VirtualBox

Ticket #19022: VBoxHardening.log

File VBoxHardening.log, 372.1 KB (added by JRR1812, 5 years ago)

VBox Hardening

Line 
145f8.48b0: Log file opened: 6.0.12r133076 g_hStartupLog=000000000000005c g_uNtVerCombined=0xa047ba00
245f8.48b0: \SystemRoot\System32\ntdll.dll:
345f8.48b0: CreationTime: 2019-10-09T14:12:22.923913800Z
445f8.48b0: LastWriteTime: 2019-10-09T14:12:22.978901800Z
545f8.48b0: ChangeTime: 2019-10-09T15:01:27.057710600Z
645f8.48b0: FileAttributes: 0x20
745f8.48b0: Size: 0x1e8528
845f8.48b0: NT Headers: 0xd8
945f8.48b0: Timestamp: 0x99ca0526
1045f8.48b0: Machine: 0x8664 - amd64
1145f8.48b0: Timestamp: 0x99ca0526
1245f8.48b0: Image Version: 10.0
1345f8.48b0: SizeOfImage: 0x1f0000 (2031616)
1445f8.48b0: Resource Dir: 0x17f000 LB 0x6f310
1545f8.48b0: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
1645f8.48b0: [Raw version resource data: 0x17f0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
1745f8.48b0: ProductName: Microsoft® Windows® Operating System
1845f8.48b0: ProductVersion: 10.0.18362.418
1945f8.48b0: FileVersion: 10.0.18362.418 (WinBuild.160101.0800)
2045f8.48b0: FileDescription: NT Layer DLL
2145f8.48b0: \SystemRoot\System32\kernel32.dll:
2245f8.48b0: CreationTime: 2019-09-16T11:25:18.491625800Z
2345f8.48b0: LastWriteTime: 2019-09-16T11:25:18.507256100Z
2445f8.48b0: ChangeTime: 2019-10-09T14:13:33.730336600Z
2545f8.48b0: FileAttributes: 0x20
2645f8.48b0: Size: 0xb0570
2745f8.48b0: NT Headers: 0xe8
2845f8.48b0: Timestamp: 0xd0cecc10
2945f8.48b0: Machine: 0x8664 - amd64
3045f8.48b0: Timestamp: 0xd0cecc10
3145f8.48b0: Image Version: 10.0
3245f8.48b0: SizeOfImage: 0xb2000 (729088)
3345f8.48b0: Resource Dir: 0xb0000 LB 0x520
3445f8.48b0: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
3545f8.48b0: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
3645f8.48b0: ProductName: Microsoft® Windows® Operating System
3745f8.48b0: ProductVersion: 10.0.18362.329
3845f8.48b0: FileVersion: 10.0.18362.329 (WinBuild.160101.0800)
3945f8.48b0: FileDescription: Windows NT BASE API Client DLL
4045f8.48b0: \SystemRoot\System32\KernelBase.dll:
4145f8.48b0: CreationTime: 2019-10-09T14:12:23.420939100Z
4245f8.48b0: LastWriteTime: 2019-10-09T14:12:23.535929100Z
4345f8.48b0: ChangeTime: 2019-10-09T15:01:26.573192100Z
4445f8.48b0: FileAttributes: 0x20
4545f8.48b0: Size: 0x2a2708
4645f8.48b0: NT Headers: 0xf0
4745f8.48b0: Timestamp: 0xfba22159
4845f8.48b0: Machine: 0x8664 - amd64
4945f8.48b0: Timestamp: 0xfba22159
5045f8.48b0: Image Version: 10.0
5145f8.48b0: SizeOfImage: 0x2a3000 (2764800)
5245f8.48b0: Resource Dir: 0x27d000 LB 0x548
5345f8.48b0: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
5445f8.48b0: [Raw version resource data: 0x27d0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
5545f8.48b0: ProductName: Microsoft® Windows® Operating System
5645f8.48b0: ProductVersion: 10.0.18362.418
5745f8.48b0: FileVersion: 10.0.18362.418 (WinBuild.160101.0800)
5845f8.48b0: FileDescription: Windows NT BASE API Client DLL
5945f8.48b0: \SystemRoot\System32\apisetschema.dll:
6045f8.48b0: CreationTime: 2019-03-19T04:43:54.837151500Z
6145f8.48b0: LastWriteTime: 2019-03-19T04:43:54.837151500Z
6245f8.48b0: ChangeTime: 2019-10-09T14:13:33.707335000Z
6345f8.48b0: FileAttributes: 0x20
6445f8.48b0: Size: 0x1d028
6545f8.48b0: NT Headers: 0xc8
6645f8.48b0: Timestamp: 0xd6ced080
6745f8.48b0: Machine: 0x8664 - amd64
6845f8.48b0: Timestamp: 0xd6ced080
6945f8.48b0: Image Version: 10.0
7045f8.48b0: SizeOfImage: 0x1e000 (122880)
7145f8.48b0: Resource Dir: 0x1d000 LB 0x408
7245f8.48b0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
7345f8.48b0: [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
7445f8.48b0: ProductName: Microsoft® Windows® Operating System
7545f8.48b0: ProductVersion: 10.0.18362.1
7645f8.48b0: FileVersion: 10.0.18362.1 (WinBuild.160101.0800)
7745f8.48b0: FileDescription: ApiSet Schema DLL
7845f8.48b0: NtOpenDirectoryObject failed on \Driver: 0xc0000022
7945f8.48b0: supR3HardenedWinFindAdversaries: 0x0
8045f8.48b0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
8145f8.48b0: Calling main()
8245f8.48b0: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
8345f8.48b0: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
8445f8.48b0: SUPR3HardenedMain: Respawn #1
8545f8.48b0: System32: \Device\HarddiskVolume3\Windows\System32
8645f8.48b0: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
8745f8.48b0: KnownDllPath: C:\WINDOWS\System32
8845f8.48b0: supR3HardenedWinInit: Performing a limited self purification...
