion: 10.0.17134.556
19ba64.bb64: FileVersion: 10.0.17134.556 (WinBuild.160101.0800)
20ba64.bb64: FileDescription: NT Layer DLL
21ba64.bb64: \SystemRoot\System32\kernel32.dll:
22ba64.bb64: CreationTime: 2019-03-19T08:48:07.772316700Z
23ba64.bb64: LastWriteTime: 2019-01-09T17:57:37.752934500Z
24ba64.bb64: ChangeTime: 2019-03-19T19:00:17.136157900Z
25ba64.bb64: FileAttributes: 0x20
26ba64.bb64: Size: 0xafe98
27ba64.bb64: NT Headers: 0xe8
28ba64.bb64: Timestamp: 0x80e62f4a
29ba64.bb64: Machine: 0x8664 - amd64
30ba64.bb64: Timestamp: 0x80e62f4a
31ba64.bb64: Image Version: 10.0
32ba64.bb64: SizeOfImage: 0xb2000 (729088)
33ba64.bb64: Resource Dir: 0xb0000 LB 0x520
34ba64.bb64: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
35ba64.bb64: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
36ba64.bb64: ProductName: Microsoft® Windows® Operating System
37ba64.bb64: ProductVersion: 10.0.17134.556
38ba64.bb64: FileVersion: 10.0.17134.556 (WinBuild.160101.0800)
39ba64.bb64: FileDescription: Windows NT BASE API Client DLL
40ba64.bb64: \SystemRoot\System32\KernelBase.dll:
41ba64.bb64: CreationTime: 2019-03-19T08:48:13.960218700Z
42ba64.bb64: LastWriteTime: 2019-01-09T05:39:21.823731200Z
43ba64.bb64: ChangeTime: 2019-03-19T19:00:17.636077200Z
44ba64.bb64: FileAttributes: 0x20
45ba64.bb64: Size: 0x273d70
46ba64.bb64: NT Headers: 0xf0
47ba64.bb64: Timestamp: 0xb9f4a0f1
48ba64.bb64: Machine: 0x8664 - amd64
49ba64.bb64: Timestamp: 0xb9f4a0f1
50ba64.bb64: Image Version: 10.0
51ba64.bb64: SizeOfImage: 0x273000 (2568192)
52ba64.bb64: Resource Dir: 0x251000 LB 0x548
53ba64.bb64: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
54ba64.bb64: [Raw version resource data: 0x2510b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
55ba64.bb64: ProductName: Microsoft® Windows® Operating System
56ba64.bb64: ProductVersion: 10.0.17134.556
57ba64.bb64: FileVersion: 10.0.17134.556 (WinBuild.160101.0800)
58ba64.bb64: FileDescription: Windows NT BASE API Client DLL
59ba64.bb64: \SystemRoot\System32\apisetschema.dll:
60ba64.bb64: CreationTime: 2018-04-11T23:34:44.042150700Z
61ba64.bb64: LastWriteTime: 2018-04-11T23:34:44.042150700Z
62ba64.bb64: ChangeTime: 2018-07-18T07:47:28.485208600Z
63ba64.bb64: FileAttributes: 0x20
64ba64.bb64: Size: 0x1bd98
65ba64.bb64: NT Headers: 0xd0
66ba64.bb64: Timestamp: 0xd02ff418
67ba64.bb64: Machine: 0x8664 - amd64
68ba64.bb64: Timestamp: 0xd02ff418
69ba64.bb64: Image Version: 10.0
70ba64.bb64: SizeOfImage: 0x1c000 (114688)
71ba64.bb64: Resource Dir: 0x1b000 LB 0x408
72ba64.bb64: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
73ba64.bb64: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
74ba64.bb64: ProductName: Microsoft® Windows® Operating System
75ba64.bb64: ProductVersion: 10.0.17134.1
76ba64.bb64: FileVersion: 10.0.17134.1 (WinBuild.160101.0800)
77ba64.bb64: FileDescription: ApiSet Schema DLL
78ba64.bb64: Found driver tmcomm (0x8)
79ba64.bb64: Found driver tmevtmgr (0x8)
80ba64.bb64: Found driver tmactmon (0x8)
81ba64.bb64: Found driver tmeevw (0x8)
82ba64.bb64: supR3HardenedWinFindAdversaries: 0x8
83ba64.bb64: \SystemRoot\System32\drivers\tmcomm.sys:
84ba64.bb64: CreationTime: 2017-10-15T21:53:42.000000000Z
85ba64.bb64: LastWriteTime: 2017-10-15T21:53:42.000000000Z
86ba64.bb64: ChangeTime: 2018-07-18T08:41:35.049312600Z
87ba64.bb64: FileAttributes: 0x20
88ba64.bb64: Size: 0x6ac98
89ba64.bb64: NT Headers: 0x100
90ba64.bb64: Timestamp: 0x59dfcffd
91ba64.bb64: Machine: 0x8664 - amd64
92ba64.bb64: Timestamp: 0x59dfcffd
93ba64.bb64: Image Version: 10.0
94ba64.bb64: SizeOfImage: 0x6c000 (442368)
95ba64.bb64: Resource Dir: 0x6a000 LB 0x568
96ba64.bb64: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
97ba64.bb64: [Raw version resource data: 0x6a060 LB 0x504, codepage 0x0 (reserved 0x0)]
98ba64.bb64: ProductName: Trend Micro Eyes
99ba64.bb64: ProductVersion: 7.0
100ba64.bb64: FileVersion: 7.0.0.1147
101ba64.bb64: SpecialBuild: 1147
102ba64.bb64: PrivateBuild: Build 1147 - 10/13/2017
103ba64.bb64: FileDescription: TrendMicro Common Module
104ba64.bb64: \SystemRoot\System32\drivers\tmactmon.sys:
105ba64.bb64: CreationTime: 2017-10-30T18:15:04.000000000Z
106ba64.bb64: LastWriteTime: 2017-10-30T18:15:04.000000000Z
107ba64.bb64: ChangeTime: 2018-07-18T08:41:35.049312600Z
108ba64.bb64: FileAttributes: 0x20
109ba64.bb64: Size: 0x20870
110ba64.bb64: NT Headers: 0xe0
111ba64.bb64: Timestamp: 0x59f03fc7
112ba64.bb64: Machine: 0x8664 - amd64
113ba64.bb64: Timestamp: 0x59f03fc7
114ba64.bb64: Image Version: 6.0
115ba64.bb64: SizeOfImage: 0x24000 (147456)
116ba64.bb64: Resource Dir: 0x22000 LB 0x590
117ba64.bb64: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
118ba64.bb64: [Raw version resource data: 0x22060 LB 0x52c, codepage 0x0 (reserved 0x0)]
119ba64.bb64: ProductName: Trend Micro AEGIS
120ba64.bb64: ProductVersion: 2.976
121ba64.bb64: FileVersion: 2.976.0.1259
122ba64.bb64: SpecialBuild: 1259
123ba64.bb64: PrivateBuild: Build 1259 - 10/25/2017
124ba64.bb64: FileDescription: TrendMicro Activity Monitor Module
125ba64.bb64: \SystemRoot\System32\drivers\tmevtmgr.sys:
126ba64.bb64: CreationTime: 2017-10-30T18:15:18.000000000Z
127ba64.bb64: LastWriteTime: 2017-10-30T18:15:18.000000000Z
128ba64.bb64: ChangeTime: 2018-07-18T08:41:35.049312600Z
129ba64.bb64: FileAttributes: 0x20
130ba64.bb64: Size: 0x17258
131ba64.bb64: NT Headers: 0xe0
132ba64.bb64: Timestamp: 0x59f03fc1
133ba64.bb64: Machine: 0x8664 - amd64
134ba64.bb64: Timestamp: 0x59f03fc1
135ba64.bb64: Image Version: 6.0
136ba64.bb64: SizeOfImage: 0x17000 (94208)
137ba64.bb64: Resource Dir: 0x15000 LB 0x590
138ba64.bb64: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
139ba64.bb64: [Raw version resource data: 0x15060 LB 0x52c, codepage 0x0 (reserved 0x0)]
140ba64.bb64: ProductName: Trend Micro AEGIS
141ba64.bb64: ProductVersion: 2.976
142ba64.bb64: FileVersion: 2.976.0.1259
143ba64.bb64: SpecialBuild: 1259
144ba64.bb64: PrivateBuild: Build 1259 - 10/25/2017
145ba64.bb64: FileDescription: TrendMicro Event Management Module
146ba64.bb64: \SystemRoot\System32\drivers\tmebc64.sys:
147ba64.bb64: CreationTime: 2016-04-21T09:08:08.000000000Z
148ba64.bb64: LastWriteTime: 2016-04-21T09:08:08.000000000Z
149ba64.bb64: ChangeTime: 2018-07-18T08:41:35.049312600Z
150ba64.bb64: FileAttributes: 0x20
151ba64.bb64: Size: 0x11b38
152ba64.bb64: NT Headers: 0xf8
153ba64.bb64: Timestamp: 0x564ac673
154ba64.bb64: Machine: 0x8664 - amd64
155ba64.bb64: Timestamp: 0x564ac673
156ba64.bb64: Image Version: 6.0
157ba64.bb64: SizeOfImage: 0x12000 (73728)
158ba64.bb64: Resource Dir: 0x10000 LB 0x6f8
159ba64.bb64: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
160ba64.bb64: [Raw version resource data: 0x10060 LB 0x694, codepage 0x0 (reserved 0x0)]
161ba64.bb64: ProductName: Trend Micro Early Boot Clean
162ba64.bb64: ProductVersion: 1.5
163ba64.bb64: FileVersion: 1.5.0.1023
164ba64.bb64: SpecialBuild: 1023
165ba64.bb64: PrivateBuild: Build 1023 - 11/17/2015
166ba64.bb64: FileDescription: Trend Micro early boot driver
167ba64.bb64: \SystemRoot\System32\drivers\tmeevw.sys:
168ba64.bb64: CreationTime: 2017-04-25T13:39:52.000000000Z
169ba64.bb64: LastWriteTime: 2017-04-25T13:39:52.000000000Z
170ba64.bb64: ChangeTime: 2018-07-18T08:41:35.049312600Z
171ba64.bb64: FileAttributes: 0x20
172ba64.bb64: Size: 0x22ed8
173ba64.bb64: NT Headers: 0xf8
174ba64.bb64: Timestamp: 0x58f08d99
175ba64.bb64: Machine: 0x8664 - amd64
176ba64.bb64: Timestamp: 0x58f08d99
177ba64.bb64: Image Version: 10.0
178ba64.bb64: SizeOfImage: 0x23000 (143360)
179ba64.bb64: Resource Dir: 0x1d000 LB 0x4df0
180ba64.bb64: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
181ba64.bb64: [Raw version resource data: 0x218fc LB 0x4f4, codepage 0x4e4 (reserved 0x0)]
182ba64.bb64: ProductName: Trend Micro EagleEye
183ba64.bb64: ProductVersion: 3.0
184ba64.bb64: FileVersion: 3.0.0.1005
185ba64.bb64: SpecialBuild: 1005
186ba64.bb64: PrivateBuild: Build 1005 - 4/14/2017
187ba64.bb64: FileDescription: Trend Micro EagleEye Driver (VW) (amd64-fre)
188ba64.bb64: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
189ba64.bb64: Calling main()
190ba64.bb64: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
191ba64.bb64: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
192ba64.bb64: SUPR3HardenedMain: Respawn #1
193ba64.bb64: System32: \Device\HarddiskVolume3\Windows\System32
194ba64.bb64: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
195ba64.bb64: KnownDllPath: C:\WINDOWS\System32
196ba64.bb64: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
197ba64.bb64: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
198ba64.bb64: supR3HardNtEnableThreadCreation:
199ba64.bb64: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffe88094f90 pvNtTerminateThread=00007ffe880bb3f0
200ba64.bb64: supR3HardenedWinDoReSpawn(1): New child b7a0.b48c [kernel32].
201ba64.bb64: supR3HardNtChildGatherData: PebBaseAddress=0000000000867000 cbPeb=0x388
202ba64.bb64: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffe88020000 uNtDllChildAddr=00007ffe88020000
203ba64.bb64: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffe88094f90
204ba64.bb64: supR3HardenedWinSetupChildInit: Start child.
205ba64.bb64: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
206ba64.bb64: supR3HardNtChildPurify: Startup delay kludge #1/0: 520 ms, 59 sleeps
207ba64.bb64: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
208ba64.bb64: *0000000000000000-000000000079ffff 0x0001/0x0000 0x0000000
209ba64.bb64: *00000000007a0000-00000000007bffff 0x0004/0x0004 0x0020000
210ba64.bb64: *00000000007c0000-00000000007d8fff 0x0002/0x0002 0x0040000
211ba64.bb64: 00000000007d9000-00000000007dffff 0x0001/0x0000 0x0000000
212ba64.bb64: *00000000007e0000-00000000007e3fff 0x0002/0x0002 0x0040000
213ba64.bb64: 00000000007e4000-00000000007effff 0x0001/0x0000 0x0000000
214ba64.bb64: *00000000007f0000-00000000007f0fff 0x0004/0x0004 0x0020000
215ba64.bb64: 00000000007f1000-00000000007fffff 0x0001/0x0000 0x0000000
216ba64.bb64: *0000000000800000-0000000000866fff 0x0000/0x0004 0x0020000
217ba64.bb64: 0000000000867000-0000000000869fff 0x0004/0x0004 0x0020000
218ba64.bb64: 000000000086a000-00000000009fffff 0x0000/0x0004 0x0020000
219ba64.bb64: *0000000000a00000-0000000000afafff 0x0000/0x0004 0x0020000
220ba64.bb64: 0000000000afb000-0000000000afdfff 0x0104/0x0004 0x0020000
221ba64.bb64: 0000000000afe000-0000000000afffff 0x0004/0x0004 0x0020000
222ba64.bb64: 0000000000b00000-000000007ffdffff 0x0001/0x0000 0x0000000
223ba64.bb64: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
224ba64.bb64: 000000007ffe1000-00007ff5f901ffff 0x0001/0x0000 0x0000000
225ba64.bb64: *00007ff5f9020000-00007ff5f9042fff 0x0002/0x0002 0x0040000
226ba64.bb64: 00007ff5f9043000-00007ff722a5ffff 0x0001/0x0000 0x0000000
227ba64.bb64: *00007ff722a60000-00007ff722a60fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
228ba64.bb64: 00007ff722a61000-00007ff722ad3fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
229ba64.bb64: 00007ff722ad4000-00007ff722ad4fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
230ba64.bb64: 00007ff722ad5000-00007ff722b1bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
231ba64.bb64: 00007ff722b1c000-00007ff722b1cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
232ba64.bb64: 00007ff722b1d000-00007ff722b1dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
233ba64.bb64: 00007ff722b1e000-00007ff722b22fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
234ba64.bb64: 00007ff722b23000-00007ff722b23fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
235ba64.bb64: 00007ff722b24000-00007ff722b24fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
236ba64.bb64: 00007ff722b25000-00007ff722b28fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
237ba64.bb64: 00007ff722b29000-00007ff722b71fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
238ba64.bb64: 00007ff722b72000-00007ffe8801ffff 0x0001/0x0000 0x0000000
239ba64.bb64: *00007ffe88020000-00007ffe88020fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
240ba64.bb64: 00007ffe88021000-00007ffe8812ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
241ba64.bb64: 00007ffe88130000-00007ffe88175fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
242ba64.bb64: 00007ffe88176000-00007ffe88180fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
243ba64.bb64: 00007ffe88181000-00007ffe8818efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
244ba64.bb64: 00007ffe8818f000-00007ffe8818ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
245ba64.bb64: 00007ffe88190000-00007ffe88192fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
246ba64.bb64: 00007ffe88193000-00007ffe88200fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
247ba64.bb64: 00007ffe88201000-00007ffffffeffff 0x0001/0x0000 0x0000000
248ba64.bb64: VirtualBoxVM.exe: timestamp 0x5c4b51f3 (rc=VINF_SUCCESS)
249ba64.bb64: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
250ba64.bb64: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
251ba64.bb64: supR3HardNtChildPurify: Done after 550 ms and 0 fixes (loop #0).
252ba64.bb64: supR3HardNtEnableThreadCreation:
253b7a0.b48c: Log file opened: 6.0.4r128413 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa042ee00
254b7a0.b48c: supR3HardenedVmProcessInit: uNtDllAddr=00007ffe88020000 g_uNtVerCombined=0xa042ee00
255b7a0.b48c: ntdll.dll: timestamp 0x74bed8b0 (rc=VINF_SUCCESS)
256b7a0.b48c: New simple heap: #1 0000000000c00000 LB 0x400000 (for 1970176 allocation)
257b7a0.b48c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
258b7a0.b48c: System32: \Device\HarddiskVolume3\Windows\System32
259b7a0.b48c: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
260b7a0.b48c: KnownDllPath: C:\WINDOWS\System32
261b7a0.b48c: supR3HardenedVmProcessInit: Opening vboxdrv stub...
262b7a0.b48c: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
263b7a0.b48c: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
264b7a0.b48c: Registered Dll notification callback with NTDLL.
265b7a0.b48c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
266b7a0.b48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
267b7a0.b48c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
268b7a0.b48c: supR3HardenedDllNotificationCallback: load 00007ffe84930000 LB 0x00273000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
269b7a0.b48c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
270b7a0.b48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
271b7a0.b48c: supR3HardenedDllNotificationCallback: load 00007ffe869e0000 LB 0x000b2000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
272b7a0.b48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
273b7a0.b48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe869e0000 'C:\WINDOWS\System32\KERNEL32.DLL'
274b7a0.b48c: supR3HardenedDllNotificationCallback: load 00007ff722a60000 LB 0x00112000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
275b7a0.b48c: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
276b7a0.b48c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
277b7a0.b48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
278b7a0.b48c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffe88094f90 pvNtTerminateThread=00007ffe880bb3f0
279ba64.bb64: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 72 ms.