8945f8.48b0: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION
9045f8.48b0: *0000000000000000-000000000096ffff 0x0001/0x0000 0x0000000
9145f8.48b0: *0000000000970000-0000000000970fff 0x0010/0x0010 0x0040000 !!
9245f8.48b0: 0000000000971000-000000000097ffff 0x0001/0x0000 0x0000000
9345f8.48b0: *0000000000980000-000000000098ffff 0x0004/0x0004 0x0040000
9445f8.48b0: *0000000000990000-00000000009aafff 0x0002/0x0002 0x0040000
9545f8.48b0: 00000000009ab000-00000000009affff 0x0001/0x0000 0x0000000
9645f8.48b0: *00000000009b0000-00000000009b3fff 0x0002/0x0002 0x0040000
9745f8.48b0: 00000000009b4000-00000000009bffff 0x0001/0x0000 0x0000000
9845f8.48b0: *00000000009c0000-00000000009c1fff 0x0004/0x0004 0x0020000
9945f8.48b0: 00000000009c2000-00000000009dffff 0x0001/0x0000 0x0000000
10045f8.48b0: *00000000009e0000-00000000009eefff 0x0004/0x0004 0x0020000
10145f8.48b0: 00000000009ef000-00000000009effff 0x0000/0x0004 0x0020000
10245f8.48b0: 00000000009f0000-00000000009fffff 0x0001/0x0000 0x0000000
10345f8.48b0: *0000000000a00000-0000000000a82fff 0x0000/0x0004 0x0020000
10445f8.48b0: 0000000000a83000-0000000000a85fff 0x0004/0x0004 0x0020000
10545f8.48b0: 0000000000a86000-0000000000bfffff 0x0000/0x0004 0x0020000
10645f8.48b0: *0000000000c00000-0000000000cb8fff 0x0000/0x0004 0x0020000
10745f8.48b0: 0000000000cb9000-0000000000cbbfff 0x0104/0x0004 0x0020000
10845f8.48b0: 0000000000cbc000-0000000000cfffff 0x0004/0x0004 0x0020000
10945f8.48b0: *0000000000d00000-0000000000d01fff 0x0004/0x0004 0x0020000
11045f8.48b0: 0000000000d02000-0000000000d31fff 0x0000/0x0004 0x0020000
11145f8.48b0: 0000000000d32000-0000000000dbffff 0x0001/0x0000 0x0000000
11245f8.48b0: *0000000000dc0000-0000000000dc4fff 0x0004/0x0004 0x0020000
11345f8.48b0: 0000000000dc5000-0000000000ebffff 0x0000/0x0004 0x0020000
11445f8.48b0: *0000000000ec0000-0000000000f86fff 0x0002/0x0002 0x0040000
11545f8.48b0: 0000000000f87000-0000000000f8ffff 0x0001/0x0000 0x0000000
11645f8.48b0: *0000000000f90000-0000000000f9efff 0x0000/0x0004 0x0020000
11745f8.48b0: 0000000000f9f000-000000000118ffff 0x0004/0x0004 0x0020000
11845f8.48b0: 0000000001190000-0000000001190fff 0x0000/0x0004 0x0020000
11945f8.48b0: 0000000001191000-000000000119ffff 0x0001/0x0000 0x0000000
12045f8.48b0: *00000000011a0000-00000000011bcfff 0x0004/0x0004 0x0020000
12145f8.48b0: 00000000011bd000-000000000129ffff 0x0000/0x0004 0x0020000
12245f8.48b0: 00000000012a0000-000000007ffdffff 0x0001/0x0000 0x0000000
12345f8.48b0: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
12445f8.48b0: 000000007ffe1000-000000007ffe7fff 0x0001/0x0000 0x0000000
12545f8.48b0: *000000007ffe8000-000000007ffe8fff 0x0002/0x0002 0x0020000
12645f8.48b0: 000000007ffe9000-00007ff41193ffff 0x0001/0x0000 0x0000000
12745f8.48b0: *00007ff411940000-00007ff411944fff 0x0002/0x0002 0x0040000
12845f8.48b0: 00007ff411945000-00007ff411a3ffff 0x0000/0x0002 0x0040000
12945f8.48b0: *00007ff411a40000-00007ff511a5ffff 0x0000/0x0004 0x0020000
13045f8.48b0: *00007ff511a60000-00007ff513a5ffff 0x0000/0x0004 0x0020000
13145f8.48b0: 00007ff513a60000-00007ff513a60fff 0x0004/0x0004 0x0020000
13245f8.48b0: 00007ff513a61000-00007ff513a6ffff 0x0001/0x0000 0x0000000
13345f8.48b0: *00007ff513a70000-00007ff513a70fff 0x0002/0x0002 0x0040000
13445f8.48b0: 00007ff513a71000-00007ff513a7ffff 0x0001/0x0000 0x0000000
13545f8.48b0: *00007ff513a80000-00007ff513aa2fff 0x0002/0x0002 0x0040000
13645f8.48b0: 00007ff513aa3000-00007ff7fac3ffff 0x0001/0x0000 0x0000000
13745f8.48b0: *00007ff7fac40000-00007ff7fac40fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
13845f8.48b0: 00007ff7fac41000-00007ff7facb5fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
13945f8.48b0: 00007ff7facb6000-00007ff7facb6fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
14045f8.48b0: 00007ff7facb7000-00007ff7facfefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
14145f8.48b0: 00007ff7facff000-00007ff7fad01fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
14245f8.48b0: 00007ff7fad02000-00007ff7fad04fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
14345f8.48b0: 00007ff7fad05000-00007ff7fad07fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
14445f8.48b0: 00007ff7fad08000-00007ff7fad08fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
14545f8.48b0: 00007ff7fad09000-00007ff7fad0afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
14645f8.48b0: 00007ff7fad0b000-00007ff7fad0bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
14745f8.48b0: 00007ff7fad0c000-00007ff7fad54fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
14845f8.48b0: 00007ff7fad55000-00007ffd4d5fffff 0x0001/0x0000 0x0000000
14945f8.48b0: *00007ffd4d600000-00007ffd4d60ffff 0x0020/0x0040 0x0020000 !!
15045f8.48b0: 00007ffd4d610000-00007ffd6a8bffff 0x0001/0x0000 0x0000000
15145f8.48b0: *00007ffd6a8c0000-00007ffd6a8c0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswhook.dll
15245f8.48b0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffd6a8c0000 LB 0x1000 (base 00007ffd6a8c0000) - 'aswhook.dll'
15345f8.48b0: 00007ffd6a8c1000-00007ffd6a8c8fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswhook.dll
15445f8.48b0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffd6a8c1000 LB 0x8000 (base 00007ffd6a8c0000) - 'aswhook.dll'
15545f8.48b0: 00007ffd6a8c9000-00007ffd6a8cbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswhook.dll
15645f8.48b0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffd6a8c9000 LB 0x3000 (base 00007ffd6a8c0000) - 'aswhook.dll'
15745f8.48b0: 00007ffd6a8cc000-00007ffd6a8ccfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswhook.dll
15845f8.48b0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffd6a8cc000 LB 0x1000 (base 00007ffd6a8c0000) - 'aswhook.dll'
15945f8.48b0: 00007ffd6a8cd000-00007ffd6a8d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswhook.dll
16045f8.48b0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffd6a8cd000 LB 0x4000 (base 00007ffd6a8c0000) - 'aswhook.dll'
16145f8.48b0: 00007ffd6a8d1000-00007ffd6a8d1fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswhook.dll
16245f8.48b0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffd6a8d1000 LB 0x1000 (base 00007ffd6a8c0000) - 'aswhook.dll'
16345f8.48b0: 00007ffd6a8d2000-00007ffd6a8d3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswhook.dll
16445f8.48b0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffd6a8d2000 LB 0x2000 (base 00007ffd6a8c0000) - 'aswhook.dll'
16545f8.48b0: 00007ffd6a8d4000-00007ffd8b22ffff 0x0001/0x0000 0x0000000
16645f8.48b0: *00007ffd8b230000-00007ffd8b230fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
16745f8.48b0: 00007ffd8b231000-00007ffd8b335fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