280b7a0.b48c: \SystemRoot\System32\ntdll.dll:
281b7a0.b48c: CreationTime: 2019-03-19T08:48:10.725724200Z
282b7a0.b48c: LastWriteTime: 2019-01-09T05:39:12.294139300Z
283b7a0.b48c: ChangeTime: 2019-03-19T19:00:17.479865400Z
284b7a0.b48c: FileAttributes: 0x20
285b7a0.b48c: Size: 0x1da658
286b7a0.b48c: NT Headers: 0xe8
287b7a0.b48c: Timestamp: 0x74bed8b0
288b7a0.b48c: Machine: 0x8664 - amd64
289b7a0.b48c: Timestamp: 0x74bed8b0
290b7a0.b48c: Image Version: 10.0
291b7a0.b48c: SizeOfImage: 0x1e1000 (1970176)
292b7a0.b48c: Resource Dir: 0x174000 LB 0x6b3e8
293b7a0.b48c: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
294b7a0.b48c: [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)]
295b7a0.b48c: ProductName: Microsoft® Windows® Operating System
296b7a0.b48c: ProductVersion: 10.0.17134.556
297b7a0.b48c: FileVersion: 10.0.17134.556 (WinBuild.160101.0800)
298b7a0.b48c: FileDescription: NT Layer DLL
299b7a0.b48c: \SystemRoot\System32\kernel32.dll:
300b7a0.b48c: CreationTime: 2019-03-19T08:48:07.772316700Z
301b7a0.b48c: LastWriteTime: 2019-01-09T17:57:37.752934500Z
302b7a0.b48c: ChangeTime: 2019-03-19T19:00:17.136157900Z
303b7a0.b48c: FileAttributes: 0x20
304b7a0.b48c: Size: 0xafe98
305b7a0.b48c: NT Headers: 0xe8
306b7a0.b48c: Timestamp: 0x80e62f4a
307b7a0.b48c: Machine: 0x8664 - amd64
308b7a0.b48c: Timestamp: 0x80e62f4a
309b7a0.b48c: Image Version: 10.0
310b7a0.b48c: SizeOfImage: 0xb2000 (729088)
311b7a0.b48c: Resource Dir: 0xb0000 LB 0x520
312b7a0.b48c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
313b7a0.b48c: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
314b7a0.b48c: ProductName: Microsoft® Windows® Operating System
315b7a0.b48c: ProductVersion: 10.0.17134.556
316b7a0.b48c: FileVersion: 10.0.17134.556 (WinBuild.160101.0800)
317b7a0.b48c: FileDescription: Windows NT BASE API Client DLL
318b7a0.b48c: \SystemRoot\System32\KernelBase.dll:
319b7a0.b48c: CreationTime: 2019-03-19T08:48:13.960218700Z
320b7a0.b48c: LastWriteTime: 2019-01-09T05:39:21.823731200Z
321b7a0.b48c: ChangeTime: 2019-03-19T19:00:17.636077200Z
322b7a0.b48c: FileAttributes: 0x20
323b7a0.b48c: Size: 0x273d70
324b7a0.b48c: NT Headers: 0xf0
325b7a0.b48c: Timestamp: 0xb9f4a0f1
326b7a0.b48c: Machine: 0x8664 - amd64
327b7a0.b48c: Timestamp: 0xb9f4a0f1
328b7a0.b48c: Image Version: 10.0
329b7a0.b48c: SizeOfImage: 0x273000 (2568192)
330b7a0.b48c: Resource Dir: 0x251000 LB 0x548
331b7a0.b48c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
332b7a0.b48c: [Raw version resource data: 0x2510b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
333b7a0.b48c: ProductName: Microsoft® Windows® Operating System
334b7a0.b48c: ProductVersion: 10.0.17134.556
335b7a0.b48c: FileVersion: 10.0.17134.556 (WinBuild.160101.0800)
336b7a0.b48c: FileDescription: Windows NT BASE API Client DLL
337b7a0.b48c: \SystemRoot\System32\apisetschema.dll:
338b7a0.b48c: CreationTime: 2018-04-11T23:34:44.042150700Z
339b7a0.b48c: LastWriteTime: 2018-04-11T23:34:44.042150700Z
340b7a0.b48c: ChangeTime: 2018-07-18T07:47:28.485208600Z
341b7a0.b48c: FileAttributes: 0x20
342b7a0.b48c: Size: 0x1bd98
343b7a0.b48c: NT Headers: 0xd0
344b7a0.b48c: Timestamp: 0xd02ff418
345b7a0.b48c: Machine: 0x8664 - amd64
346b7a0.b48c: Timestamp: 0xd02ff418
347b7a0.b48c: Image Version: 10.0
348b7a0.b48c: SizeOfImage: 0x1c000 (114688)
349b7a0.b48c: Resource Dir: 0x1b000 LB 0x408
350b7a0.b48c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
351b7a0.b48c: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
352b7a0.b48c: ProductName: Microsoft® Windows® Operating System
353b7a0.b48c: ProductVersion: 10.0.17134.1
354b7a0.b48c: FileVersion: 10.0.17134.1 (WinBuild.160101.0800)
355b7a0.b48c: FileDescription: ApiSet Schema DLL
356b7a0.b48c: Found driver tmcomm (0x8)
357b7a0.b48c: Found driver tmevtmgr (0x8)
358b7a0.b48c: Found driver tmactmon (0x8)
359b7a0.b48c: Found driver tmeevw (0x8)
360b7a0.b48c: supR3HardenedWinFindAdversaries: 0x8
361b7a0.b48c: \SystemRoot\System32\drivers\tmcomm.sys:
362b7a0.b48c: CreationTime: 2017-10-15T21:53:42.000000000Z
363b7a0.b48c: LastWriteTime: 2017-10-15T21:53:42.000000000Z
364b7a0.b48c: ChangeTime: 2018-07-18T08:41:35.049312600Z
365b7a0.b48c: FileAttributes: 0x20
366b7a0.b48c: Size: 0x6ac98
367b7a0.b48c: NT Headers: 0x100
368b7a0.b48c: Timestamp: 0x59dfcffd
369b7a0.b48c: Machine: 0x8664 - amd64
370b7a0.b48c: Timestamp: 0x59dfcffd
371b7a0.b48c: Image Version: 10.0
372b7a0.b48c: SizeOfImage: 0x6c000 (442368)
373b7a0.b48c: Resource Dir: 0x6a000 LB 0x568
374b7a0.b48c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
375b7a0.b48c: [Raw version resource data: 0x6a060 LB 0x504, codepage 0x0 (reserved 0x0)]
376b7a0.b48c: ProductName: Trend Micro Eyes
377b7a0.b48c: ProductVersion: 7.0
378b7a0.b48c: FileVersion: 7.0.0.1147
379b7a0.b48c: SpecialBuild: 1147
380b7a0.b48c: PrivateBuild: Build 1147 - 10/13/2017
381b7a0.b48c: FileDescription: TrendMicro Common Module
382b7a0.b48c: \SystemRoot\System32\drivers\tmactmon.sys:
383b7a0.b48c: CreationTime: 2017-10-30T18:15:04.000000000Z
384b7a0.b48c: LastWriteTime: 2017-10-30T18:15:04.000000000Z
385b7a0.b48c: ChangeTime: 2018-07-18T08:41:35.049312600Z
386b7a0.b48c: FileAttributes: 0x20
387b7a0.b48c: Size: 0x20870
388b7a0.b48c: NT Headers: 0xe0
389b7a0.b48c: Timestamp: 0x59f03fc7
390b7a0.b48c: Machine: 0x8664 - amd64
391b7a0.b48c: Timestamp: 0x59f03fc7
392b7a0.b48c: Image Version: 6.0
393b7a0.b48c: SizeOfImage: 0x24000 (147456)
394b7a0.b48c: Resource Dir: 0x22000 LB 0x590
395b7a0.b48c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
396b7a0.b48c: [Raw version resource data: 0x22060 LB 0x52c, codepage 0x0 (reserved 0x0)]
397b7a0.b48c: ProductName: Trend Micro AEGIS
398b7a0.b48c: ProductVersion: 2.976
399b7a0.b48c: FileVersion: 2.976.0.1259
400b7a0.b48c: SpecialBuild: 1259
401b7a0.b48c: PrivateBuild: Build 1259 - 10/25/2017
402b7a0.b48c: FileDescription: TrendMicro Activity Monitor Module
403b7a0.b48c: \SystemRoot\System32\drivers\tmevtmgr.sys:
404b7a0.b48c: CreationTime: 2017-10-30T18:15:18.000000000Z
405b7a0.b48c: LastWriteTime: 2017-10-30T18:15:18.000000000Z
406b7a0.b48c: ChangeTime: 2018-07-18T08:41:35.049312600Z
407b7a0.b48c: FileAttributes: 0x20
408b7a0.b48c: Size: 0x17258
409b7a0.b48c: NT Headers: 0xe0
410b7a0.b48c: Timestamp: 0x59f03fc1
411b7a0.b48c: Machine: 0x8664 - amd64
412b7a0.b48c: Timestamp: 0x59f03fc1
413b7a0.b48c: Image Version: 6.0
414b7a0.b48c: SizeOfImage: 0x17000 (94208)
415b7a0.b48c: Resource Dir: 0x15000 LB 0x590
416b7a0.b48c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
417b7a0.b48c: [Raw version resource data: 0x15060 LB 0x52c, codepage 0x0 (reserved 0x0)]
418b7a0.b48c: ProductName: Trend Micro AEGIS
419b7a0.b48c: ProductVersion: 2.976
420b7a0.b48c: FileVersion: 2.976.0.1259
421b7a0.b48c: SpecialBuild: 1259
422b7a0.b48c: PrivateBuild: Build 1259 - 10/25/2017
423b7a0.b48c: FileDescription: TrendMicro Event Management Module
424b7a0.b48c: \SystemRoot\System32\drivers\tmebc64.sys:
425b7a0.b48c: CreationTime: 2016-04-21T09:08:08.000000000Z
426b7a0.b48c: LastWriteTime: 2016-04-21T09:08:08.000000000Z
427b7a0.b48c: ChangeTime: 2018-07-18T08:41:35.049312600Z
428b7a0.b48c: FileAttributes: 0x20
429b7a0.b48c: Size: 0x11b38
430b7a0.b48c: NT Headers: 0xf8
431b7a0.b48c: Timestamp: 0x564ac673
432b7a0.b48c: Machine: 0x8664 - amd64
433b7a0.b48c: Timestamp: 0x564ac673
434b7a0.b48c: Image Version: 6.0
435b7a0.b48c: SizeOfImage: 0x12000 (73728)
436b7a0.b48c: Resource Dir: 0x10000 LB 0x6f8
437b7a0.b48c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
438b7a0.b48c: [Raw version resource data: 0x10060 LB 0x694, codepage 0x0 (reserved 0x0)]
439b7a0.b48c: ProductName: Trend Micro Early Boot Clean
440b7a0.b48c: ProductVersion: 1.5
441b7a0.b48c: FileVersion: 1.5.0.1023
442b7a0.b48c: SpecialBuild: 1023
443b7a0.b48c: PrivateBuild: Build 1023 - 11/17/2015
444b7a0.b48c: FileDescription: Trend Micro early boot driver
445b7a0.b48c: \SystemRoot\System32\drivers\tmeevw.sys:
446b7a0.b48c: CreationTime: 2017-04-25T13:39:52.000000000Z
447b7a0.b48c: LastWriteTime: 2017-04-25T13:39:52.000000000Z
448b7a0.b48c: ChangeTime: 2018-07-18T08:41:35.049312600Z
449b7a0.b48c: FileAttributes: 0x20
450b7a0.b48c: Size: 0x22ed8
451b7a0.b48c: NT Headers: 0xf8
452b7a0.b48c: Timestamp: 0x58f08d99
453b7a0.b48c: Machine: 0x8664 - amd64
454b7a0.b48c: Timestamp: 0x58f08d99
455b7a0.b48c: Image Version: 10.0
456b7a0.b48c: SizeOfImage: 0x23000 (143360)
457b7a0.b48c: Resource Dir: 0x1d000 LB 0x4df0
458b7a0.b48c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
459b7a0.b48c: [Raw version resource data: 0x218fc LB 0x4f4, codepage 0x4e4 (reserved 0x0)]
460b7a0.b48c: ProductName: Trend Micro EagleEye
461b7a0.b48c: ProductVersion: 3.0
462b7a0.b48c: FileVersion: 3.0.0.1005
463b7a0.b48c: SpecialBuild: 1005
464b7a0.b48c: PrivateBuild: Build 1005 - 4/14/2017
465b7a0.b48c: FileDescription: Trend Micro EagleEye Driver (VW) (amd64-fre)
466b7a0.b48c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
467b7a0.b48c: Calling main()
468b7a0.b48c: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
469b7a0.b48c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
470b7a0.b48c: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
471b7a0.b48c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
472b7a0.b48c: SUPR3HardenedMain: Respawn #2
473b7a0.b48c: supR3HardNtEnableThreadCreation:
474b7a0.b48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
475b7a0.b48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.
476b7a0.b48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
477b7a0.b48c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\advapi32.dll)
478b7a0.b48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\advapi32.dll
479b7a0.b48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
480b7a0.b48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
481b7a0.b48c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll)
482b7a0.b48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
483b7a0.b48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
484b7a0.b48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume3\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
485b7a0.b48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
486b7a0.b48c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\sechost.dll)
487b7a0.b48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sechost.dll
488b7a0.b48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
489b7a0.b48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
490b7a0.b48c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcrt.dll)
491b7a0.b48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
492b7a0.b48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
493b7a0.b48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
494b7a0.b48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
495b7a0.b48c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x1000 pwszSearchPath=0000000000000000:<flags> [calling]
496b7a0.b48c: supR3HardenedDllNotificationCallback: load 00007ffe86560000 LB 0x0009e000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0]
497b7a0.b48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
498b7a0.b48c: supR3HardenedDllNotificationCallback: load 00007ffe85760000 LB 0x00124000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
499b7a0.b48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
500b7a0.b48c: supR3HardenedDllNotificationCallback: load 00007ffe85890000 LB 0x0005b000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
501b7a0.b48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\sechost.dll [lacks WinVerifyTrust]
502b7a0.b48c: supR3HardenedDllNotificationCallback: load 00007ffe86600000 LB 0x000a1000 C:\WINDOWS\System32\ADVAPI32.DLL [fFlags=0x0]
503b7a0.b48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
504b7a0.b48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe86600000 'C:\WINDOWS\System32\ADVAPI32.DLL'
505b7a0.b48c: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
506b7a0.b48c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntdll.dll)
507b7a0.b48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntdll.dll
508b7a0.b48c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
509b7a0.b48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88020000 'C:\WINDOWS\System32\ntdll.dll'
510b7a0.b48c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffe88094f90 pvNtTerminateThread=00007ffe880bb3f0
511b7a0.b48c: supR3HardenedWinDoReSpawn(2): New child b9b0.ad08 [kernel32].
512b7a0.b48c: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
513b7a0.b48c: supR3HardNtChildGatherData: PebBaseAddress=0000000000baf000 cbPeb=0x388
514b7a0.b48c: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffe88020000 uNtDllChildAddr=00007ffe88020000
515b7a0.b48c: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffe88094f90
516b7a0.b48c: supR3HardenedWinSetupChildInit: Start child.
517b7a0.b48c: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms.
518b7a0.b48c: supR3HardNtChildPurify: Startup delay kludge #1/0: 517 ms, 59 sleeps
519b7a0.b48c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
520b7a0.b48c: *0000000000000000-00000000009cffff 0x0001/0x0000 0x0000000
521b7a0.b48c: *00000000009d0000-00000000009effff 0x0004/0x0004 0x0020000
522b7a0.b48c: *00000000009f0000-00000000009f3fff 0x0002/0x0002 0x0040000
523b7a0.b48c: 00000000009f4000-00000000009fffff 0x0001/0x0000 0x0000000
524b7a0.b48c: *0000000000a00000-0000000000baefff 0x0000/0x0004 0x0020000
525b7a0.b48c: 0000000000baf000-0000000000bb1fff 0x0004/0x0004 0x0020000
526b7a0.b48c: 0000000000bb2000-0000000000bfffff 0x0000/0x0004 0x0020000
527b7a0.b48c: *0000000000c00000-0000000000c18fff 0x0002/0x0002 0x0040000
528b7a0.b48c: 0000000000c19000-0000000000c1ffff 0x0001/0x0000 0x0000000
529b7a0.b48c: *0000000000c20000-0000000000d1afff 0x0000/0x0004 0x0020000
530b7a0.b48c: 0000000000d1b000-0000000000d1dfff 0x0104/0x0004 0x0020000
531b7a0.b48c: 0000000000d1e000-0000000000d1ffff 0x0004/0x0004 0x0020000
532b7a0.b48c: *0000000000d20000-0000000000d20fff 0x0004/0x0004 0x0020000
533b7a0.b48c: 0000000000d21000-000000007ffdffff 0x0001/0x0000 0x0000000
534b7a0.b48c: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
535b7a0.b48c: 000000007ffe1000-00007ff524baffff 0x0001/0x0000 0x0000000
536b7a0.b48c: *00007ff524bb0000-00007ff524bd2fff 0x0002/0x0002 0x0040000
537b7a0.b48c: 00007ff524bd3000-00007ff722a5ffff 0x0001/0x0000 0x0000000
538b7a0.b48c: *00007ff722a60000-00007ff722a60fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
539b7a0.b48c: 00007ff722a61000-00007ff722ad3fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
540b7a0.b48c: 00007ff722ad4000-00007ff722ad4fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
541b7a0.b48c: 00007ff722ad5000-00007ff722b1bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
542b7a0.b48c: 00007ff722b1c000-00007ff722b1cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
543b7a0.b48c: 00007ff722b1d000-00007ff722b1dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
544b7a0.b48c: 00007ff722b1e000-00007ff722b22fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
545b7a0.b48c: 00007ff722b23000-00007ff722b23fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
546b7a0.b48c: 00007ff722b24000-00007ff722b24fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
547b7a0.b48c: 00007ff722b25000-00007ff722b28fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
548b7a0.b48c: 00007ff722b29000-00007ff722b71fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
549b7a0.b48c: 00007ff722b72000-00007ffe8801ffff 0x0001/0x0000 0x0000000
550b7a0.b48c: *00007ffe88020000-00007ffe88020fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
551b7a0.b48c: 00007ffe88021000-00007ffe8812ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
552b7a0.b48c: 00007ffe88130000-00007ffe88175fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
553b7a0.b48c: 00007ffe88176000-00007ffe88180fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
554b7a0.b48c: 00007ffe88181000-00007ffe8818efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
555b7a0.b48c: 00007ffe8818f000-00007ffe8818ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
556b7a0.b48c: 00007ffe88190000-00007ffe88192fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
557b7a0.b48c: 00007ffe88193000-00007ffe88200fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
558b7a0.b48c: 00007ffe88201000-00007ffffffeffff 0x0001/0x0000 0x0000000
559b7a0.b48c: VirtualBoxVM.exe: timestamp 0x5c4b51f3 (rc=VINF_SUCCESS)
560b7a0.b48c: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
561b7a0.b48c: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
562b7a0.b48c: supR3HardNtChildPurify: Done after 567 ms and 0 fixes (loop #0).
563b7a0.b48c: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000c00000 LB 0x400000)
564b7a0.b48c: supR3HardNtEnableThreadCreation:
565b9b0.ad08: Log file opened: 6.0.4r128413 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa042ee00
566b9b0.ad08: supR3HardenedVmProcessInit: uNtDllAddr=00007ffe88020000 g_uNtVerCombined=0xa042ee00
567b9b0.ad08: ntdll.dll: timestamp 0x74bed8b0 (rc=VINF_SUCCESS)
568b9b0.ad08: New simple heap: #1 0000000000e30000 LB 0x400000 (for 1970176 allocation)
569b9b0.ad08: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
570b9b0.ad08: System32: \Device\HarddiskVolume3\Windows\System32
571b9b0.ad08: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
572b9b0.ad08: KnownDllPath: C:\WINDOWS\System32
573b9b0.ad08: supR3HardenedVmProcessInit: Opening vboxdrv...
574b9b0.ad08: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
575b9b0.ad08: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
576b9b0.ad08: Registered Dll notification callback with NTDLL.
577b9b0.ad08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
578b9b0.ad08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
579b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
580b9b0.ad08: supR3HardenedDllNotificationCallback: load 00007ffe84930000 LB 0x00273000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
581b9b0.ad08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
582b9b0.ad08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
583b9b0.ad08: supR3HardenedDllNotificationCallback: load 00007ffe869e0000 LB 0x000b2000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
584b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
585b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe869e0000 'C:\WINDOWS\System32\KERNEL32.DLL'
586b9b0.ad08: supR3HardenedDllNotificationCallback: load 00007ff722a60000 LB 0x00112000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
587b9b0.ad08: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
588b9b0.ad08: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
589b9b0.ad08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
590b9b0.ad08: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffe88094f90 pvNtTerminateThread=00007ffe880bb3f0
591b7a0.b48c: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 82 ms.
592b9b0.ad08: \SystemRoot\System32\ntdll.dll:
593b9b0.ad08: CreationTime: 2019-03-19T08:48:10.725724200Z
594b9b0.ad08: LastWriteTime: 2019-01-09T05:39:12.294139300Z
595b9b0.ad08: ChangeTime: 2019-03-19T19:00:17.479865400Z
596b9b0.ad08: FileAttributes: 0x20
597b9b0.ad08: Size: 0x1da658
598b9b0.ad08: NT Headers: 0xe8
599b9b0.ad08: Timestamp: 0x74bed8b0
600b9b0.ad08: Machine: 0x8664 - amd64
601b9b0.ad08: Timestamp: 0x74bed8b0
602b9b0.ad08: Image Version: 10.0
603b9b0.ad08: SizeOfImage: 0x1e1000 (1970176)
604b9b0.ad08: Resource Dir: 0x174000 LB 0x6b3e8
605b9b0.ad08: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
606b9b0.ad08: [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)]
607b9b0.ad08: ProductName: Microsoft® Windows® Operating System
608b9b0.ad08: ProductVersion: 10.0.17134.556
609b9b0.ad08: FileVersion: 10.0.17134.556 (WinBuild.160101.0800)
610b9b0.ad08: FileDescription: NT Layer DLL
611b9b0.ad08: \SystemRoot\System32\kernel32.dll:
612b9b0.ad08: CreationTime: 2019-03-19T08:48:07.772316700Z
613b9b0.ad08: LastWriteTime: 2019-01-09T17:57:37.752934500Z
614b9b0.ad08: ChangeTime: 2019-03-19T19:00:17.136157900Z
615b9b0.ad08: FileAttributes: 0x20
616b9b0.ad08: Size: 0xafe98
617b9b0.ad08: NT Headers: 0xe8
618b9b0.ad08: Timestamp: 0x80e62f4a
619b9b0.ad08: Machine: 0x8664 - amd64
620b9b0.ad08: Timestamp: 0x80e62f4a
621b9b0.ad08: Image Version: 10.0
622b9b0.ad08: SizeOfImage: 0xb2000 (729088)
623b9b0.ad08: Resource Dir: 0xb0000 LB 0x520
624b9b0.ad08: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
625b9b0.ad08: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
626b9b0.ad08: ProductName: Microsoft® Windows® Operating System
627b9b0.ad08: ProductVersion: 10.0.17134.556
628b9b0.ad08: FileVersion: 10.0.17134.556 (WinBuild.160101.0800)
629b9b0.ad08: FileDescription: Windows NT BASE API Client DLL
630b9b0.ad08: \SystemRoot\System32\KernelBase.dll:
631b9b0.ad08: CreationTime: 2019-03-19T08:48:13.960218700Z
632b9b0.ad08: LastWriteTime: 2019-01-09T05:39:21.823731200Z
633b9b0.ad08: ChangeTime: 2019-03-19T19:00:17.636077200Z
634b9b0.ad08: FileAttributes: 0x20
635b9b0.ad08: Size: 0x273d70
636b9b0.ad08: NT Headers: 0xf0
637b9b0.ad08: Timestamp: 0xb9f4a0f1
638b9b0.ad08: Machine: 0x8664 - amd64
639b9b0.ad08: Timestamp: 0xb9f4a0f1
640b9b0.ad08: Image Version: 10.0
641b9b0.ad08: SizeOfImage: 0x273000 (2568192)
642b9b0.ad08: Resource Dir: 0x251000 LB 0x548
643b9b0.ad08: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
644b9b0.ad08: [Raw version resource data: 0x2510b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
645b9b0.ad08: ProductName: Microsoft® Windows® Operating System
646b9b0.ad08: ProductVersion: 10.0.17134.556
647b9b0.ad08: FileVersion: 10.0.17134.556 (WinBuild.160101.0800)
648b9b0.ad08: FileDescription: Windows NT BASE API Client DLL
649b9b0.ad08: \SystemRoot\System32\apisetschema.dll:
650b9b0.ad08: CreationTime: 2018-04-11T23:34:44.042150700Z
651b9b0.ad08: LastWriteTime: 2018-04-11T23:34:44.042150700Z
652b9b0.ad08: ChangeTime: 2018-07-18T07:47:28.485208600Z
653b9b0.ad08: FileAttributes: 0x20
654b9b0.ad08: Size: 0x1bd98
655b9b0.ad08: NT Headers: 0xd0
656b9b0.ad08: Timestamp: 0xd02ff418
657b9b0.ad08: Machine: 0x8664 - amd64
658b9b0.ad08: Timestamp: 0xd02ff418
659b9b0.ad08: Image Version: 10.0
660b9b0.ad08: SizeOfImage: 0x1c000 (114688)
661b9b0.ad08: Resource Dir: 0x1b000 LB 0x408
662b9b0.ad08: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
663b9b0.ad08: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
664b9b0.ad08: ProductName: Microsoft® Windows® Operating System
665b9b0.ad08: ProductVersion: 10.0.17134.1
666b9b0.ad08: FileVersion: 10.0.17134.1 (WinBuild.160101.0800)
667b9b0.ad08: FileDescription: ApiSet Schema DLL
668b9b0.ad08: Found driver tmcomm (0x8)
669b9b0.ad08: Found driver tmevtmgr (0x8)
670b9b0.ad08: Found driver tmactmon (0x8)
671b9b0.ad08: Found driver tmeevw (0x8)
672b9b0.ad08: supR3HardenedWinFindAdversaries: 0x8
673b9b0.ad08: \SystemRoot\System32\drivers\tmcomm.sys:
674b9b0.ad08: CreationTime: 2017-10-15T21:53:42.000000000Z
675b9b0.ad08: LastWriteTime: 2017-10-15T21:53:42.000000000Z
676b9b0.ad08: ChangeTime: 2018-07-18T08:41:35.049312600Z
677b9b0.ad08: FileAttributes: 0x20
678b9b0.ad08: Size: 0x6ac98
679b9b0.ad08: NT Headers: 0x100
680b9b0.ad08: Timestamp: 0x59dfcffd
681b9b0.ad08: Machine: 0x8664 - amd64
682b9b0.ad08: Timestamp: 0x59dfcffd
683b9b0.ad08: Image Version: 10.0
684b9b0.ad08: SizeOfImage: 0x6c000 (442368)
685b9b0.ad08: Resource Dir: 0x6a000 LB 0x568
686b9b0.ad08: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
687b9b0.ad08: [Raw version resource data: 0x6a060 LB 0x504, codepage 0x0 (reserved 0x0)]
688b9b0.ad08: ProductName: Trend Micro Eyes
689b9b0.ad08: ProductVersion: 7.0
690b9b0.ad08: FileVersion: 7.0.0.1147
691b9b0.ad08: SpecialBuild: 1147
692b9b0.ad08: PrivateBuild: Build 1147 - 10/13/2017
693b9b0.ad08: FileDescription: TrendMicro Common Module
694b9b0.ad08: \SystemRoot\System32\drivers\tmactmon.sys:
695b9b0.ad08: CreationTime: 2017-10-30T18:15:04.000000000Z
696b9b0.ad08: LastWriteTime: 2017-10-30T18:15:04.000000000Z
697b9b0.ad08: ChangeTime: 2018-07-18T08:41:35.049312600Z
698b9b0.ad08: FileAttributes: 0x20
699b9b0.ad08: Size: 0x20870
700b9b0.ad08: NT Headers: 0xe0
701b9b0.ad08: Timestamp: 0x59f03fc7
702b9b0.ad08: Machine: 0x8664 - amd64
703b9b0.ad08: Timestamp: 0x59f03fc7
704b9b0.ad08: Image Version: 6.0
705b9b0.ad08: SizeOfImage: 0x24000 (147456)
706b9b0.ad08: Resource Dir: 0x22000 LB 0x590
707b9b0.ad08: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
708b9b0.ad08: [Raw version resource data: 0x22060 LB 0x52c, codepage 0x0 (reserved 0x0)]
709b9b0.ad08: ProductName: Trend Micro AEGIS
710b9b0.ad08: ProductVersion: 2.976
711b9b0.ad08: FileVersion: 2.976.0.1259
712b9b0.ad08: SpecialBuild: 1259
713b9b0.ad08: PrivateBuild: Build 1259 - 10/25/2017
714b9b0.ad08: FileDescription: TrendMicro Activity Monitor Module
715b9b0.ad08: \SystemRoot\System32\drivers\tmevtmgr.sys:
716b9b0.ad08: CreationTime: 2017-10-30T18:15:18.000000000Z
717b9b0.ad08: LastWriteTime: 2017-10-30T18:15:18.000000000Z
718b9b0.ad08: ChangeTime: 2018-07-18T08:41:35.049312600Z
719b9b0.ad08: FileAttributes: 0x20
720b9b0.ad08: Size: 0x17258
721b9b0.ad08: NT Headers: 0xe0
722b9b0.ad08: Timestamp: 0x59f03fc1
723b9b0.ad08: Machine: 0x8664 - amd64
724b9b0.ad08: Timestamp: 0x59f03fc1
725b9b0.ad08: Image Version: 6.0
726b9b0.ad08: SizeOfImage: 0x17000 (94208)
727b9b0.ad08: Resource Dir: 0x15000 LB 0x590
728b9b0.ad08: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
729b9b0.ad08: [Raw version resource data: 0x15060 LB 0x52c, codepage 0x0 (reserved 0x0)]
730b9b0.ad08: ProductName: Trend Micro AEGIS
731b9b0.ad08: ProductVersion: 2.976
732b9b0.ad08: FileVersion: 2.976.0.1259
733b9b0.ad08: SpecialBuild: 1259
734b9b0.ad08: PrivateBuild: Build 1259 - 10/25/2017
735b9b0.ad08: FileDescription: TrendMicro Event Management Module
736b9b0.ad08: \SystemRoot\System32\drivers\tmebc64.sys:
737b9b0.ad08: CreationTime: 2016-04-21T09:08:08.000000000Z
738b9b0.ad08: LastWriteTime: 2016-04-21T09:08:08.000000000Z
739b9b0.ad08: ChangeTime: 2018-07-18T08:41:35.049312600Z
740b9b0.ad08: FileAttributes: 0x20
741b9b0.ad08: Size: 0x11b38
742b9b0.ad08: NT Headers: 0xf8
743b9b0.ad08: Timestamp: 0x564ac673
744b9b0.ad08: Machine: 0x8664 - amd64
745b9b0.ad08: Timestamp: 0x564ac673
746b9b0.ad08: Image Version: 6.0
747b9b0.ad08: SizeOfImage: 0x12000 (73728)
748b9b0.ad08: Resource Dir: 0x10000 LB 0x6f8
749b9b0.ad08: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
750b9b0.ad08: [Raw version resource data: 0x10060 LB 0x694, codepage 0x0 (reserved 0x0)]
751b9b0.ad08: ProductName: Trend Micro Early Boot Clean
752b9b0.ad08: ProductVersion: 1.5
753b9b0.ad08: FileVersion: 1.5.0.1023
754b9b0.ad08: SpecialBuild: 1023
755b9b0.ad08: PrivateBuild: Build 1023 - 11/17/2015
756b9b0.ad08: FileDescription: Trend Micro early boot driver
757b9b0.ad08: \SystemRoot\System32\drivers\tmeevw.sys:
758b9b0.ad08: CreationTime: 2017-04-25T13:39:52.000000000Z
759b9b0.ad08: LastWriteTime: 2017-04-25T13:39:52.000000000Z
760b9b0.ad08: ChangeTime: 2018-07-18T08:41:35.049312600Z
761b9b0.ad08: FileAttributes: 0x20
762b9b0.ad08: Size: 0x22ed8
763b9b0.ad08: NT Headers: 0xf8
764b9b0.ad08: Timestamp: 0x58f08d99
765b9b0.ad08: Machine: 0x8664 - amd64
766b9b0.ad08: Timestamp: 0x58f08d99
767b9b0.ad08: Image Version: 10.0
768b9b0.ad08: SizeOfImage: 0x23000 (143360)
769b9b0.ad08: Resource Dir: 0x1d000 LB 0x4df0
770b9b0.ad08: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
771b9b0.ad08: [Raw version resource data: 0x218fc LB 0x4f4, codepage 0x4e4 (reserved 0x0)]
772b9b0.ad08: ProductName: Trend Micro EagleEye
773b9b0.ad08: ProductVersion: 3.0
774b9b0.ad08: FileVersion: 3.0.0.1005
775b9b0.ad08: SpecialBuild: 1005
776b9b0.ad08: PrivateBuild: Build 1005 - 4/14/2017
777b9b0.ad08: FileDescription: Trend Micro EagleEye Driver (VW) (amd64-fre)
778b9b0.ad08: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
779b9b0.ad08: Calling main()
780b9b0.ad08: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
781b9b0.ad08: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
782b9b0.ad08: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
783b9b0.ad08: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
784b9b0.ad08: SUPR3HardenedMain: Final process, opening VBoxDrv...
785b9b0.ad08: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000e30000 LB 0x400000)
786b9b0.ad08: supR3HardNtEnableThreadCreation:
787b9b0.ad08: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
788b9b0.ad08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
789b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
790b9b0.ad08: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
791b9b0.ad08: supR3HardenedDllNotificationCallback: load 00007ffe7e730000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
792b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
793b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
794b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
795b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe7e730000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
796b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
797b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
798b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe7e730000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
799b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe7e730000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
800b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
801b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
802b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
803b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
804b9b0.ad08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wintrust.dll)
805b9b0.ad08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wintrust.dll
806b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
807b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
808b9b0.ad08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll)
809b9b0.ad08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
810b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
811b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
812b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'msasn1.dll'.
813b9b0.ad08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\crypt32.dll)
814b9b0.ad08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\crypt32.dll
815b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
816b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
817b9b0.ad08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msasn1.dll)
818b9b0.ad08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msasn1.dll
819b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
820b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
821b9b0.ad08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcrt.dll)
822b9b0.ad08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
823b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
824b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
825b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
826b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
827b9b0.ad08: supR3HardenedDllNotificationCallback: load 00007ffe86560000 LB 0x0009e000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0]
828b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
829b9b0.ad08: supR3HardenedDllNotificationCallback: load 00007ffe843b0000 LB 0x00012000 C:\WINDOWS\System32\MSASN1.dll [fFlags=0x0]
830b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
831b9b0.ad08: supR3HardenedDllNotificationCallback: load 00007ffe847b0000 LB 0x000fa000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0]
832b9b0.ad08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ucrtbase.dll)
833b9b0.ad08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ucrtbase.dll
834b9b0.ad08: supR3HardenedDllNotificationCallback: load 00007ffe852c0000 LB 0x001e2000 C:\WINDOWS\System32\CRYPT32.dll [fFlags=0x0]
835b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
836b9b0.ad08: supR3HardenedDllNotificationCallback: load 00007ffe85760000 LB 0x00124000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
837b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
838b9b0.ad08: supR3HardenedDllNotificationCallback: load 00007ffe85890000 LB 0x0005b000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
839b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
840b9b0.ad08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\sechost.dll)
841b9b0.ad08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sechost.dll
842b9b0.ad08: supR3HardenedDllNotificationCallback: load 00007ffe86600000 LB 0x000a1000 C:\WINDOWS\System32\advapi32.dll [fFlags=0x0]
843b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
844b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.
845b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
846b9b0.ad08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\advapi32.dll)
847b9b0.ad08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\advapi32.dll
848b9b0.ad08: supR3HardenedDllNotificationCallback: load 00007ffe848b0000 LB 0x00057000 C:\WINDOWS\System32\Wintrust.dll [fFlags=0x0]
849b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
850b9b0.ad08: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
851b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
852b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe84930000 'api-ms-win-core-synch-l1-2-0'
853b9b0.ad08: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
854b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
855b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe84930000 'api-ms-win-core-fibers-l1-1-1'
856b9b0.ad08: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
857b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
858b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe84930000 'api-ms-win-core-fibers-l1-1-1'
859b9b0.ad08: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
860b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
861b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe84930000 'api-ms-win-core-synch-l1-2-0'
862b9b0.ad08: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
863b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
864b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe84930000 'api-ms-win-core-localization-l1-2-1'
865b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe848b0000 'C:\WINDOWS\system32\Wintrust.dll'
866b9b0.ad08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcrypt.dll)
867b9b0.ad08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
868b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
869b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
870b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
871b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
872b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume3\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
873b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\sechost.dll [lacks WinVerifyTrust]
874b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
875b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
876b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
877b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
878b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
879b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
880b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
881b9b0.ad08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
882b9b0.ad08: supR3HardenedDllNotificationCallback: load 00007ffe83e90000 LB 0x00025000 C:\WINDOWS\system32\bcrypt.dll [fFlags=0x0]
883b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
884b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83e90000 'C:\WINDOWS\system32\bcrypt.dll'
885b9b0.ad08: bcrypt.dll loaded at 00007ffe83e90000, BCryptOpenAlgorithmProvider at 00007ffe83e92770, preloading providers:
886b9b0.ad08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll)
887b9b0.ad08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
888b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
889b9b0.ad08: supR3HardenedDllNotificationCallback: load 00007ffe84730000 LB 0x0007a000 C:\WINDOWS\System32\bcryptprimitives.dll [fFlags=0x0]
890b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
891b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe84730000 'C:\WINDOWS\system32\bcryptprimitives.dll'
892b9b0.ad08: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=00000000012f4fd0)
893b9b0.ad08: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=00000000012fefb0)
894b9b0.ad08: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=00000000012ffa90)
895b9b0.ad08: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=00000000012ffd60)
896b9b0.ad08: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000001300030)
897b9b0.ad08: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000001300300)
898b9b0.ad08: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=00000000013005d0)
899b9b0.ad08: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=00000000013008a0)
900b9b0.ad08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptsp.dll)
901b9b0.ad08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptsp.dll
902b9b0.ad08: supR3HardenedDllNotificationCallback: load 00007ffe83d60000 LB 0x00017000 C:\WINDOWS\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
903b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
904b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'bcrypt.dll'.