16845f8.48b0: 00007ffd8b336000-00007ffd8b497fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
16945f8.48b0: 00007ffd8b498000-00007ffd8b49bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
17045f8.48b0: 00007ffd8b49c000-00007ffd8b49cfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
17145f8.48b0: 00007ffd8b49d000-00007ffd8b4d2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
17245f8.48b0: 00007ffd8b4d3000-00007ffd8d38ffff 0x0001/0x0000 0x0000000
17345f8.48b0: *00007ffd8d390000-00007ffd8d390fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
17445f8.48b0: 00007ffd8d391000-00007ffd8d405fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
17545f8.48b0: 00007ffd8d406000-00007ffd8d437fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
17645f8.48b0: 00007ffd8d438000-00007ffd8d438fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
17745f8.48b0: 00007ffd8d439000-00007ffd8d439fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
17845f8.48b0: 00007ffd8d43a000-00007ffd8d441fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
17945f8.48b0: 00007ffd8d442000-00007ffd8d57ffff 0x0001/0x0000 0x0000000
18045f8.48b0: *00007ffd8d580000-00007ffd8d580fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
18145f8.48b0: 00007ffd8d581000-00007ffd8d697fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
18245f8.48b0: 00007ffd8d698000-00007ffd8d6defff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
18345f8.48b0: 00007ffd8d6df000-00007ffd8d6dffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
18445f8.48b0: 00007ffd8d6e0000-00007ffd8d6e1fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
18545f8.48b0: 00007ffd8d6e2000-00007ffd8d6eafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
18645f8.48b0: 00007ffd8d6eb000-00007ffd8d76ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
18745f8.48b0: 00007ffd8d770000-00007ffffffeffff 0x0001/0x0000 0x0000000
18845f8.48b0: kernel32.dll: timestamp 0xd0cecc10 (rc=VINF_SUCCESS)
18945f8.48b0: kernelbase.dll: timestamp 0xfba22159 (rc=VINF_SUCCESS)
19045f8.48b0: VirtualBoxVM.exe: timestamp 0x5d6e3430 (rc=VINF_SUCCESS)
19145f8.48b0: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
19245f8.48b0: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
19345f8.48b0: ntdll.dll: Differences in section #1 (.text) between file and memory:
19445f8.48b0: 00007ffd8d59a2f0 / 0x001a2f0: 48 != e9
19545f8.48b0: 00007ffd8d59a2f1 / 0x001a2f1: 89 != 03
19645f8.48b0: 00007ffd8d59a2f2 / 0x001a2f2: 5c != 63
19745f8.48b0: 00007ffd8d59a2f3 / 0x001a2f3: 24 != 06
19845f8.48b0: 00007ffd8d59a2f4 / 0x001a2f4: 08 != c0
19945f8.48b0: 00007ffd8d59a2f5 / 0x001a2f5: 48 != cc
20045f8.48b0: 00007ffd8d59a2f6 / 0x001a2f6: 89 != cc
20145f8.48b0: 00007ffd8d59a2f7 / 0x001a2f7: 74 != cc
20245f8.48b0: 00007ffd8d59a2f8 / 0x001a2f8: 24 != cc
20345f8.48b0: 00007ffd8d59a2f9 / 0x001a2f9: 10 != cc
20445f8.48b0: Restored 0x2000 bytes of original file content at 00007ffd8d599000
20545f8.48b0: ntdll.dll: Differences in section #1 (.text) between file and memory:
20645f8.48b0: 00007ffd8d5a1680 / 0x0021680: 48 != e9
20745f8.48b0: 00007ffd8d5a1681 / 0x0021681: 89 != 33
20845f8.48b0: 00007ffd8d5a1682 / 0x0021682: 5c != f0
20945f8.48b0: 00007ffd8d5a1683 / 0x0021683: 24 != 05
21045f8.48b0: 00007ffd8d5a1684 / 0x0021684: 10 != c0
21145f8.48b0: 00007ffd8d5a1685 / 0x0021685: 56 != cc
21245f8.48b0: Restored 0x2000 bytes of original file content at 00007ffd8d5a1000
21345f8.48b0: ntdll.dll: Differences in section #1 (.text) between file and memory:
21445f8.48b0: 00007ffd8d61c3d0 / 0x009c3d0: 4c != e9
21545f8.48b0: 00007ffd8d61c3d1 / 0x009c3d1: 8b != 83
21645f8.48b0: 00007ffd8d61c3d2 / 0x009c3d2: d1 != 42
21745f8.48b0: 00007ffd8d61c3d3 / 0x009c3d3: b8 != fe
21845f8.48b0: 00007ffd8d61c3d4 / 0x009c3d4: 19 != bf
21945f8.48b0: 00007ffd8d61c3d5 / 0x009c3d5: 00 != cc
22045f8.48b0: 00007ffd8d61c3d6 / 0x009c3d6: 00 != cc
22145f8.48b0: 00007ffd8d61c3d7 / 0x009c3d7: 00 != cc
22245f8.48b0: 00007ffd8d61c5b0 / 0x009c5b0: 4c != e9
22345f8.48b0: 00007ffd8d61c5b1 / 0x009c5b1: 8b != 83
22445f8.48b0: 00007ffd8d61c5b2 / 0x009c5b2: d1 != 3c
22545f8.48b0: 00007ffd8d61c5b3 / 0x009c5b3: b8 != fe
22645f8.48b0: 00007ffd8d61c5b4 / 0x009c5b4: 28 != bf
22745f8.48b0: 00007ffd8d61c5b5 / 0x009c5b5: 00 != cc
22845f8.48b0: 00007ffd8d61c5b6 / 0x009c5b6: 00 != cc
22945f8.48b0: 00007ffd8d61c5b7 / 0x009c5b7: 00 != cc
23045f8.48b0: 00007ffd8d61c7f0 / 0x009c7f0: 4c != e9
23145f8.48b0: 00007ffd8d61c7f1 / 0x009c7f1: 8b != 83
23245f8.48b0: 00007ffd8d61c7f2 / 0x009c7f2: d1 != 39
23345f8.48b0: 00007ffd8d61c7f3 / 0x009c7f3: b8 != fe
23445f8.48b0: 00007ffd8d61c7f4 / 0x009c7f4: 3a != bf
23545f8.48b0: 00007ffd8d61c7f5 / 0x009c7f5: 00 != cc
23645f8.48b0: 00007ffd8d61c7f6 / 0x009c7f6: 00 != cc
23745f8.48b0: 00007ffd8d61c7f7 / 0x009c7f7: 00 != cc
23845f8.48b0: 00007ffd8d61c8b0 / 0x009c8b0: 4c != e9
23945f8.48b0: 00007ffd8d61c8b1 / 0x009c8b1: 8b != c3
24045f8.48b0: 00007ffd8d61c8b2 / 0x009c8b2: d1 != 3b
24145f8.48b0: 00007ffd8d61c8b3 / 0x009c8b3: b8 != fe
24245f8.48b0: 00007ffd8d61c8b4 / 0x009c8b4: 40 != bf
24345f8.48b0: 00007ffd8d61c8b5 / 0x009c8b5: 00 != cc
24445f8.48b0: 00007ffd8d61c8b6 / 0x009c8b6: 00 != cc
24545f8.48b0: 00007ffd8d61c8b7 / 0x009c8b7: 00 != cc
24645f8.48b0: 00007ffd8d61c9b0 / 0x009c9b0: 4c != e9
24745f8.48b0: 00007ffd8d61c9b1 / 0x009c9b1: 8b != 43
24845f8.48b0: 00007ffd8d61c9b2 / 0x009c9b2: d1 != 39
24945f8.48b0: 00007ffd8d61c9b3 / 0x009c9b3: b8 != fe
25045f8.48b0: 00007ffd8d61c9b4 / 0x009c9b4: 48 != bf
25145f8.48b0: 00007ffd8d61c9b5 / 0x009c9b5: 00 != cc
25245f8.48b0: 00007ffd8d61c9b6 / 0x009c9b6: 00 != cc
25345f8.48b0: 00007ffd8d61c9b7 / 0x009c9b7: 00 != cc
25445f8.48b0: 00007ffd8d61cab0 / 0x009cab0: 4c != e9
25545f8.48b0: 00007ffd8d61cab1 / 0x009cab1: 8b != 23
25645f8.48b0: 00007ffd8d61cab2 / 0x009cab2: d1 != 37
25745f8.48b0: 00007ffd8d61cab3 / 0x009cab3: b8 != fe
25845f8.48b0: 00007ffd8d61cab4 / 0x009cab4: 50 != bf
25945f8.48b0: 00007ffd8d61cab5 / 0x009cab5: 00 != cc
26045f8.48b0: 00007ffd8d61cab6 / 0x009cab6: 00 != cc
26145f8.48b0: 00007ffd8d61cab7 / 0x009cab7: 00 != cc
26245f8.48b0: 00007ffd8d61caf0 / 0x009caf0: 4c != e9
26345f8.48b0: 00007ffd8d61caf1 / 0x009caf1: 8b != a3
26445f8.48b0: 00007ffd8d61caf2 / 0x009caf2: d1 != 37
26545f8.48b0: 00007ffd8d61caf3 / 0x009caf3: b8 != fe
26645f8.48b0: 00007ffd8d61caf4 / 0x009caf4: 52 != bf
26745f8.48b0: 00007ffd8d61caf5 / 0x009caf5: 00 != cc
26845f8.48b0: 00007ffd8d61caf6 / 0x009caf6: 00 != cc
26945f8.48b0: 00007ffd8d61caf7 / 0x009caf7: 00 != cc
27045f8.48b0: 00007ffd8d61d680 / 0x009d680: 4c != e9
27145f8.48b0: 00007ffd8d61d681 / 0x009d681: 8b != d3
27245f8.48b0: 00007ffd8d61d682 / 0x009d682: d1 != 2c
27345f8.48b0: 00007ffd8d61d683 / 0x009d683: b8 != fe
27445f8.48b0: 00007ffd8d61d684 / 0x009d684: af != bf
27545f8.48b0: 00007ffd8d61d685 / 0x009d685: 00 != cc