905b9b0.ad08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rsaenh.dll)
906b9b0.ad08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
907b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
908b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
909b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
910b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
911b9b0.ad08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
912b9b0.ad08: supR3HardenedDllNotificationCallback: load 00007ffe83790000 LB 0x00033000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
913b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
914b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
915b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
916b9b0.ad08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptbase.dll)
917b9b0.ad08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptbase.dll
918b9b0.ad08: supR3HardenedDllNotificationCallback: load 00007ffe83d80000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
919b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
920b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
921b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
922b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
923b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
924b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
925b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe869e0000 'C:\WINDOWS\System32\kernel32.dll'
926b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
927b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
928b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe848b0000 'C:\WINDOWS\System32\WINTRUST.DLL'
929b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
930b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
931b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe852c0000 'C:\WINDOWS\System32\CRYPT32.dll'
932b9b0.ad08: supR3HardenedDllNotificationCallback: load 00007ffe858f0000 LB 0x0001d000 C:\WINDOWS\System32\imagehlp.dll [fFlags=0x0]
933b9b0.ad08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\imagehlp.dll)
934b9b0.ad08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imagehlp.dll
935b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
936b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
937b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
938b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
939b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
940b9b0.ad08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gpapi.dll)
941b9b0.ad08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gpapi.dll
942b9b0.ad08: supR3HardenedDllNotificationCallback: load 00007ffe82f50000 LB 0x00022000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0]
943b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
944b9b0.ad08: supR3HardenedDllNotificationCallback: load 00007ffe84340000 LB 0x0001f000 C:\WINDOWS\System32\profapi.dll [fFlags=0x0]
945b9b0.ad08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\profapi.dll)
946b9b0.ad08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\profapi.dll
947b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
948b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
949b9b0.ad08: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\cryptnet.dll)
950b9b0.ad08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptnet.dll
951b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
952b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
953b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
954b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
955b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
956b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
957b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
958b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
959b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
960b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
961b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
962b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
963b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
964b9b0.ad08: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
965b9b0.ad08: supR3HardenedDllNotificationCallback: load 00007ffe702c0000 LB 0x0002e000 C:\WINDOWS\System32\cryptnet.dll [fFlags=0x0]
966b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
967b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
968b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
969b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe702c0000 'C:\WINDOWS\System32\cryptnet.dll'
970b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
971b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
972b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe702c0000 'C:\WINDOWS\System32\cryptnet.dll'
973b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
974b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
975b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe702c0000 'C:\WINDOWS\System32\cryptnet.dll'
976b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
977b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
978b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe702c0000 'C:\WINDOWS\System32\cryptnet.dll'
979b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
980b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
981b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe702c0000 'C:\WINDOWS\System32\cryptnet.dll'
982b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
983b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
984b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe702c0000 'C:\WINDOWS\System32\cryptnet.dll'
985b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
986b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe702c0000 'C:\WINDOWS\System32\cryptnet.dll'
987b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
988b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe702c0000 'C:\WINDOWS\System32\cryptnet.dll'
989b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
990b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe702c0000 'C:\WINDOWS\System32\cryptnet.dll'
991b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
992b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe702c0000 'C:\WINDOWS\System32\cryptnet.dll'
993b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
994b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe702c0000 'C:\WINDOWS\System32\cryptnet.dll'
995b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe702c0000 'C:\WINDOWS\System32\cryptnet.dll'
996b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
997b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe702c0000 'C:\Windows\System32\cryptnet.dll'
998b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
999b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1000b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
1001b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
1002b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1003b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe852c0000 'C:\WINDOWS\System32\crypt32.dll'
1004b9b0.ad08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
1005b9b0.ad08: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000013aee10
1006b9b0.ad08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000013aee10
1007b9b0.ad08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3D9249CDD9D5B7D620D08752EFD898FF2188E7A4
1008b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1009b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1010b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe85760000 'C:\WINDOWS\System32\rpcrt4.dll'
1011b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1012b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1013b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
1014b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
1015b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1016b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe852c0000 'C:\WINDOWS\System32\crypt32.dll'
1017b9b0.ad08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1789_for_KB4487017~31bf3856ad364e35~amd64~~10.0.1.7.cat'; file='\SystemRoot\System32\ntdll.dll'
1018b9b0.ad08: g_pfnWinVerifyTrust=00007ffe848b9940
1019b9b0.ad08: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
1020b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1021b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1022b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
1023b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
1024b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1025b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe852c0000 'C:\WINDOWS\System32\crypt32.dll'
1026b9b0.ad08: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\crypt32.dll'
1027b9b0.ad08: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
1028b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1029b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1030b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
1031b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
1032b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1033b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe852c0000 'C:\WINDOWS\System32\crypt32.dll'
1034b9b0.ad08: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\wintrust.dll'
1035b9b0.ad08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003a0 pwszName=\Device\HarddiskVolume3\Windows\System32\cryptnet.dll
1036b9b0.ad08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000013aee10
1037b9b0.ad08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000013aee10
1038b9b0.ad08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2EB3B5899525BF398A932A3B6257F3B13169332E
1039b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1040b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1041b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
1042b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe852c0000 'C:\WINDOWS\System32\crypt32.dll'
1043b9b0.ad08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0015~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\cryptnet.dll'
1044b9b0.ad08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1045b9b0.ad08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptnet.dll'
1046b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1047b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
1048b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe852c0000 'C:\WINDOWS\System32\crypt32.dll'
1049b9b0.ad08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\profapi.dll'
1050b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1051b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
1052b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe852c0000 'C:\WINDOWS\System32\crypt32.dll'
1053b9b0.ad08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gpapi.dll'
1054b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1055b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
1056b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe852c0000 'C:\WINDOWS\System32\crypt32.dll'
1057b9b0.ad08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imagehlp.dll'
1058b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1059b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
1060b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe852c0000 'C:\WINDOWS\System32\crypt32.dll'
1061b9b0.ad08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptbase.dll'
1062b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1063b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
1064b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe852c0000 'C:\WINDOWS\System32\crypt32.dll'
1065b9b0.ad08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rsaenh.dll'
1066b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
1067b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe852c0000 'C:\WINDOWS\System32\crypt32.dll'
1068b9b0.ad08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptsp.dll'
1069b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
1070b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
1071b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1072b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe852c0000 'C:\WINDOWS\System32\crypt32.dll'
1073b9b0.ad08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll'
1074b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
1075b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1076b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
1077b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe852c0000 'C:\WINDOWS\System32\crypt32.dll'
1078b9b0.ad08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll'
1079b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
1080b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe852c0000 'C:\WINDOWS\System32\crypt32.dll'
1081b9b0.ad08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\advapi32.dll'
1082b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
1083b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe852c0000 'C:\WINDOWS\System32\crypt32.dll'
1084b9b0.ad08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\sechost.dll'
1085b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
1086b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe852c0000 'C:\WINDOWS\System32\crypt32.dll'
1087b9b0.ad08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ucrtbase.dll'
1088b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
1089b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe852c0000 'C:\WINDOWS\System32\crypt32.dll'
1090b9b0.ad08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll'
1091b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
1092b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe852c0000 'C:\WINDOWS\System32\crypt32.dll'
1093b9b0.ad08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msasn1.dll'
1094b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
1095b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe852c0000 'C:\WINDOWS\System32\crypt32.dll'
1096b9b0.ad08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll'
1097b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
1098b9b0.ad08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
1099b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
1100b9b0.ad08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe'
1101b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
1102b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe852c0000 'C:\WINDOWS\System32\crypt32.dll'
1103b9b0.ad08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\KernelBase.dll'
1104b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
1105b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe852c0000 'C:\WINDOWS\System32\crypt32.dll'
1106b9b0.ad08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\kernel32.dll'
1107b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe852c0000 'C:\WINDOWS\system32\crypt32.dll'
1108b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
1109b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
1110b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
1111b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
1112b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
1113b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
1114b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
1115b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
1116b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
1117b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
1118b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
1119b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
1120b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
1121b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
1122b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
1123b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0xe248b7eeee4af00 C=CH, O=SwissSign AG, CN=SwissSign Gold CA - G2
1124b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
1125b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
1126b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
1127b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
1128b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
1129b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
1130b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
1131b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0xb3d6d6c9f168c800 C=FR, O=Dhimyotis, CN=Certigna
1132b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
1133b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
1134b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
1135b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0xd41691e475fb8515 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO ECC Certification Authority
1136b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0x923f2c0a09ccd400 C=FR, O=Certinomis, OU=0002 433998903, CN=Certinomis - Root CA
1137b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
1138b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0xef62113787ebace5 C=US, O=GeoTrust Inc., OU=(c) 2007 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G2
1139b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
1140b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
1141b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0xbebef0d2217f0bfb C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G3
1142b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0x802b3770cb00af00 C=EU, L=Madrid (see current address at www.camerfirma.com/address), SRN=A82743287, O=AC Camerfirma S.A., CN=Chambers of Commerce Root - 2008
1143b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
1144b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
1145b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0x35f812d09650dc00 C=FR, O=Certplus, CN=Class 2 Primary CA
1146b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
1147b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
1148b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
1149b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0xef477acf4ab2d300 C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 2009
1150b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
1151b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
1152b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
1153b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
1154b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0xb16dd37ffeb3b300 C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1
1155b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
1156b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0xac1e0fca7ad3c900 C=ES, O=IZENPE S.A., CN=Izenpe.com
1157b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0xb1591a653918cd00 C=FR, O=Dhimyotis, OU=0002 48146308100036, CN=Certigna Root CA
1158b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
1159b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
1160b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0xab549401526569d3 L=Internet, O=VeriSign, Inc., OU=VeriSign Commercial Software Publishers CA
1161b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0x1f78fc529cbacb00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
1162b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0xdc1801b225aea100 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 G3
1163b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
1164b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018
1165b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
1166b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
1167b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
1168b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0x43f4be3b8525bf00 DC=net, DC=circet, CN=circet-SRV-AD1-CA
1169b9b0.ad08: supR3HardenedWinIsDesiredRootCA: skipping - not-self-signed: CN=SRV-NOVELA.circet.net
1170b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
1171b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0x99cb2e9cdd6fb200 C=FR, O=SFR, CN=SFR Public AC Racine Infrastructure
1172b9b0.ad08: supR3HardenedWinIsDesiredRootCA: skipping - not-self-signed: OU=Domain Control Validated, CN=*.circet.fr
1173b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0x51daaece839d8f00 CN=srv-novela.circet.net
1174b9b0.ad08: supR3HardenedWinIsDesiredRootCA: skipping - not-self-signed: C=BE, O=GlobalSign nv-sa, CN=GlobalSign Domain Validation CA - SHA256 - G2
1175b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0x21c84a5538c0fb00 DC=NET, DC=Circet, OU=pki, CN=Circet AC ROOT
1176b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0x183f925cb6e3aa00 DC=net, DC=circet, CN=circet-SRV-NOVELA-CA
1177b9b0.ad08: supR3HardenedWinIsDesiredRootCA: skipping - not-self-signed: DC=net, DC=circet, CN=Circet AC Utilisateur
1178b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0xe66ab060a23ece00 CN=srv-novela-ca.circet
1179b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0xd45918326c85a200 DC=net, DC=circet, CN=extranet
1180b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0x2d68b3131204d200 DC=net, DC=circet, CN=externe
1181b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0x43f4be3b8525bf00 DC=net, DC=circet, CN=circet-SRV-AD1-CA
1182b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0x3fcb6000bdf6de00 DC=net, DC=circet, CN=nomade
1183b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0x3972700600c7d800 DC=net, DC=circet, CN=mobiles
1184b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0x667ed1a23df5bc00 DC=net, DC=circet, CN=circet-SRV-TSE-CA
1185b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0xe6d45336c392bc00 DC=net, DC=circet, CN=mobiles
1186b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0xeb92c339a0fcf00 DC=net, DC=circet, CN=mobiles
1187b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0x2ede6a9b60aad900 DC=net, DC=circet, CN=externe
1188b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0x43f4be3b8525bf00 DC=net, DC=circet, CN=circet-SRV-AD1-CA
1189b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0x3b0ad82ddb859700 DC=net, DC=circet, CN=circet-SRV-SKYPE-CA
1190b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0x7a69685497aebd00 DC=net, DC=circet, CN=mobiles
1191b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0xeaaf6aa14e01c600 DC=net, DC=circet, CN=wifi
1192b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0x183f925cb6e3aa00 DC=net, DC=circet, CN=circet-SRV-NOVELA-CA
1193b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0x87e2b11a9488e600 DC=net, DC=circet, CN=extranet
1194b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0xbac4632c49fee600 DC=net, DC=circet, CN=circet-SRV-AD1-CA-1
1195b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0x5896143ccd91bd00 DC=net, DC=circet, CN=wifi
1196b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0x4c3152c15872d700 DC=net, DC=circet, CN=mobiles
1197b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0xa2c35fe1ef96ce00 DC=net, DC=circet, CN=wifi
1198b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0x6948327b2060b900 DC=net, DC=circet, CN=extranet
1199b9b0.ad08: supR3HardenedWinIsDesiredRootCA: Adding 0xc9a037cc51c2fe00 DC=net, DC=circet, CN=pda
1200b9b0.ad08: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=88
1201b9b0.ad08: SUPR3HardenedMain: Load Runtime...
1202b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
1203b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1204b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
1205b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
1206b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
1207b9b0.ad08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
1208b9b0.ad08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1209b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1210b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1211b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
1212b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe852c0000 'C:\WINDOWS\System32\crypt32.dll'
1213b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
1214b9b0.ad08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ws2_32.dll) WinVerifyTrust
1215b9b0.ad08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
1216b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1217b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1218b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
1219b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1220b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1221b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1222b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1223b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
1224b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
1225b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1226b9b0.ad08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
1227b9b0.ad08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
1228b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1229b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1230b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1231b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1232b9b0.ad08: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1233b9b0.ad08: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll)
1234b9b0.ad08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
1235b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
1236b9b0.ad08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
1237b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
1238b9b0.ad08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1239b9b0.ad08: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
1240b9b0.ad08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
1241b9b0.ad08: supR3HardenedDllNotificationCallback: load 000000006c180000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
1242b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
1243b9b0.ad08: supR3HardenedDllNotificationCallback: load 000000006c0e0000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
1244b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
1245b9b0.ad08: supR3HardenedDllNotificationCallback: load 00007ffe85fd0000 LB 0x0006c000 C:\WINDOWS\System32\WS2_32.dll [fFlags=0x0]
1246b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
1247b9b0.ad08: supR3HardenedDllNotificationCallback: load 00007ffe4f5c0000 LB 0x0052d000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
1248b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1249b9b0.ad08: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1250b9b0.ad08: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1251b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1252b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1253b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4f5c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1254b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1255b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1256b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4f5c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1257b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1258b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1259b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4f5c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1260b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1261b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1262b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4f5c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1263b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1264b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1265b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4f5c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1266b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1267b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1268b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4f5c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1269b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4f5c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1270b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4f5c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1271b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4f5c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1272b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4f5c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1273b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4f5c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1274b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4f5c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1275b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4f5c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1276b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1277b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1278b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4f5c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1279b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4f5c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1280b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4f5c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1281b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4f5c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1282b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4f5c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1283b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4f5c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1284b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4f5c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1285b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4f5c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1286b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4f5c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1287b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4f5c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1288b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4f5c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1289b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4f5c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1290b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4f5c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1291b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4f5c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1292b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4f5c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1293b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4f5c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1294b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1295b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1296b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4f5c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1297b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4f5c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1298b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4f5c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1299b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4f5c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1300b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll
1301b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1302b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe848b0000 'C:\WINDOWS\system32\Wintrust.dll'
1303b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
1304b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe852c0000 'C:\WINDOWS\System32\crypt32.dll'
1305b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
1306b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1307b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
1308b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe852c0000 'C:\WINDOWS\System32\crypt32.dll'
1309b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe852c0000 'C:\WINDOWS\system32\crypt32.dll'
1310b9b0.ad08: SUPR3HardenedMain: Load TrustedMain...
1311b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
1312b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1313b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxglobal.dll'.
1314b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
1315b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcp100.dll'.
1316b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcr100.dll'.
1317b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5corevbox.dll'.
1318b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5guivbox.dll'.
1319b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5widgetsvbox.dll'.
1320b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
1321b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
1322b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'ole32.dll'.
1323b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'oleaut32.dll'.
1324b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'winmm.dll'.
1325b9b0.ad08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll) WinVerifyTrust
1326b9b0.ad08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
1327b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1328b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1329b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
1330b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe852c0000 'C:\WINDOWS\System32\crypt32.dll'
1331b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
1332b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
1333b9b0.ad08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winmm.dll) WinVerifyTrust
1334b9b0.ad08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winmm.dll
1335b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1336b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1337b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1338b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1339b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
1340b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
1341b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
1342b9b0.ad08: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'.
1343b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1344b9b0.ad08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winmmbase.dll)
1345b9b0.ad08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winmmbase.dll
1346b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1347b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1348b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
1349b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
1350b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
1351b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1352b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe852c0000 'C:\WINDOWS\System32\crypt32.dll'
1353b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
1354b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
1355b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'.
1356b9b0.ad08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\oleaut32.dll) WinVerifyTrust
1357b9b0.ad08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
1358b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1359b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1360b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1361b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1362b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
1363b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1364b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1365b9b0.ad08: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
1366b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
1367b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'bcryptprimitives.dll'.
1368b9b0.ad08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\combase.dll)
1369b9b0.ad08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\combase.dll
1370b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
1371b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
1372b9b0.ad08: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
1373b9b0.ad08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll)
1374b9b0.ad08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
1375b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
1376b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
1377b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
1378b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1379b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1380b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
1381b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe852c0000 'C:\WINDOWS\System32\crypt32.dll'
1382b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'.
1383b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #48 'gdi32.dll'.
1384b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #49 'user32.dll'.
1385b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #50 'combase.dll'.
1386b9b0.ad08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ole32.dll) WinVerifyTrust
1387b9b0.ad08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ole32.dll
1388b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1389b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1390b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1391b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1392b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [lacks WinVerifyTrust]
1393b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1394b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1395b9b0.ad08: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
1396b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
1397b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
1398b9b0.ad08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\user32.dll)
1399b9b0.ad08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\user32.dll
1400b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1401b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1402b9b0.ad08: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
1403b9b0.ad08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32.dll)
1404b9b0.ad08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32.dll
1405b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1406b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1407b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1408b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1409b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1410b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1411b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1412b9b0.ad08: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
1413b9b0.ad08: '\Device\HarddiskVolume3\Windows\System32\win32u.dll' has no imports
1414b9b0.ad08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\win32u.dll)
1415b9b0.ad08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\win32u.dll
1416b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
1417b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe852c0000 'C:\WINDOWS\System32\crypt32.dll'
1418b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
1419b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
1420b9b0.ad08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\user32.dll) WinVerifyTrust
1421b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
1422b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
1423b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1424b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1425b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1426b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1427b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1428b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
1429b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
1430b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
1431b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
1432b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
1433b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
1434b9b0.ad08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
1435b9b0.ad08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
1436b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1437b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1438b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1439b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1440b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
1441b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1442b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1443b9b0.ad08: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'.
1444b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1445b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
1446b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
1447b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
1448b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
1449b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
1450b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
1451b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
1452b9b0.ad08: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll)
1453b9b0.ad08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1454b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1455b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1456b9b0.ad08: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'.
1457b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
1458b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
1459b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1460b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1461b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
1462b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1463b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1464b9b0.ad08: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll)
1465b9b0.ad08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1466b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1467b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1468b9b0.ad08: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
1469b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1470b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1471b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
1472b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
1473b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
1474b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1475b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1476b9b0.ad08: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll)
1477b9b0.ad08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
1478b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1479b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1480b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
1481b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1482b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1483b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
1484b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1485b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1486b9b0.ad08: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
1487b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1488b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #74 'user32.dll'.
1489b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #76 'gdi32.dll'.
1490b9b0.ad08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shell32.dll)
1491b9b0.ad08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shell32.dll
1492b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1493b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1494b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
1495b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1496b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1497b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
1498b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1499b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1500b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
1501b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1502b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1503b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1504b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1505b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1506b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
1507b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1508b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1509b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
1510b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1511b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1512b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
1513b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1514b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1515b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
1516b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1517b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1518b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1519b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1520b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1521b9b0.ad08: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\opengl32.dll'.
1522b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1523b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
1524b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1525b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1526b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'glu32.dll'.
1527b9b0.ad08: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\opengl32.dll)
1528b9b0.ad08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\opengl32.dll
1529b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1530b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1531b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
1532b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1533b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1534b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
1535b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1536b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1537b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
1538b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
1539b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
1540b9b0.ad08: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
1541b9b0.ad08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\mpr.dll)
1542b9b0.ad08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\mpr.dll
1543b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1544b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1545b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
1546b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1547b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1548b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
1549b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1550b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1551b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
1552b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1553b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1554b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [lacks WinVerifyTrust]
1555b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1556b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1557b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
1558b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
1559b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
1560b9b0.ad08: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
1561b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1562b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1563b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'opengl32.dll'.
1564b9b0.ad08: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\glu32.dll)
1565b9b0.ad08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\glu32.dll
1566b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1567b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1568b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1569b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1570b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1571b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
1572b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1573b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1574b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
1575b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1576b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1577b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
1578b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1579b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1580b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1581b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1582b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1583b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
1584b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1585b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1586b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
1587b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1588b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1589b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
1590b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1591b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1592b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
1593b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1594b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1595b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
1596b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1597b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1598b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
1599b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
1600b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
1601b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1602b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1603b9b0.ad08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust
1604b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1605b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1606b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust]
1607b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1608b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1609b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
1610b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1611b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1612b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
1613b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1614b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1615b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [lacks WinVerifyTrust]
1616b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1617b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1618b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
1619b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1620b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1621b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
1622b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1623b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1624b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
1625b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1626b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1627b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1628b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
1629b9b0.ad08: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'
1630b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1631b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1632b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust]
1633b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
1634b9b0.ad08: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'
1635b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1636b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1637b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [redoing WinVerifyTrust]
1638b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
1639b9b0.ad08: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'
1640b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1641b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1642b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
1643b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1644b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1645b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxglobal.dll'...
1646b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxglobal.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxglobal.dll' [rcNtRedir=0xc0150008]
1647b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
1648b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
1649b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcr100.dll'.
1650b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
1651b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
1652b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5widgetsvbox.dll'.
1653b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
1654b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
1655b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'.
1656b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
1657b9b0.ad08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGlobal.dll) WinVerifyTrust
1658b9b0.ad08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGlobal.dll
1659b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1660b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1661b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
1662b9b0.ad08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000478 pwszName=\Device\HarddiskVolume3\Windows\System32\opengl32.dll
1663b9b0.ad08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000013aee10
1664b9b0.ad08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000013aee10
1665b9b0.ad08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=19A1CD90C2208B3BD0567A538CC10CADA852F417
1666b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1667b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1668b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
1669b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1670b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1671b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
1672b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1673b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1674b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
1675b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1676b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1677b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
1678b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1679b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1680b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust]
1681b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1682b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1683b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1684b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1685b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1686b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1687b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1688b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1689b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1690b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1691b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
1692b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe852c0000 'C:\WINDOWS\System32\crypt32.dll'
1693b9b0.ad08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00112~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\opengl32.dll'
1694b9b0.ad08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1695b9b0.ad08: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\opengl32.dll'
1696b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
1697b9b0.ad08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
1698b9b0.ad08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
1699b9b0.ad08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGlobal.dll
1700b9b0.ad08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1701b9b0.ad08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1702b9b0.ad08: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [avoiding WinVerifyTrust]
1703b9b0.ad08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
1704b9b0.ad08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
1705b9b0.ad08: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
1706b9b0.ad08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
1707b9b0.ad08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
1708b9b0.ad08: supR3HardenedDllNotificationCallback: load 00007ffe84910000 LB 0x00020000 C:\WINDOWS\System32\win32u.dll [fFlags=0x0]
1709b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [avoiding WinVerifyTrust]
1710b9b0.ad08: supR3HardenedDllNotificationCallback: load 00007ffe843f0000 LB 0x0009f000 C:\WINDOWS\System32\msvcp_win.dll [fFlags=0x0]
1711b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [avoiding WinVerifyTrust]
1712b9b0.ad08: supR3HardenedDllNotificationCallback: load 00007ffe844e0000 LB 0x00192000 C:\WINDOWS\System32\gdi32full.dll [fFlags=0x0]
1713b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
1714b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
1715b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'user32.dll'.
1716b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'win32u.dll'.
1717b9b0.ad08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32full.dll)
1718b9b0.ad08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32full.dll
1719b9b0.ad08: supR3HardenedDllNotificationCallback: load 00007ffe855a0000 LB 0x00028000 C:\WINDOWS\System32\GDI32.dll [fFlags=0x0]
1720b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [avoiding WinVerifyTrust]
1721b9b0.ad08: supR3HardenedDllNotificationCallback: load 00007ffe86850000 LB 0x00190000 C:\WINDOWS\System32\USER32.dll [fFlags=0x0]
1722b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [avoiding WinVerifyTrust]
1723b9b0.ad08: supR3HardenedDllNotificationCallback: load 00007ffe5cf60000 LB 0x0002c000 C:\WINDOWS\SYSTEM32\GLU32.dll [fFlags=0x0]
1724b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
1725b9b0.ad08: supR3HardenedDllNotificationCallback: load 00007ffe5cd70000 LB 0x00120000 C:\WINDOWS\SYSTEM32\OPENGL32.dll [fFlags=0x0]
1726b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
1727b9b0.ad08: supR3HardenedDllNotificationCallback: load 00007ffe84490000 LB 0x00049000 C:\WINDOWS\System32\cfgmgr32.dll [fFlags=0x0]
1728b9b0.ad08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll)
1729b9b0.ad08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
1730b9b0.ad08: supR3HardenedDllNotificationCallback: load 00007ffe86040000 LB 0x00322000 C:\WINDOWS\System32\combase.dll [fFlags=0x0]
1731b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [avoiding WinVerifyTrust]
1732b9b0.ad08: supR3HardenedDllNotificationCallback: load 00007ffe85630000 LB 0x000a9000 C:\WINDOWS\System32\shcore.dll [fFlags=0x0]
1733b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1734b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'rpcrt4.dll'.
1735b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'combase.dll'.
1736b9b0.ad08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\SHCore.dll)
1737b9b0.ad08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\SHCore.dll
1738b9b0.ad08: supR3HardenedDllNotificationCallback: load 00007ffe86aa0000 LB 0x00051000 C:\WINDOWS\System32\shlwapi.dll [fFlags=0x0]
1739b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1740b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'gdi32.dll'.
1741b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'user32.dll'.
1742b9b0.ad08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shlwapi.dll)
1743b9b0.ad08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
1744b9b0.ad08: supR3HardenedDllNotificationCallback: load 00007ffe843d0000 LB 0x00011000 C:\WINDOWS\System32\kernel.appcore.dll [fFlags=0x0]
1745b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'.
1746b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
1747b9b0.ad08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll)
1748b9b0.ad08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll
1749b9b0.ad08: supR3HardenedDllNotificationCallback: load 00007ffe84360000 LB 0x0004c000 C:\WINDOWS\System32\powrprof.dll [fFlags=0x0]
1750b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
1751b9b0.ad08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\powrprof.dll)
1752b9b0.ad08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\powrprof.dll
1753b9b0.ad08: supR3HardenedDllNotificationCallback: load 00007ffe84330000 LB 0x0000a000 C:\WINDOWS\System32\FLTLIB.DLL [fFlags=0x0]
1754b9b0.ad08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\fltLib.dll)
1755b9b0.ad08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\fltLib.dll
1756b9b0.ad08: supR3HardenedDllNotificationCallback: load 00007ffe84bb0000 LB 0x0070d000 C:\WINDOWS\System32\windows.storage.dll [fFlags=0x0]
1757b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1758b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
1759b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #54 'combase.dll'.
1760b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #58 'profapi.dll'.
1761b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #81 'fltlib.dll'.
1762b9b0.ad08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\windows.storage.dll)
1763b9b0.ad08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\windows.storage.dll
1764b9b0.ad08: supR3HardenedDllNotificationCallback: load 00007ffe86bb0000 LB 0x01440000 C:\WINDOWS\System32\SHELL32.dll [fFlags=0x0]
1765b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [avoiding WinVerifyTrust]
1766b9b0.ad08: supR3HardenedDllNotificationCallback: load 00007ffe86400000 LB 0x00151000 C:\WINDOWS\System32\ole32.dll [fFlags=0x0]
1767b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
1768b9b0.ad08: supR3HardenedDllNotificationCallback: load 00007ffe803e0000 LB 0x0001a000 C:\WINDOWS\SYSTEM32\MPR.dll [fFlags=0x0]
1769b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
1770b9b0.ad08: supR3HardenedDllNotificationCallback: load 0000000069220000 LB 0x00565000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
1771b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1772b9b0.ad08: supR3HardenedDllNotificationCallback: load 00007ffe49bd0000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
1773b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1774b9b0.ad08: supR3HardenedDllNotificationCallback: load 0000000068cb0000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
1775b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [avoiding WinVerifyTrust]
1776b9b0.ad08: supR3HardenedDllNotificationCallback: load 00007ffe85d60000 LB 0x000c3000 C:\WINDOWS\System32\OLEAUT32.dll [fFlags=0x0]
1777b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
1778b9b0.ad08: supR3HardenedDllNotificationCallback: load 00007ffe4ea00000 LB 0x005b3000 C:\Program Files\Oracle\VirtualBox\VBoxGlobal.dll [fFlags=0x0]
1779b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGlobal.dll
1780b9b0.ad08: supR3HardenedDllNotificationCallback: load 00000000697b0000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
1781b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
1782b9b0.ad08: supR3HardenedDllNotificationCallback: load 00007ffe7f6b0000 LB 0x0002a000 C:\WINDOWS\SYSTEM32\WINMMBASE.dll [fFlags=0x0]
1783b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
1784b9b0.ad08: supR3HardenedDllNotificationCallback: load 00007ffe7f760000 LB 0x00023000 C:\WINDOWS\SYSTEM32\WINMM.dll [fFlags=0x0]
1785b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
1786b9b0.ad08: supR3HardenedDllNotificationCallback: load 00007ffe38300000 LB 0x01f3c000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll [fFlags=0x0]
1787b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
1788b9b0.ad08: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'.
1789b9b0.ad08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' [rescheduled]
1790b9b0.ad08: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\fltLib.dll'.
1791b9b0.ad08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\fltLib.dll' [rescheduled]
1792b9b0.ad08: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'.
1793b9b0.ad08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled]
1794b9b0.ad08: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'.
1795b9b0.ad08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll' [rescheduled]
1796b9b0.ad08: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'.
1797b9b0.ad08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rescheduled]
1798b9b0.ad08: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'.
1799b9b0.ad08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' [rescheduled]
1800b9b0.ad08: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'.
1801b9b0.ad08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rescheduled]
1802b9b0.ad08: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
1803b9b0.ad08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
1804b9b0.ad08: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
1805b9b0.ad08: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
1806b9b0.ad08: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
1807b9b0.ad08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
1808b9b0.ad08: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
1809b9b0.ad08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
1810b9b0.ad08: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
1811b9b0.ad08: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
1812b9b0.ad08: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
1813b9b0.ad08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
1814b9b0.ad08: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
1815b9b0.ad08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
1816b9b0.ad08: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
1817b9b0.ad08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
1818b9b0.ad08: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
1819b9b0.ad08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
1820b9b0.ad08: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
1821b9b0.ad08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
1822b9b0.ad08: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'.
1823b9b0.ad08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled]
1824b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
1825b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'fltlib.dll'...
1826b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'fltlib.dll' -> '\Device\HarddiskVolume3\Windows\System32\fltlib.dll' [rcNtRedir=0xc0150008]
1827b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\fltLib.dll [redoing WinVerifyTrust]
1828b9b0.ad08: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\fltLib.dll'.
1829b9b0.ad08: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\fltLib.dll
1830b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
1831b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
1832b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\profapi.dll
1833b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1834b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1835b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [redoing WinVerifyTrust]
1836b9b0.ad08: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
1837b9b0.ad08: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\combase.dll
1838b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1839b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1840b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1841b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1842b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1843b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1844b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1845b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1846b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1847b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1848b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1849b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1850b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [redoing WinVerifyTrust]
1851b9b0.ad08: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
1852b9b0.ad08: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\user32.dll
1853b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1854b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1855b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
1856b9b0.ad08: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
1857b9b0.ad08: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\gdi32.dll
1858b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1859b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1860b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1861b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1862b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [redoing WinVerifyTrust]
1863b9b0.ad08: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
1864b9b0.ad08: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\combase.dll
1865b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1866b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1867b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1868b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1869b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1870b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1871b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [redoing WinVerifyTrust]
1872b9b0.ad08: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
1873b9b0.ad08: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\win32u.dll
1874b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1875b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1876b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [redoing WinVerifyTrust]
1877b9b0.ad08: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
1878b9b0.ad08: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\user32.dll
1879b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1880b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1881b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
1882b9b0.ad08: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
1883b9b0.ad08: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\gdi32.dll
1884b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
1885b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
1886b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
1887b9b0.ad08: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
1888b9b0.ad08: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
1889b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1890b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe869e0000 'C:\WINDOWS\System32\kernel32.dll'
1891b9b0.ad08: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
1892b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1893b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe84930000 'api-ms-win-core-string-l1-1-0'
1894b9b0.ad08: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
1895b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1896b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe84930000 'api-ms-win-core-datetime-l1-1-1'
1897b9b0.ad08: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
1898b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1899b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe84930000 'api-ms-win-core-localization-obsolete-l1-2-0'
1900b9b0.ad08: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
1901b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
1902b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'win32u.dll'.
1903b9b0.ad08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\imm32.dll)
1904b9b0.ad08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imm32.dll
1905b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1906b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1907b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [redoing WinVerifyTrust]
1908b9b0.ad08: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
1909b9b0.ad08: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\win32u.dll
1910b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1911b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1912b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [redoing WinVerifyTrust]
1913b9b0.ad08: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
1914b9b0.ad08: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\user32.dll
1915b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
1916b9b0.ad08: supR3HardenedDllNotificationCallback: load 00007ffe86370000 LB 0x0002d000 C:\WINDOWS\System32\IMM32.DLL [fFlags=0x0]
1917b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
1918b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe86370000 'C:\WINDOWS\system32\IMM32.DLL'
1919b9b0.ad08: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
1920b9b0.ad08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rescheduled]
1921b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
1922b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1923b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe86600000 'C:\WINDOWS\System32\ADVAPI32.DLL'
1924b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe38300000 'C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll'
1925b9b0.ad08: SUPR3HardenedMain: Calling TrustedMain (00007ffe383016c0)...
1926b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
1927b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1928b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
1929b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1930b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
1931b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
1932b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
1933b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
1934b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
1935b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
1936b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
1937b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
1938b9b0.ad08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
1939b9b0.ad08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
1940b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1941b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1942b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1943b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1944b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1945b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1946b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1947b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1948b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1949b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1950b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
1951b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1952b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1953b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [redoing WinVerifyTrust]
1954b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
1955b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe852c0000 'C:\WINDOWS\System32\crypt32.dll'
1956b9b0.ad08: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll'
1957b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1958b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1959b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
1960b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1961b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1962b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
1963b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
1964b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
1965b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [redoing WinVerifyTrust]
1966b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
1967b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe852c0000 'C:\WINDOWS\System32\crypt32.dll'
1968b9b0.ad08: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll'
1969b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1970b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1971b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [redoing WinVerifyTrust]
1972b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
1973b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe852c0000 'C:\WINDOWS\System32\crypt32.dll'
1974b9b0.ad08: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\user32.dll'
1975b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1976b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1977b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
1978b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1979b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1980b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
1981b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
1982b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe852c0000 'C:\WINDOWS\System32\crypt32.dll'
1983b9b0.ad08: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'
1984b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1985b9b0.ad08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
1986b9b0.ad08: supR3HardenedDllNotificationCallback: load 00007ffe5d510000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
1987b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
1988b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe5d510000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
1989b9b0.ad08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000048c pwszName=\Device\HarddiskVolume3\Windows\System32\uxtheme.dll
1990b9b0.ad08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000013aee10
1991b9b0.ad08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000013aee10
1992b9b0.ad08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=15C67EA66CCB2DD0FE18A5AB58A7BA1C113BBA6A
1993b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
1994b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe852c0000 'C:\WINDOWS\System32\crypt32.dll'
1995b9b0.ad08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00115~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\uxtheme.dll'
1996b9b0.ad08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1997b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1998b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
1999b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'user32.dll'.