27645f8.48b0: 00007ffd8d61d686 / 0x009d686: 00 != cc
27745f8.48b0: 00007ffd8d61d687 / 0x009d687: 00 != cc
27845f8.48b0: Restored 0x2000 bytes of original file content at 00007ffd8d61b7fe
27945f8.48b0: ntdll.dll: Differences in section #1 (.text) between file and memory:
28045f8.48b0: 00007ffd8d61d800 / 0x009d800: 4c != e9
28145f8.48b0: 00007ffd8d61d801 / 0x009d801: 8b != b3
28245f8.48b0: 00007ffd8d61d802 / 0x009d802: d1 != 2b
28345f8.48b0: 00007ffd8d61d803 / 0x009d803: b8 != fe
28445f8.48b0: 00007ffd8d61d804 / 0x009d804: bb != bf
28545f8.48b0: 00007ffd8d61d805 / 0x009d805: 00 != cc
28645f8.48b0: 00007ffd8d61d806 / 0x009d806: 00 != cc
28745f8.48b0: 00007ffd8d61d807 / 0x009d807: 00 != cc
28845f8.48b0: 00007ffd8d61d920 / 0x009d920: 4c != e9
28945f8.48b0: 00007ffd8d61d921 / 0x009d921: 8b != f3
29045f8.48b0: 00007ffd8d61d922 / 0x009d922: d1 != 2a
29145f8.48b0: 00007ffd8d61d923 / 0x009d923: b8 != fe
29245f8.48b0: 00007ffd8d61d924 / 0x009d924: c4 != bf
29345f8.48b0: 00007ffd8d61d925 / 0x009d925: 00 != cc
29445f8.48b0: 00007ffd8d61d926 / 0x009d926: 00 != cc
29545f8.48b0: 00007ffd8d61d927 / 0x009d927: 00 != cc
29645f8.48b0: 00007ffd8d61e480 / 0x009e480: 4c != e9
29745f8.48b0: 00007ffd8d61e481 / 0x009e481: 8b != 53
29845f8.48b0: 00007ffd8d61e482 / 0x009e482: d1 != 20
29945f8.48b0: 00007ffd8d61e483 / 0x009e483: b8 != fe
30045f8.48b0: 00007ffd8d61e484 / 0x009e484: 1f != bf
30145f8.48b0: 00007ffd8d61e485 / 0x009e485: 01 != cc
30245f8.48b0: 00007ffd8d61e486 / 0x009e486: 00 != cc
30345f8.48b0: 00007ffd8d61e487 / 0x009e487: 00 != cc
30445f8.48b0: 00007ffd8d61e560 / 0x009e560: 4c != e9
30545f8.48b0: 00007ffd8d61e561 / 0x009e561: 8b != d3
30645f8.48b0: 00007ffd8d61e562 / 0x009e562: d1 != 1f
30745f8.48b0: 00007ffd8d61e563 / 0x009e563: b8 != fe
30845f8.48b0: 00007ffd8d61e564 / 0x009e564: 26 != bf
30945f8.48b0: 00007ffd8d61e565 / 0x009e565: 01 != cc
31045f8.48b0: 00007ffd8d61e566 / 0x009e566: 00 != cc
31145f8.48b0: 00007ffd8d61e567 / 0x009e567: 00 != cc
31245f8.48b0: Restored 0x2000 bytes of original file content at 00007ffd8d61d7fe
31345f8.48b0: ntdll.dll: Differences in section #1 (.text) between file and memory:
31445f8.48b0: 00007ffd8d672180 / 0x00f2180: 48 != e9
31545f8.48b0: 00007ffd8d672181 / 0x00f2181: 89 != 13
31645f8.48b0: 00007ffd8d672182 / 0x00f2182: 5c != e4
31745f8.48b0: 00007ffd8d672183 / 0x00f2183: 24 != f8
31845f8.48b0: 00007ffd8d672184 / 0x00f2184: 08 != bf
31945f8.48b0: 00007ffd8d672185 / 0x00f2185: 57 != cc
32045f8.48b0: Restored 0x2000 bytes of original file content at 00007ffd8d671cee
32145f8.48b0: supR3HardenedWinInit: SUPHARDNTVPKIND_SELF_PURIFICATION_LIMITED -> VINF_SUCCESS, cFixes=5
32245f8.48b0: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
32345f8.48b0: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
32445f8.48b0: supR3HardNtEnableThreadCreationEx:
32545f8.48b0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffd8d5f17f0 pvNtTerminateThread=00007ffd8d61cb10
32645f8.48b0: supR3HardenedWinDoReSpawn(1): New child 5c18.284c [kernel32].
32745f8.48b0: supR3HardNtChildGatherData: PebBaseAddress=000000000048e000 cbPeb=0x388
32845f8.48b0: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffd8d580000 uNtDllChildAddr=00007ffd8d580000
32945f8.48b0: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffd8d5f17f0
33045f8.48b0: supR3HardenedWinSetupChildInit: Start child.
33145f8.48b0: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
33245f8.48b0: supR3HardNtChildPurify: Startup delay kludge #1/0: 260 ms, 29 sleeps
33345f8.48b0: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
33445f8.48b0: *0000000000000000-00000000003effff 0x0001/0x0000 0x0000000
33545f8.48b0: *00000000003f0000-00000000003f3fff 0x0002/0x0002 0x0040000
33645f8.48b0: 00000000003f4000-00000000003fffff 0x0001/0x0000 0x0000000
33745f8.48b0: *0000000000400000-000000000048dfff 0x0000/0x0004 0x0020000
33845f8.48b0: 000000000048e000-0000000000490fff 0x0004/0x0004 0x0020000
33945f8.48b0: 0000000000491000-00000000005fffff 0x0000/0x0004 0x0020000
34045f8.48b0: *0000000000600000-000000000061ffff 0x0004/0x0004 0x0020000
34145f8.48b0: *0000000000620000-000000000063afff 0x0002/0x0002 0x0040000
34245f8.48b0: 000000000063b000-000000000063ffff 0x0001/0x0000 0x0000000
34345f8.48b0: *0000000000640000-000000000073afff 0x0000/0x0004 0x0020000
34445f8.48b0: 000000000073b000-000000000073dfff 0x0104/0x0004 0x0020000
34545f8.48b0: 000000000073e000-000000000073ffff 0x0004/0x0004 0x0020000
34645f8.48b0: *0000000000740000-0000000000741fff 0x0004/0x0004 0x0020000
34745f8.48b0: 0000000000742000-000000007ffdffff 0x0001/0x0000 0x0000000
34845f8.48b0: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
34945f8.48b0: 000000007ffe1000-000000007ffe7fff 0x0001/0x0000 0x0000000
35045f8.48b0: *000000007ffe8000-000000007ffe8fff 0x0002/0x0002 0x0020000
35145f8.48b0: 000000007ffe9000-00007ff5cb38ffff 0x0001/0x0000 0x0000000
35245f8.48b0: *00007ff5cb390000-00007ff5cb390fff 0x0002/0x0002 0x0040000
35345f8.48b0: 00007ff5cb391000-00007ff5cb39ffff 0x0001/0x0000 0x0000000
35445f8.48b0: *00007ff5cb3a0000-00007ff5cb3c2fff 0x0002/0x0002 0x0040000
35545f8.48b0: 00007ff5cb3c3000-00007ff7fac3ffff 0x0001/0x0000 0x0000000
35645f8.48b0: *00007ff7fac40000-00007ff7fac40fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
35745f8.48b0: 00007ff7fac41000-00007ff7facb5fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
35845f8.48b0: 00007ff7facb6000-00007ff7facb6fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
35945f8.48b0: 00007ff7facb7000-00007ff7facfefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
36045f8.48b0: 00007ff7facff000-00007ff7facfffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
36145f8.48b0: 00007ff7fad00000-00007ff7fad00fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
36245f8.48b0: 00007ff7fad01000-00007ff7fad05fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
36345f8.48b0: 00007ff7fad06000-00007ff7fad06fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
36445f8.48b0: 00007ff7fad07000-00007ff7fad07fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
36545f8.48b0: 00007ff7fad08000-00007ff7fad0bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
36645f8.48b0: 00007ff7fad0c000-00007ff7fad54fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
36745f8.48b0: 00007ff7fad55000-00007ffd8d57ffff 0x0001/0x0000 0x0000000
36845f8.48b0: *00007ffd8d580000-00007ffd8d580fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
36945f8.48b0: 00007ffd8d581000-00007ffd8d697fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
37045f8.48b0: 00007ffd8d698000-00007ffd8d6defff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
37145f8.48b0: 00007ffd8d6df000-00007ffd8d6eafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
37245f8.48b0: 00007ffd8d6eb000-00007ffd8d6f9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
37345f8.48b0: 00007ffd8d6fa000-00007ffd8d6fafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
37445f8.48b0: 00007ffd8d6fb000-00007ffd8d6fdfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
37545f8.48b0: 00007ffd8d6fe000-00007ffd8d76ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
37645f8.48b0: 00007ffd8d770000-00007ffffffeffff 0x0001/0x0000 0x0000000
37745f8.48b0: supR3HardNtChildPurify: Done after 264 ms and 0 fixes (loop #0).
3785c18.284c: Log file opened: 6.0.12r133076 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa047ba00
3795c18.284c: supR3HardenedVmProcessInit: uNtDllAddr=00007ffd8d580000 g_uNtVerCombined=0xa047ba00
3805c18.284c: ntdll.dll: timestamp 0x99ca0526 (rc=VINF_SUCCESS)
3815c18.284c: New simple heap: #1 0000000000850000 LB 0x400000 (for 2031616 allocation)
38245f8.48b0: supR3HardNtEnableThreadCreationEx:
3835c18.284c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
3845c18.284c: System32: \Device\HarddiskVolume3\Windows\System32
3855c18.284c: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
3865c18.284c: KnownDllPath: C:\WINDOWS\System32
3875c18.284c: supR3HardenedVmProcessInit: Opening vboxdrv stub...