2000b9b0.ad08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\uxtheme.dll) WinVerifyTrust
2001b9b0.ad08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
2002b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2003b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2004b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2005b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2006b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2007b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2008b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2009b9b0.ad08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
2010b9b0.ad08: supR3HardenedDllNotificationCallback: load 00007ffe828d0000 LB 0x00098000 C:\WINDOWS\system32\uxtheme.dll [fFlags=0x0]
2011b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
2012b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe828d0000 'C:\WINDOWS\system32\uxtheme.dll'
2013b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe86850000 'C:\WINDOWS\system32\user32.dll'
2014b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
2015b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2016b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe86bb0000 'C:\WINDOWS\system32\shell32.dll'
2017b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll [redoing WinVerifyTrust]
2018b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
2019b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe852c0000 'C:\WINDOWS\System32\crypt32.dll'
2020b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'
2021b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\SHCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2022b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe85630000 'C:\WINDOWS\system32\SHCore.dll'
2023b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll; rcNtGetDll=0x0
2024b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\system32\wintab32.dll'
2025b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2026b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'win32u.dll'.
2027b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'user32.dll'.
2028b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'gdi32.dll'.
2029b9b0.ad08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dwmapi.dll)
2030b9b0.ad08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dwmapi.dll
2031b9b0.ad08: supR3HardenedDllNotificationCallback: load 00007ffe829a0000 LB 0x00029000 C:\WINDOWS\system32\dwmapi.dll [fFlags=0x0]
2032b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
2033b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2034b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2035b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2036b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2037b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
2038b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
2039b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
2040b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
2041b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2042b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2043b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
2044b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe852c0000 'C:\WINDOWS\System32\crypt32.dll'
2045b9b0.ad08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dwmapi.dll'
2046b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
2047b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2048b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe7f760000 'C:\WINDOWS\system32\winmm.dll'
2049b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
2050b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2051b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe7f760000 'C:\WINDOWS\system32\winmm.dll'
2052b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
2053b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2054b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe86bb0000 'C:\WINDOWS\system32\shell32.dll'
2055b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
2056b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2057b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe828d0000 'C:\WINDOWS\system32\uxtheme.dll'
2058b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
2059b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2060b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe86600000 'C:\WINDOWS\system32\advapi32.dll'
2061b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
2062b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe852c0000 'C:\WINDOWS\System32\crypt32.dll'
2063b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
2064b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'profapi.dll'.
2065b9b0.ad08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\userenv.dll) WinVerifyTrust
2066b9b0.ad08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\userenv.dll
2067b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
2068b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
2069b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\profapi.dll
2070b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2071b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2072b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2073b9b0.ad08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll
2074b9b0.ad08: supR3HardenedDllNotificationCallback: load 00007ffe84230000 LB 0x00028000 C:\WINDOWS\system32\userenv.dll [fFlags=0x0]
2075b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll
2076b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe84230000 'C:\WINDOWS\system32\userenv.dll'
2077b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
2078b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2079b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe869e0000 'C:\WINDOWS\System32\kernel32.dll'
2080b9b0.ad08: supR3HardenedDllNotificationCallback: load 00007ffe86b10000 LB 0x000a0000 C:\WINDOWS\System32\clbcatq.dll [fFlags=0x0]
2081b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2082b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'rpcrt4.dll'.
2083b9b0.ad08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\clbcatq.dll)
2084b9b0.ad08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\clbcatq.dll
2085b9b0.ba78: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2086b9b0.ba78: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2087b9b0.ba78: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
2088b9b0.ba78: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2089b9b0.ba78: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2090b9b0.ba78: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
2091b9b0.ba78: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
2092b9b0.ba78: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe852c0000 'C:\WINDOWS\System32\crypt32.dll'
2093b9b0.ba78: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\clbcatq.dll'
2094b9b0.ba78: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
2095b9b0.ba78: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2096b9b0.ba78: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2097b9b0.ba78: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2098b9b0.ba78: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
2099b9b0.ba78: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
2100b9b0.ba78: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
2101b9b0.ba78: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
2102b9b0.ba78: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
2103b9b0.ba78: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2104b9b0.ba78: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2105b9b0.ba78: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
2106b9b0.ba78: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2107b9b0.ba78: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2108b9b0.ba78: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
2109b9b0.ba78: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2110b9b0.ba78: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2111b9b0.ba78: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
2112b9b0.ba78: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2113b9b0.ba78: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2114b9b0.ba78: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2115b9b0.ba78: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2116b9b0.ba78: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
2117b9b0.ba78: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2118b9b0.ba78: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2119b9b0.ba78: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2120b9b0.ba78: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
2121b9b0.ba78: supR3HardenedDllNotificationCallback: load 00007ffe4f210000 LB 0x003a1000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
2122b9b0.ba78: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
2123b9b0.ba78: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4f210000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
2124b9b0.ba78: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
2125b9b0.ba78: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2126b9b0.ba78: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2127b9b0.ba78: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
2128b9b0.ba78: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
2129b9b0.ba78: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
2130b9b0.ba78: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
2131b9b0.ba78: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
2132b9b0.ba78: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
2133b9b0.ba78: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
2134b9b0.ba78: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2135b9b0.ba78: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2136b9b0.ba78: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2137b9b0.ba78: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2138b9b0.ba78: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
2139b9b0.ba78: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2140b9b0.ba78: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2141b9b0.ba78: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
2142b9b0.ba78: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
2143b9b0.ba78: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
2144b9b0.ba78: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll [redoing WinVerifyTrust]
2145b9b0.ba78: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
2146b9b0.ba78: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe852c0000 'C:\WINDOWS\System32\crypt32.dll'
2147b9b0.ba78: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'
2148b9b0.ba78: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2149b9b0.ba78: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2150b9b0.ba78: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
2151b9b0.ba78: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2152b9b0.ba78: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2153b9b0.ba78: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2154b9b0.ba78: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2155b9b0.ba78: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2156b9b0.ba78: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
2157b9b0.ba78: supR3HardenedDllNotificationCallback: load 00007ffe5cc20000 LB 0x000d4000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
2158b9b0.ba78: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
2159b9b0.ba78: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe5cc20000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
2160b9b0.ba78: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
2161b9b0.ba78: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2162b9b0.ba78: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe85d60000 'C:\Windows\System32\oleaut32.dll'
2163b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe855a0000 'C:\WINDOWS\system32\gdi32.dll'
2164b9b0.a63c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
2165b9b0.a63c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
2166b9b0.a63c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
2167b9b0.a63c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2168b9b0.a63c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2169b9b0.a63c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll) WinVerifyTrust
2170b9b0.a63c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
2171b9b0.a63c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2172b9b0.a63c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2173b9b0.a63c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2174b9b0.a63c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2175b9b0.a63c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2176b9b0.a63c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
2177b9b0.a63c: supR3HardenedDllNotificationCallback: load 00007ffe7e690000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL [fFlags=0x0]
2178b9b0.a63c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
2179b9b0.a63c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe7e690000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL'
2180b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
2181b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2182b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe86bb0000 'C:\WINDOWS\system32\shell32.dll'
2183b9b0.ad08: supR3HardenedDllNotificationCallback: load 00007ffe85e40000 LB 0x00173000 C:\WINDOWS\System32\MSCTF.dll [fFlags=0x0]
2184b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2185b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'oleaut32.dll'.
2186b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'user32.dll'.
2187b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'gdi32.dll'.
2188b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'imm32.dll'.
2189b9b0.ad08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msctf.dll)
2190b9b0.ad08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msctf.dll
2191b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
2192b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
2193b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll
2194b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2195b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2196b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2197b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2198b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2199b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2200b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
2201b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2202b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2203b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
2204b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe852c0000 'C:\WINDOWS\System32\crypt32.dll'
2205b9b0.ad08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msctf.dll'
2206b9b0.ad08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009d0 pwszName=\Device\HarddiskVolume3\Windows\System32\DataExchange.dll
2207b9b0.ad08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000013aee10
2208b9b0.ad08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000013aee10
2209b9b0.ad08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=07B480615AD13C4A3DD6B7A2F86ED35195B9CA49
2210b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
2211b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe852c0000 'C:\WINDOWS\System32\crypt32.dll'
2212b9b0.ad08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0010~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\DataExchange.dll'
2213b9b0.ad08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2214b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2215b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shcore.dll'.
2216b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'combase.dll'.
2217b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'd3d11.dll'.
2218b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'dcomp.dll'.
2219b9b0.ad08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\DataExchange.dll) WinVerifyTrust
2220b9b0.ad08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\DataExchange.dll
2221b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'...
2222b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume3\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008]
2223b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
2224b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe852c0000 'C:\WINDOWS\System32\crypt32.dll'
2225b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
2226b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp_win.dll'.
2227b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'oleaut32.dll'.
2228b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'dxgi.dll'.
2229b9b0.ad08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dcomp.dll) WinVerifyTrust
2230b9b0.ad08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dcomp.dll
2231b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
2232b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume3\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
2233b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
2234b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
2235b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume3\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
2236b9b0.ad08: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\dxgi.dll'.
2237b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2238b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'win32u.dll'.
2239b9b0.ad08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dxgi.dll)
2240b9b0.ad08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dxgi.dll
2241b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2242b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2243b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
2244b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
2245b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
2246b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust]
2247b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
2248b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
2249b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
2250b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
2251b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
2252b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
2253b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2254b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2255b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2256b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
2257b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe852c0000 'C:\WINDOWS\System32\crypt32.dll'
2258b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2259b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'dxgi.dll'.
2260b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'win32u.dll'.
2261b9b0.ad08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\d3d11.dll) WinVerifyTrust
2262b9b0.ad08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\d3d11.dll
2263b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
2264b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
2265b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [redoing WinVerifyTrust]
2266b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
2267b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
2268b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
2269b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
2270b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume3\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
2271b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dxgi.dll [lacks WinVerifyTrust]
2272b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2273b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2274b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
2275b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe852c0000 'C:\WINDOWS\System32\crypt32.dll'
2276b9b0.ad08: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\combase.dll'
2277b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
2278b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume3\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
2279b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll
2280b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2281b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2282b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2283b9b0.ad08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DataExchange.dll
2284b9b0.ad08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d11.dll
2285b9b0.ad08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dcomp.dll
2286b9b0.ad08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
2287b9b0.ad08: supR3HardenedDllNotificationCallback: load 00007ffe830f0000 LB 0x000bb000 C:\WINDOWS\system32\dxgi.dll [fFlags=0x0]
2288b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
2289b9b0.ad08: supR3HardenedDllNotificationCallback: load 00007ffe80fe0000 LB 0x0030b000 C:\WINDOWS\system32\d3d11.dll [fFlags=0x0]
2290b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d11.dll
2291b9b0.ad08: supR3HardenedDllNotificationCallback: load 00007ffe81720000 LB 0x0019c000 C:\WINDOWS\system32\dcomp.dll [fFlags=0x0]
2292b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dcomp.dll
2293b9b0.ad08: supR3HardenedDllNotificationCallback: load 00007ffe5d3e0000 LB 0x00058000 C:\WINDOWS\system32\dataexchange.dll [fFlags=0x0]
2294b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DataExchange.dll
2295b9b0.ad08: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\dxgi.dll'.
2296b9b0.ad08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\dxgi.dll' [rescheduled]
2297b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll
2298b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2299b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe855a0000 'C:\WINDOWS\System32\gdi32.dll'
2300b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe5d3e0000 'C:\WINDOWS\system32\dataexchange.dll'
2301b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2302b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rmclient.dll'.
2303b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
2304b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'combase.dll'.
2305b9b0.ad08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll)
2306b9b0.ad08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll
2307b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2308b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
2309b9b0.ad08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rmclient.dll)
2310b9b0.ad08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rmclient.dll
2311b9b0.ad08: supR3HardenedDllNotificationCallback: load 00007ffe82a80000 LB 0x00029000 C:\WINDOWS\system32\RMCLIENT.dll [fFlags=0x0]
2312b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rmclient.dll [avoiding WinVerifyTrust]
2313b9b0.ad08: supR3HardenedDllNotificationCallback: load 00007ffe82ab0000 LB 0x001b8000 C:\WINDOWS\system32\twinapi.appcore.dll [fFlags=0x0]
2314b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust]
2315b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2316b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2317b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2318b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2319b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
2320b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
2321b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll
2322b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2323b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2324b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rmclient.dll'...
2325b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'rmclient.dll' -> '\Device\HarddiskVolume3\Windows\System32\rmclient.dll' [rcNtRedir=0xc0150008]
2326b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rmclient.dll [lacks WinVerifyTrust]
2327b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2328b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2329b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
2330b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe852c0000 'C:\WINDOWS\System32\crypt32.dll'
2331b9b0.ad08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rmclient.dll'
2332b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
2333b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe852c0000 'C:\WINDOWS\System32\crypt32.dll'
2334b9b0.ad08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll'
2335b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll
2336b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Shcore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2337b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe85630000 'C:\WINDOWS\system32\Shcore.dll'
2338b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2339b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'coreuicomponents.dll'.
2340b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'coremessaging.dll'.
2341b9b0.ad08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll)
2342b9b0.ad08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll
2343b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2344b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'coremessaging.dll'.
2345b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #48 'shcore.dll'.
2346b9b0.ad08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll)
2347b9b0.ad08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll
2348b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2349b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'.
2350b9b0.ad08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll)
2351b9b0.ad08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll
2352b9b0.ad08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntmarta.dll)
2353b9b0.ad08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntmarta.dll
2354b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'combase.dll'.
2355b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
2356b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'bcryptprimitives.dll'.
2357b9b0.ad08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\WinTypes.dll)
2358b9b0.ad08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\WinTypes.dll
2359b9b0.ad08: supR3HardenedDllNotificationCallback: load 00007ffe83420000 LB 0x00031000 C:\WINDOWS\SYSTEM32\ntmarta.dll [fFlags=0x0]
2360b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntmarta.dll [avoiding WinVerifyTrust]
2361b9b0.ad08: supR3HardenedDllNotificationCallback: load 00007ffe818c0000 LB 0x000da000 C:\WINDOWS\System32\CoreMessaging.dll [fFlags=0x0]
2362b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [avoiding WinVerifyTrust]
2363b9b0.ad08: supR3HardenedDllNotificationCallback: load 00007ffe7f990000 LB 0x0014d000 C:\WINDOWS\SYSTEM32\wintypes.dll [fFlags=0x0]
2364b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust]
2365b9b0.ad08: supR3HardenedDllNotificationCallback: load 00007ffe7dc70000 LB 0x0031e000 C:\WINDOWS\System32\CoreUIComponents.dll [fFlags=0x0]
2366b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll [avoiding WinVerifyTrust]
2367b9b0.ad08: supR3HardenedDllNotificationCallback: load 00007ffe771e0000 LB 0x00096000 C:\WINDOWS\System32\TextInputFramework.dll [fFlags=0x0]
2368b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll [avoiding WinVerifyTrust]
2369b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
2370b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
2371b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
2372b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2373b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2374b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
2375b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
2376b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll
2377b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2378b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2379b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2380b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2381b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
2382b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume3\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
2383b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll
2384b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
2385b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume3\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
2386b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
2387b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2388b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2389b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
2390b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume3\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
2391b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
2392b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coreuicomponents.dll'...
2393b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'coreuicomponents.dll' -> '\Device\HarddiskVolume3\Windows\System32\coreuicomponents.dll' [rcNtRedir=0xc0150008]
2394b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll [lacks WinVerifyTrust]
2395b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2396b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2397b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
2398b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe852c0000 'C:\WINDOWS\System32\crypt32.dll'
2399b9b0.ad08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\WinTypes.dll'
2400b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
2401b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe852c0000 'C:\WINDOWS\System32\crypt32.dll'
2402b9b0.ad08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ntmarta.dll'
2403b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
2404b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe852c0000 'C:\WINDOWS\System32\crypt32.dll'
2405b9b0.ad08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll'
2406b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
2407b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe852c0000 'C:\WINDOWS\System32\crypt32.dll'
2408b9b0.ad08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll'
2409b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
2410b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe852c0000 'C:\WINDOWS\System32\crypt32.dll'
2411b9b0.ad08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll'
2412b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe85d60000 'C:\WINDOWS\System32\OLEAUT32.DLL'
2413b9b0.ad08: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll) -> 0x0, fPresent=1
2414b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2415b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe86850000 'ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll'
2416b9b0.ad08: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll) -> 0x0, fPresent=1
2417b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2418b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe86850000 'ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll'
2419b9b0.ad08: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-com-l1-1-0.dll) -> 0x0, fPresent=1
2420b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-com-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2421b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe86040000 'api-ms-win-core-com-l1-1-0.dll'
2422b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msctf.dll
2423b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2424b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe85e40000 'C:\WINDOWS\System32\MSCTF.dll'
2425b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
2426b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2427b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe86bb0000 'C:\WINDOWS\system32\shell32.dll'
2428b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe86bb0000 'C:\WINDOWS\system32\shell32.dll'
2429b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
2430b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2431b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe86400000 'C:\WINDOWS\System32\ole32.dll'
2432b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe85d60000 'C:\WINDOWS\System32\OLEAUT32.dll'
2433b9b0.ad08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ae0 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
2434b9b0.ad08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000013aee10
2435b9b0.ad08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000013aee10
2436b9b0.ad08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D49375F38056AA009353FFDCCD59474093558A8B
2437b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
2438b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe852c0000 'C:\WINDOWS\System32\crypt32.dll'
2439b9b0.ad08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll'
2440b9b0.ad08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2441b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2442b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
2443b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
2444b9b0.ad08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
2445b9b0.ad08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
2446b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
2447b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
2448b9b0.ad08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b14 pwszName=\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
2449b9b0.ad08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000013aee10
2450b9b0.ad08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000013aee10
2451b9b0.ad08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=85E1C37A6BD4306E57F09FFDB448860467295EFB
2452b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
2453b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe852c0000 'C:\WINDOWS\System32\crypt32.dll'
2454b9b0.ad08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll'
2455b9b0.ad08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2456b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2457b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'bcrypt.dll'.
2458b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'ws2_32.dll'.
2459b9b0.ad08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll) WinVerifyTrust
2460b9b0.ad08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
2461b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2462b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2463b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
2464b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2465b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2466b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2467b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2468b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
2469b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
2470b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
2471b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
2472b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2473b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2474b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2475b9b0.ad08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
2476b9b0.ad08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
2477b9b0.ad08: supR3HardenedDllNotificationCallback: load 00007ffe76c70000 LB 0x00083000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [fFlags=0x0]
2478b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
2479b9b0.ad08: supR3HardenedDllNotificationCallback: load 00007ffe76d00000 LB 0x00011000 C:\WINDOWS\system32\wbem\wbemprox.dll [fFlags=0x0]
2480b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
2481b9b0.ad08: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(API-MS-Win-Core-LocalRegistry-L1-1-0.dll) -> 0x0, fPresent=1
2482b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2483b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe84930000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
2484b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe76d00000 'C:\WINDOWS\system32\wbem\wbemprox.dll'
2485b9b0.ad08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b68 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
2486b9b0.ad08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000013aee10
2487b9b0.ad08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000013aee10
2488b9b0.ad08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=38422F12A30C69B303E7EBE427C8D87E3024ED12
2489b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
2490b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe852c0000 'C:\WINDOWS\System32\crypt32.dll'
2491b9b0.ad08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll'
2492b9b0.ad08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2493b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2494b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
2495b9b0.ad08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
2496b9b0.ad08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
2497b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2498b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2499b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2500b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2501b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2502b9b0.ad08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
2503b9b0.ad08: supR3HardenedDllNotificationCallback: load 00007ffe765a0000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [fFlags=0x0]
2504b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
2505b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe765a0000 'C:\WINDOWS\system32\wbem\wbemsvc.dll'
2506b9b0.ad08: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-0.dll) -> 0x0, fPresent=1
2507b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2508b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe84930000 'api-ms-win-core-localization-l1-2-0.dll'
2509b9b0.ad08: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-1-0.dll) -> 0x0, fPresent=1
2510b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2511b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe84930000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
2512b9b0.ad08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b7c pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
2513b9b0.ad08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000013aee10
2514b9b0.ad08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000013aee10
2515b9b0.ad08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=07493B638EF356F68BE9306C76CDBF2D22198E5A
2516b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
2517b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe852c0000 'C:\WINDOWS\System32\crypt32.dll'
2518b9b0.ad08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll'
2519b9b0.ad08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2520b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2521b9b0.ad08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'wbemcomn.dll'.
2522b9b0.ad08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
2523b9b0.ad08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
2524b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
2525b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
2526b9b0.ad08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
2527b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2528b9b0.ad08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2529b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2530b9b0.ad08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
2531b9b0.ad08: supR3HardenedDllNotificationCallback: load 00007ffe765c0000 LB 0x000f2000 C:\WINDOWS\system32\wbem\fastprox.dll [fFlags=0x0]
2532b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
2533b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe765c0000 'C:\WINDOWS\system32\wbem\fastprox.dll'
2534b9b0.b6b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
2535b9b0.b6b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2536b9b0.b6b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
2537b9b0.b6b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2538b9b0.b6b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
2539b9b0.b6b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2540b9b0.b6b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2541b9b0.b6b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2542b9b0.b6b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
2543b9b0.b6b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
2544b9b0.b6b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
2545b9b0.b6b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
2546b9b0.b6b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2547b9b0.b6b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
2548b9b0.b6b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
2549b9b0.b6b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll
2550b9b0.b6b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2551b9b0.b6b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2552b9b0.b6b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2553b9b0.b6b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2554b9b0.b6b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2555b9b0.b6b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2556b9b0.b6b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2557b9b0.b6b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2558b9b0.b6b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2559b9b0.b6b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2560b9b0.b6b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2561b9b0.b6b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll
2562b9b0.b6b4: supR3HardenedDllNotificationCallback: load 0000000068ba0000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
2563b9b0.b6b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll
2564b9b0.b6b4: supR3HardenedDllNotificationCallback: load 00007ffe47f50000 LB 0x00330000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
2565b9b0.b6b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2566b9b0.b6b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe47f50000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
2567b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
2568b9b0.b690: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
2569b9b0.b690: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2570b9b0.b690: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2571b9b0.b690: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2572b9b0.b690: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2573b9b0.b690: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
2574b9b0.b690: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2575b9b0.b690: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2576b9b0.b690: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2577b9b0.b690: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2578b9b0.b690: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2579b9b0.b690: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2580b9b0.b690: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2581b9b0.b690: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2582b9b0.b690: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2583b9b0.b690: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2584b9b0.b690: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2585b9b0.b690: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2586b9b0.b690: supR3HardenedDllNotificationCallback: load 00007ffe7e440000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
2587b9b0.b690: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2588b9b0.b690: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe7e440000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
2589b9b0.b690: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe86850000 'C:\WINDOWS\system32\User32.dll'
2590b9b0.b56c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
2591b9b0.b56c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2592b9b0.b56c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2593b9b0.b56c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2594b9b0.b56c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
2595b9b0.b56c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2596b9b0.b56c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2597b9b0.b56c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2598b9b0.b56c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2599b9b0.b56c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2600b9b0.b56c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2601b9b0.b56c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2602b9b0.b56c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
2603b9b0.b56c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2604b9b0.b56c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2605b9b0.b56c: supR3HardenedDllNotificationCallback: load 00007ffe7d7f0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
2606b9b0.b56c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2607b9b0.b56c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe7d7f0000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
2608b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe86bb0000 'C:\WINDOWS\system32\Shell32.dll'
2609b9b0.b688: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2610b9b0.b688: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2611b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe47f50000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
2612b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
2613b9b0.b688: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2614b9b0.b688: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2615b9b0.b688: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2616b9b0.b688: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
2617b9b0.b688: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
2618b9b0.b688: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll) WinVerifyTrust
2619b9b0.b688: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2620b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2621b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2622b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2623b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2624b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2625b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2626b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2627b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2628b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2629b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2630b9b0.b688: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2631b9b0.b688: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2632b9b0.b688: supR3HardenedDllNotificationCallback: load 00007ffe587d0000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
2633b9b0.b688: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2634b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe587d0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
2635b9b0.b688: supR3HardenedDllNotificationCallback: Unload 00007ffe587d0000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
2636b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
2637b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
2638b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
2639b9b0.b688: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2640b9b0.b688: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2641b9b0.b688: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2642b9b0.b688: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
2643b9b0.b688: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
2644b9b0.b688: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
2645b9b0.b688: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
2646b9b0.b688: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
2647b9b0.b688: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
2648b9b0.b688: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
2649b9b0.b688: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
2650b9b0.b688: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
2651b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
2652b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
2653b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
2654b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe852c0000 'C:\WINDOWS\System32\crypt32.dll'
2655b9b0.b688: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
2656b9b0.b688: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
2657b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2658b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2659b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2660b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2661b9b0.b688: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
2662b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2663b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2664b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
2665b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe852c0000 'C:\WINDOWS\System32\crypt32.dll'
2666b9b0.b688: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2667b9b0.b688: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'rpcrt4.dll'.
2668b9b0.b688: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'cfgmgr32.dll'.
2669b9b0.b688: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\setupapi.dll) WinVerifyTrust
2670b9b0.b688: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\setupapi.dll
2671b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2672b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2673b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
2674b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
2675b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
2676b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
2677b9b0.b688: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust]
2678b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2679b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2680b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2681b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2682b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
2683b9b0.b688: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2684b9b0.b688: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2685b9b0.b688: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
2686b9b0.b688: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2687b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
2688b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
2689b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2690b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2691b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2692b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2693b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
2694b9b0.b688: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2695b9b0.b688: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2696b9b0.b688: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2697b9b0.b688: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
2698b9b0.b688: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
2699b9b0.b688: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
2700b9b0.b688: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2701b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2702b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2703b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2704b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2705b9b0.b688: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2706b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2707b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2708b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2709b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2710b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2711b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2712b9b0.b688: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
2713b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2714b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2715b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2716b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2717b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2718b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2719b9b0.b688: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2720b9b0.b688: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
2721b9b0.b688: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2722b9b0.b688: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2723b9b0.b688: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
2724b9b0.b688: supR3HardenedDllNotificationCallback: load 00007ffe85910000 LB 0x0044b000 C:\WINDOWS\System32\SETUPAPI.dll [fFlags=0x0]
2725b9b0.b688: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
2726b9b0.b688: supR3HardenedDllNotificationCallback: load 00007ffe657f0000 LB 0x00063000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
2727b9b0.b688: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2728b9b0.b688: supR3HardenedDllNotificationCallback: load 00007ffe587c0000 LB 0x0005c000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
2729b9b0.b688: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2730b9b0.b688: supR3HardenedDllNotificationCallback: load 00007ffe83930000 LB 0x00038000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
2731b9b0.b688: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
2732b9b0.b688: supR3HardenedDllNotificationCallback: load 00007ffe2d6e0000 LB 0x009d7000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
2733b9b0.b688: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
2734b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe2d6e0000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
2735b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
2736b9b0.b688: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2737b9b0.b688: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2738b9b0.b688: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2739b9b0.b688: supR3HardenedDllNotificationCallback: load 00007ffe58770000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
2740b9b0.b688: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2741b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe58770000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
2742b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
2743b9b0.b688: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
2744b9b0.b688: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2745b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4f210000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
2746b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
2747b9b0.b688: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2748b9b0.b688: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2749b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe587c0000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
2750b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
2751b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
2752b9b0.b688: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2753b9b0.b688: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2754b9b0.b688: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll) WinVerifyTrust
2755b9b0.b688: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
2756b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2757b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2758b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2759b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2760b9b0.b688: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2761b9b0.b688: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
2762b9b0.b688: supR3HardenedDllNotificationCallback: load 00007ffe6fbd0000 LB 0x0001e000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [fFlags=0x0]
2763b9b0.b688: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
2764b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe6fbd0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL'
2765b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
2766b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
2767b9b0.b688: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2768b9b0.b688: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2769b9b0.b688: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll) WinVerifyTrust
2770b9b0.b688: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
2771b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2772b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2773b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2774b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2775b9b0.b688: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2776b9b0.b688: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
2777b9b0.b688: supR3HardenedDllNotificationCallback: load 00007ffe6fbb0000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL [fFlags=0x0]
2778b9b0.b688: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
2779b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe6fbb0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL'
2780b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
2781b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
2782b9b0.b688: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2783b9b0.b688: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2784b9b0.b688: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll) WinVerifyTrust
2785b9b0.b688: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
2786b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2787b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2788b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2789b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2790b9b0.b688: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2791b9b0.b688: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
2792b9b0.b688: supR3HardenedDllNotificationCallback: load 00007ffe6b190000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [fFlags=0x0]
2793b9b0.b688: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
2794b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe6b190000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL'
2795b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
2796b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
2797b9b0.b688: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2798b9b0.b688: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2799b9b0.b688: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll) WinVerifyTrust
2800b9b0.b688: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
2801b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2802b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2803b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2804b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2805b9b0.b688: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2806b9b0.b688: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
2807b9b0.b688: supR3HardenedDllNotificationCallback: load 00007ffe6a920000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [fFlags=0x0]
2808b9b0.b688: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
2809b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe6a920000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL'
2810b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
2811b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
2812b9b0.ba90: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
2813b9b0.ba90: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2814b9b0.ba90: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2815b9b0.ba90: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2816b9b0.ba90: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
2817b9b0.ba90: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2818b9b0.ba90: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2819b9b0.ba90: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2820b9b0.ba90: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2821b9b0.ba90: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2822b9b0.ba90: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2823b9b0.ba90: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2824b9b0.ba90: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2825b9b0.ba90: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2826b9b0.ba90: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2827b9b0.ba90: supR3HardenedDllNotificationCallback: load 00007ffe6a080000 LB 0x00012000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
2828b9b0.ba90: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2829b9b0.ba90: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe6a080000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
2830b9b0.af44: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
2831b9b0.af44: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2832b9b0.af44: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2833b9b0.af44: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
2834b9b0.af44: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
2835b9b0.af44: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
2836b9b0.af44: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2837b9b0.af44: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2838b9b0.af44: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2839b9b0.af44: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2840b9b0.af44: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2841b9b0.af44: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2842b9b0.af44: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2843b9b0.af44: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2844b9b0.af44: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2845b9b0.af44: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2846b9b0.af44: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2847b9b0.af44: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2848b9b0.af44: supR3HardenedDllNotificationCallback: load 00007ffe76a50000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
2849b9b0.af44: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2850b9b0.af44: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe76a50000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
2851b9b0.b790: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
2852b9b0.b790: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2853b9b0.b790: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2854b9b0.b790: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2855b9b0.b790: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
2856b9b0.b790: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2857b9b0.b790: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2858b9b0.b790: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2859b9b0.b790: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2860b9b0.b790: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2861b9b0.b790: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2862b9b0.b790: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2863b9b0.b790: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2864b9b0.b790: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2865b9b0.b790: supR3HardenedDllNotificationCallback: load 00007ffe76880000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
2866b9b0.b790: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2867b9b0.b790: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe76880000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
2868b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
2869b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
2870b9b0.b688: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2871b9b0.b688: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2872b9b0.b688: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll) WinVerifyTrust
2873b9b0.b688: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
2874b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2875b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2876b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2877b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2878b9b0.b688: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2879b9b0.b688: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
2880b9b0.b688: supR3HardenedDllNotificationCallback: load 00007ffe7f370000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL [fFlags=0x0]
2881b9b0.b688: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
2882b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe7f370000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL'
2883b9b0.b688: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
2884b9b0.b688: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2885b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83930000 'C:\WINDOWS\system32\Iphlpapi.dll'
2886b9b0.b688: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
2887b9b0.b688: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'nsi.dll'.
2888b9b0.b688: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winnsi.dll)
2889b9b0.b688: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winnsi.dll
2890b9b0.b688: supR3HardenedDllNotificationCallback: load 00007ffe85fc0000 LB 0x00008000 C:\WINDOWS\System32\NSI.dll [fFlags=0x0]
2891b9b0.b688: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\nsi.dll)
2892b9b0.b688: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\nsi.dll
2893b9b0.b688: supR3HardenedDllNotificationCallback: load 00007ffe7fd90000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\WINNSI.DLL [fFlags=0x0]
2894b9b0.b688: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winnsi.dll [avoiding WinVerifyTrust]
2895b9b0.b688: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
2896b9b0.b688: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll)
2897b9b0.b688: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll
2898b9b0.b688: supR3HardenedDllNotificationCallback: load 00007ffe7f690000 LB 0x00016000 C:\WINDOWS\SYSTEM32\dhcpcsvc6.DLL [fFlags=0x0]
2899b9b0.b688: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll [avoiding WinVerifyTrust]
2900b9b0.b688: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
2901b9b0.b688: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
2902b9b0.b688: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'nsi.dll'.
2903b9b0.b688: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll)
2904b9b0.b688: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll
2905b9b0.b688: supR3HardenedDllNotificationCallback: load 00007ffe7f5d0000 LB 0x0001a000 C:\WINDOWS\SYSTEM32\dhcpcsvc.DLL [fFlags=0x0]
2906b9b0.b688: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll [avoiding WinVerifyTrust]
2907b9b0.b688: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ea0 pwszName=\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll
2908b9b0.b688: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000013aee10
2909b9b0.b688: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000013aee10
2910b9b0.b688: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9F7955EB983A0B99F7EADAA9D82F084658BFF7D9
2911b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2912b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2913b9b0.b688: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll [lacks WinVerifyTrust]
2914b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2915b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2916b9b0.b688: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
2917b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2918b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2919b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2920b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2921b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2922b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2923b9b0.b688: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll [lacks WinVerifyTrust]
2924b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2925b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2926b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
2927b9b0.b688: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
2928b9b0.b688: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2929b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe852c0000 'C:\WINDOWS\System32\crypt32.dll'
2930b9b0.b688: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0015~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll'
2931b9b0.b688: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2932b9b0.b688: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll'
2933b9b0.b688: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e60 pwszName=\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll
2934b9b0.b688: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000013aee10
2935b9b0.b688: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000013aee10
2936b9b0.b688: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D65F2124F64B53555EFB8BC0D52BFD144939BAA4
2937b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
2938b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe852c0000 'C:\WINDOWS\System32\crypt32.dll'
2939b9b0.b688: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0015~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll'
2940b9b0.b688: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2941b9b0.b688: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll'
2942b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
2943b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe852c0000 'C:\WINDOWS\System32\crypt32.dll'
2944b9b0.b688: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\nsi.dll'
2945b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
2946b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe852c0000 'C:\WINDOWS\System32\crypt32.dll'
2947b9b0.b688: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\winnsi.dll'
2948b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
2949b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe852c0000 'C:\WINDOWS\System32\crypt32.dll'
2950b9b0.b688: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
2951b9b0.b688: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'devobj.dll'.
2952b9b0.b688: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'propsys.dll'.
2953b9b0.b688: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll) WinVerifyTrust
2954b9b0.b688: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
2955b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
2956b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume3\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
2957b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
2958b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe852c0000 'C:\WINDOWS\System32\crypt32.dll'
2959b9b0.b688: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2960b9b0.b688: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'oleaut32.dll'.
2961b9b0.b688: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'rpcrt4.dll'.
2962b9b0.b688: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\propsys.dll) WinVerifyTrust
2963b9b0.b688: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\propsys.dll
2964b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
2965b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume3\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
2966b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2967b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2968b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2969b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2970b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2971b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2972b9b0.b688: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
2973b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
2974b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe852c0000 'C:\WINDOWS\System32\crypt32.dll'
2975b9b0.b688: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'cfgmgr32.dll'.