3885c18.284c: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
3895c18.284c: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
3905c18.284c: Registered Dll notification callback with NTDLL.
3915c18.284c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
3925c18.284c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
3935c18.284c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
3945c18.284c: supR3HardenedMonitor_KiUserApcDispatcher_C: pfnRoutine=0000000000600078 enmState=3 -> supR3HardenedWinDummyApcRoutine
3955c18.284c: supR3HardenedWinDummyApcRoutine: pvArg1=0000000000600000 pvArg2=0000000000000000 pvArg3=0000000000000000
3965c18.284c: supR3HardenedDllNotificationCallback: load 00007ffd8b230000 LB 0x002a3000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
3975c18.284c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
3985c18.284c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
3995c18.284c: supR3HardenedDllNotificationCallback: load 00007ffd8d390000 LB 0x000b2000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
4005c18.284c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
4015c18.284c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8d390000 'C:\WINDOWS\System32\KERNEL32.DLL'
4025c18.284c: supR3HardenedDllNotificationCallback: load 00007ff7fac40000 LB 0x00115000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
4035c18.284c: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
4045c18.284c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
4055c18.284c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4065c18.284c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffd8d5f17f0 pvNtTerminateThread=00007ffd8d61cb10
40745f8.48b0: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 117 ms.
4085c18.284c: \SystemRoot\System32\ntdll.dll:
4095c18.284c: CreationTime: 2019-10-09T14:12:22.923913800Z
4105c18.284c: LastWriteTime: 2019-10-09T14:12:22.978901800Z
4115c18.284c: ChangeTime: 2019-10-09T15:01:27.057710600Z
4125c18.284c: FileAttributes: 0x20
4135c18.284c: Size: 0x1e8528
4145c18.284c: NT Headers: 0xd8
4155c18.284c: Timestamp: 0x99ca0526
4165c18.284c: Machine: 0x8664 - amd64
4175c18.284c: Timestamp: 0x99ca0526
4185c18.284c: Image Version: 10.0
4195c18.284c: SizeOfImage: 0x1f0000 (2031616)
4205c18.284c: Resource Dir: 0x17f000 LB 0x6f310
4215c18.284c: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
4225c18.284c: [Raw version resource data: 0x17f0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
4235c18.284c: ProductName: Microsoft® Windows® Operating System
4245c18.284c: ProductVersion: 10.0.18362.418
4255c18.284c: FileVersion: 10.0.18362.418 (WinBuild.160101.0800)
4265c18.284c: FileDescription: NT Layer DLL
4275c18.284c: \SystemRoot\System32\kernel32.dll:
4285c18.284c: CreationTime: 2019-09-16T11:25:18.491625800Z
4295c18.284c: LastWriteTime: 2019-09-16T11:25:18.507256100Z
4305c18.284c: ChangeTime: 2019-10-09T14:13:33.730336600Z
4315c18.284c: FileAttributes: 0x20
4325c18.284c: Size: 0xb0570
4335c18.284c: NT Headers: 0xe8
4345c18.284c: Timestamp: 0xd0cecc10
4355c18.284c: Machine: 0x8664 - amd64
4365c18.284c: Timestamp: 0xd0cecc10
4375c18.284c: Image Version: 10.0
4385c18.284c: SizeOfImage: 0xb2000 (729088)
4395c18.284c: Resource Dir: 0xb0000 LB 0x520
4405c18.284c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
4415c18.284c: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
4425c18.284c: ProductName: Microsoft® Windows® Operating System
4435c18.284c: ProductVersion: 10.0.18362.329
4445c18.284c: FileVersion: 10.0.18362.329 (WinBuild.160101.0800)
4455c18.284c: FileDescription: Windows NT BASE API Client DLL
4465c18.284c: \SystemRoot\System32\KernelBase.dll:
4475c18.284c: CreationTime: 2019-10-09T14:12:23.420939100Z
4485c18.284c: LastWriteTime: 2019-10-09T14:12:23.535929100Z
4495c18.284c: ChangeTime: 2019-10-09T15:01:26.573192100Z
4505c18.284c: FileAttributes: 0x20
4515c18.284c: Size: 0x2a2708
4525c18.284c: NT Headers: 0xf0
4535c18.284c: Timestamp: 0xfba22159
4545c18.284c: Machine: 0x8664 - amd64
4555c18.284c: Timestamp: 0xfba22159
4565c18.284c: Image Version: 10.0
4575c18.284c: SizeOfImage: 0x2a3000 (2764800)
4585c18.284c: Resource Dir: 0x27d000 LB 0x548
4595c18.284c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
4605c18.284c: [Raw version resource data: 0x27d0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
4615c18.284c: ProductName: Microsoft® Windows® Operating System
4625c18.284c: ProductVersion: 10.0.18362.418
4635c18.284c: FileVersion: 10.0.18362.418 (WinBuild