2976b9b0.b688: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\devobj.dll) WinVerifyTrust
2977b9b0.b688: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\devobj.dll
2978b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2979b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2980b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
2981b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
2982b9b0.b688: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll [redoing WinVerifyTrust]
2983b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
2984b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe852c0000 'C:\WINDOWS\System32\crypt32.dll'
2985b9b0.b688: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'
2986b9b0.b688: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2987b9b0.b688: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
2988b9b0.b688: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devobj.dll
2989b9b0.b688: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\propsys.dll
2990b9b0.b688: supR3HardenedDllNotificationCallback: load 00007ffe84140000 LB 0x00027000 C:\WINDOWS\System32\DEVOBJ.dll [fFlags=0x0]
2991b9b0.b688: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devobj.dll
2992b9b0.b688: supR3HardenedDllNotificationCallback: load 00007ffe7fed0000 LB 0x001b4000 C:\WINDOWS\System32\PROPSYS.dll [fFlags=0x0]
2993b9b0.b688: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\propsys.dll
2994b9b0.b688: supR3HardenedDllNotificationCallback: load 00007ffe7c010000 LB 0x00076000 C:\WINDOWS\System32\MMDevApi.dll [fFlags=0x0]
2995b9b0.b688: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
2996b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe7c010000 'C:\WINDOWS\System32\MMDevApi.dll'
2997b9b0.b688: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000100c pwszName=\Device\HarddiskVolume3\Windows\System32\dsound.dll
2998b9b0.b688: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000013aee10
2999b9b0.b688: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000013aee10
3000b9b0.b688: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5473BCFF580489A320314B844E6D3DC42BA47DE8
3001b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
3002b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe852c0000 'C:\WINDOWS\System32\crypt32.dll'
3003b9b0.b688: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\dsound.dll'
3004b9b0.b688: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3005b9b0.b688: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3006b9b0.b688: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'winmm.dll'.
3007b9b0.b688: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dsound.dll) WinVerifyTrust
3008b9b0.b688: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dsound.dll
3009b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
3010b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
3011b9b0.b688: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
3012b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3013b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3014b9b0.b688: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
3015b9b0.b688: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
3016b9b0.b688: supR3HardenedDllNotificationCallback: load 00007ffe562f0000 LB 0x0008f000 C:\WINDOWS\System32\dsound.dll [fFlags=0x0]
3017b9b0.b688: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
3018b9b0.b688: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
3019b9b0.b688: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3020b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe562f0000 'C:\WINDOWS\System32\dsound.dll'
3021b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe562f0000 'C:\WINDOWS\System32\dsound.dll'
3022b9b0.b688: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
3023b9b0.b688: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3024b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe562f0000 'C:\WINDOWS\system32\dsound.dll'
3025b9b0.b688: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
3026b9b0.b688: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3027b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe7c010000 'C:\WINDOWS\System32\MMDEVAPI.DLL'
3028b9b0.b688: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
3029b9b0.b688: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3030b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe7f760000 'C:\WINDOWS\System32\winmm.dll'
3031b9b0.b688: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001030 pwszName=\Device\HarddiskVolume3\Windows\System32\wdmaud.drv
3032b9b0.b688: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000013aee10
3033b9b0.b688: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000013aee10
3034b9b0.b688: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=177AADB38B3BB8D75072CC704861E1B81617F092
3035b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
3036b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe852c0000 'C:\WINDOWS\System32\crypt32.dll'
3037b9b0.b688: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\wdmaud.drv'
3038b9b0.b688: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3039b9b0.b688: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3040b9b0.b688: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'mmdevapi.dll'.
3041b9b0.b688: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'ksuser.dll'.
3042b9b0.b688: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'avrt.dll'.
3043b9b0.b688: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wdmaud.drv) WinVerifyTrust
3044b9b0.b688: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
3045b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
3046b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
3047b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
3048b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe852c0000 'C:\WINDOWS\System32\crypt32.dll'
3049b9b0.b688: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\avrt.dll) WinVerifyTrust
3050b9b0.b688: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\avrt.dll
3051b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
3052b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume3\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
3053b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
3054b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe852c0000 'C:\WINDOWS\System32\crypt32.dll'
3055b9b0.b688: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3056b9b0.b688: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ksuser.dll) WinVerifyTrust
3057b9b0.b688: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ksuser.dll
3058b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
3059b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
3060b9b0.b688: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
3061b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3062b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3063b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3064b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3065b9b0.b688: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3066b9b0.b688: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
3067b9b0.b688: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ksuser.dll
3068b9b0.b688: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\avrt.dll
3069b9b0.b688: supR3HardenedDllNotificationCallback: load 00007ffe6d6e0000 LB 0x00009000 C:\WINDOWS\SYSTEM32\ksuser.dll [fFlags=0x0]
3070b9b0.b688: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ksuser.dll
3071b9b0.b688: supR3HardenedDllNotificationCallback: load 00007ffe7f1d0000 LB 0x0000a000 C:\WINDOWS\SYSTEM32\AVRT.dll [fFlags=0x0]
3072b9b0.b688: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\avrt.dll
3073b9b0.b688: supR3HardenedDllNotificationCallback: load 00007ffe436b0000 LB 0x00044000 C:\WINDOWS\System32\wdmaud.drv [fFlags=0x0]
3074b9b0.b688: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
3075b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe436b0000 'C:\WINDOWS\System32\wdmaud.drv'
3076b9b0.b688: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
3077b9b0.b688: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3078b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe436b0000 'C:\WINDOWS\System32\wdmaud.drv'
3079b9b0.b688: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
3080b9b0.b688: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3081b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe436b0000 'C:\WINDOWS\System32\wdmaud.drv'
3082b9b0.b688: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
3083b9b0.b688: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3084b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe436b0000 'C:\WINDOWS\System32\wdmaud.drv'
3085b9b0.b688: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
3086b9b0.b688: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3087b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe436b0000 'C:\WINDOWS\System32\wdmaud.drv'
3088b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
3089b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe852c0000 'C:\WINDOWS\System32\crypt32.dll'
3090b9b0.b688: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
3091b9b0.b688: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
3092b9b0.b688: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'.
3093b9b0.b688: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #55 'mmdevapi.dll'.
3094b9b0.b688: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #56 'avrt.dll'.
3095b9b0.b688: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\AudioSes.dll) WinVerifyTrust
3096b9b0.b688: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\AudioSes.dll
3097b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
3098b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
3099b9b0.b688: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\avrt.dll
3100b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
3101b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
3102b9b0.b688: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
3103b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
3104b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
3105b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3106b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3107b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
3108b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
3109b9b0.b688: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
3110b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
3111b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe852c0000 'C:\WINDOWS\System32\crypt32.dll'
3112b9b0.b688: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'
3113b9b0.b688: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3114b9b0.b688: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\AudioSes.dll
3115b9b0.b688: supR3HardenedDllNotificationCallback: load 00007ffe68790000 LB 0x0012c000 C:\WINDOWS\System32\AUDIOSES.DLL [fFlags=0x0]
3116b9b0.b688: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\AudioSes.dll
3117b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe68790000 'C:\WINDOWS\System32\AUDIOSES.DLL'
3118b9b0.b688: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
3119b9b0.b688: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3120b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe436b0000 'C:\WINDOWS\System32\wdmaud.drv'
3121b9b0.b688: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
3122b9b0.b688: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3123b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe436b0000 'C:\WINDOWS\System32\wdmaud.drv'
3124b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe436b0000 'C:\WINDOWS\System32\wdmaud.drv'
3125b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe436b0000 'C:\WINDOWS\System32\wdmaud.drv'
3126b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe436b0000 'C:\WINDOWS\System32\wdmaud.drv'
3127b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe436b0000 'C:\WINDOWS\System32\wdmaud.drv'
3128b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe436b0000 'C:\WINDOWS\System32\wdmaud.drv'
3129b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe436b0000 'C:\WINDOWS\System32\wdmaud.drv'
3130b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe436b0000 'C:\WINDOWS\System32\wdmaud.drv'
3131b9b0.b688: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ea4 pwszName=\Device\HarddiskVolume3\Windows\System32\msacm32.drv
3132b9b0.b688: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000013aee10
3133b9b0.b688: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000013aee10
3134b9b0.b688: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7886E1CCA739C1E5ED73D45A3FBDDF8A54FC7C0F
3135b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
3136b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe852c0000 'C:\WINDOWS\System32\crypt32.dll'
3137b9b0.b688: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\msacm32.drv'
3138b9b0.b688: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3139b9b0.b688: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3140b9b0.b688: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'mmdevapi.dll'.
3141b9b0.b688: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'msacm32.dll'.
3142b9b0.b688: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'winmmbase.dll'.
3143b9b0.b688: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msacm32.drv) WinVerifyTrust
3144b9b0.b688: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msacm32.drv
3145b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
3146b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
3147b9b0.b688: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmmbase.dll [redoing WinVerifyTrust]
3148b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
3149b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe852c0000 'C:\WINDOWS\System32\crypt32.dll'
3150b9b0.b688: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'
3151b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
3152b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
3153b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
3154b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe852c0000 'C:\WINDOWS\System32\crypt32.dll'
3155b9b0.b688: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3156b9b0.b688: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msacm32.dll) WinVerifyTrust
3157b9b0.b688: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msacm32.dll
3158b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
3159b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
3160b9b0.b688: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
3161b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3162b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3163b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3164b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3165b9b0.b688: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3166b9b0.b688: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
3167b9b0.b688: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.dll
3168b9b0.b688: supR3HardenedDllNotificationCallback: load 00007ffe43fc0000 LB 0x0001c000 C:\WINDOWS\SYSTEM32\MSACM32.dll [fFlags=0x0]
3169b9b0.b688: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.dll
3170b9b0.b688: supR3HardenedDllNotificationCallback: load 00007ffe69600000 LB 0x0000d000 C:\WINDOWS\System32\msacm32.drv [fFlags=0x0]
3171b9b0.b688: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
3172b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe69600000 'C:\WINDOWS\System32\msacm32.drv'
3173b9b0.b688: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
3174b9b0.b688: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3175b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe69600000 'C:\WINDOWS\System32\msacm32.drv'
3176b9b0.b688: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
3177b9b0.b688: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3178b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe69600000 'C:\WINDOWS\System32\msacm32.drv'
3179b9b0.b688: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
3180b9b0.b688: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3181b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe69600000 'C:\WINDOWS\System32\msacm32.drv'
3182b9b0.b688: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
3183b9b0.b688: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3184b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe69600000 'C:\WINDOWS\System32\msacm32.drv'
3185b9b0.b688: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
3186b9b0.b688: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3187b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe69600000 'C:\WINDOWS\System32\msacm32.drv'
3188b9b0.b688: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
3189b9b0.b688: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3190b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe69600000 'C:\WINDOWS\System32\msacm32.drv'
3191b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe69600000 'C:\WINDOWS\System32\msacm32.drv'
3192b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe69600000 'C:\WINDOWS\System32\msacm32.drv'
3193b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe69600000 'C:\WINDOWS\System32\msacm32.drv'
3194b9b0.b688: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000108c pwszName=\Device\HarddiskVolume3\Windows\System32\midimap.dll
3195b9b0.b688: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000013aee10
3196b9b0.b688: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000013aee10
3197b9b0.b688: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1DAEA3709B4BD5475FA0919C8463CA4834E4BC26
3198b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
3199b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe852c0000 'C:\WINDOWS\System32\crypt32.dll'
3200b9b0.b688: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\midimap.dll'
3201b9b0.b688: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3202b9b0.b688: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3203b9b0.b688: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'winmm.dll'.
3204b9b0.b688: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\midimap.dll) WinVerifyTrust
3205b9b0.b688: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\midimap.dll
3206b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
3207b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
3208b9b0.b688: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
3209b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3210b9b0.b688: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3211b9b0.b688: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3212b9b0.b688: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
3213b9b0.b688: supR3HardenedDllNotificationCallback: load 00007ffe679b0000 LB 0x0000a000 C:\WINDOWS\System32\midimap.dll [fFlags=0x0]
3214b9b0.b688: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
3215b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe679b0000 'C:\WINDOWS\System32\midimap.dll'
3216b9b0.b688: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
3217b9b0.b688: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3218b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe679b0000 'C:\WINDOWS\System32\midimap.dll'
3219b9b0.b688: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
3220b9b0.b688: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3221b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe679b0000 'C:\WINDOWS\System32\midimap.dll'
3222b9b0.b688: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
3223b9b0.b688: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3224b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe679b0000 'C:\WINDOWS\System32\midimap.dll'
3225b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe7f760000 'C:\WINDOWS\System32\winmm.dll'
3226b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe7f760000 'C:\WINDOWS\System32\winmm.dll'
3227b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe7f760000 'C:\WINDOWS\System32\winmm.dll'
3228b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe7f760000 'C:\WINDOWS\System32\winmm.dll'
3229b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe7f760000 'C:\WINDOWS\System32\winmm.dll'
3230b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe7f760000 'C:\WINDOWS\System32\winmm.dll'
3231b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe7f760000 'C:\WINDOWS\System32\winmm.dll'
3232b9b0.b688: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
3233b9b0.b688: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3234b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe7f760000 'C:\WINDOWS\System32\winmm.dll'
3235b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe7f760000 'C:\WINDOWS\System32\winmm.dll'
3236b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe7f760000 'C:\WINDOWS\System32\winmm.dll'
3237b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe7f760000 'C:\WINDOWS\System32\winmm.dll'
3238b9b0.b688: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
3239b9b0.b688: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3240b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe562f0000 'C:\WINDOWS\system32\dsound.dll'
3241b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe7f760000 'C:\WINDOWS\System32\winmm.dll'
3242b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe47f50000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
3243b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
3244b9b0.b688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe83790000 'C:\WINDOWS\system32\rsaenh.dll'
3245b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe86bb0000 'C:\WINDOWS\system32\shell32.dll'
3246b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe86bb0000 'C:\WINDOWS\system32\shell32.dll'
3247b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe86bb0000 'C:\WINDOWS\system32\shell32.dll'
3248b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe86bb0000 'C:\WINDOWS\system32\shell32.dll'
3249b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe86bb0000 'C:\WINDOWS\system32\shell32.dll'
3250b9b0.ad08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
3251b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3252b9b0.ad08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe86bb0000 'C:\WINDOWS\system32\shell32.dll'
3253b9b0.17cc: '\Device\HarddiskVolume3\Windows\System32\tzres.dll' has no imports
3254b9b0.17cc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\tzres.dll)
3255b9b0.17cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\tzres.dll
3256b9b0.17cc: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000000e30 (hFile=000000000000095c) with 0xc0000022 -> STATUS_TRUST_FAILURE
3257b9b0.17cc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\tzres.dll [avoiding WinVerifyTrust]
3258b9b0.17cc: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000000e38 (hFile=0000000000000d34) with 0xc0000022 -> STATUS_TRUST_FAILURE
3259b9b0.b790: supR3HardenedDllNotificationCallback: Unload 00007ffe76880000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [flags=0x0]
3260b9b0.af44: supR3HardenedDllNotificationCallback: Unload 00007ffe76a50000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [flags=0x0]
3261b9b0.ba90: supR3HardenedDllNotificationCallback: Unload 00007ffe6a080000 LB 0x00012000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [flags=0x0]
3262b9b0.b56c: supR3HardenedDllNotificationCallback: Unload 00007ffe7d7f0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [flags=0x0]
3263b9b0.b690: supR3HardenedDllNotificationCallback: Unload 00007ffe7e440000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [flags=0x0]
3264b9b0.b688: supR3HardenedDllNotificationCallback: Unload 00007ffe6a920000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [flags=0x0]
3265b9b0.b688: supR3HardenedDllNotificationCallback: Unload 00007ffe6b190000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [flags=0x0]
3266b9b0.b688: supR3HardenedDllNotificationCallback: Unload 00007ffe6fbb0000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL [flags=0x0]
3267b9b0.b688: supR3HardenedDllNotificationCallback: Unload 00007ffe6fbd0000 LB 0x0001e000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [flags=0x0]
3268b9b0.b688: supR3HardenedDllNotificationCallback: Unload 00007ffe58770000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
3269b9b0.b688: supR3HardenedDllNotificationCallback: Unload 00007ffe2d6e0000 LB 0x009d7000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [flags=0x0]
3270b9b0.b688: supR3HardenedDllNotificationCallback: Unload 00007ffe657f0000 LB 0x00063000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [flags=0x0]
3271b9b0.b688: supR3HardenedDllNotificationCallback: Unload 00007ffe587c0000 LB 0x0005c000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [flags=0x0]
3272b9b0.b688: supR3HardenedDllNotificationCallback: Unload 00007ffe85910000 LB 0x0044b000 C:\WINDOWS\System32\SETUPAPI.dll [flags=0x0]
3273b9b0.ad08: supR3HardenedDllNotificationCallback: Unload 00007ffe7e690000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL [flags=0x0]
3274b9b0.ad08: supR3HardenedDllNotificationCallback: Unload 00007ffe765a0000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [flags=0x0]
3275b9b0.ad08: supR3HardenedDllNotificationCallback: Unload 00007ffe5d3e0000 LB 0x00058000 C:\WINDOWS\system32\dataexchange.dll [flags=0x0]
3276b9b0.ad08: supR3HardenedDllNotificationCallback: Unload 00007ffe80fe0000 LB 0x0030b000 C:\WINDOWS\system32\d3d11.dll [flags=0x0]
3277b9b0.ad08: supR3HardenedDllNotificationCallback: Unload 00007ffe81720000 LB 0x0019c000 C:\WINDOWS\system32\dcomp.dll [flags=0x0]
3278b9b0.ad08: supR3HardenedDllNotificationCallback: Unload 00007ffe830f0000 LB 0x000bb000 C:\WINDOWS\system32\dxgi.dll [flags=0x0]
3279b9b0.ad08: supR3HardenedDllNotificationCallback: Unload 00007ffe82ab0000 LB 0x001b8000 C:\WINDOWS\system32\twinapi.appcore.dll [flags=0x0]
3280b9b0.ad08: supR3HardenedDllNotificationCallback: Unload 00007ffe82a80000 LB 0x00029000 C:\WINDOWS\system32\RMCLIENT.dll [flags=0x0]
3281b9b0.ad08: supR3HardenedDllNotificationCallback: Unload 00007ffe765c0000 LB 0x000f2000 C:\WINDOWS\system32\wbem\fastprox.dll [flags=0x0]
3282b9b0.ad08: supR3HardenedDllNotificationCallback: Unload 00007ffe5cc20000 LB 0x000d4000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [flags=0x0]
3283b9b0.ad08: supR3HardenedDllNotificationCallback: Unload 00007ffe76d00000 LB 0x00011000 C:\WINDOWS\system32\wbem\wbemprox.dll [flags=0x0]
3284b9b0.ad08: supR3HardenedDllNotificationCallback: Unload 00007ffe76c70000 LB 0x00083000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [flags=0x0]
3285b9b0.ad08: supR3HardenedDllNotificationCallback: Unload 00007ffe4f210000 LB 0x003a1000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [flags=0x0]
3286b9b0.ad08: Terminating the normal way: rcExit=0
3287b7a0.b48c: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 25594 ms, the end);
3288ba64.bb64: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 26361 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy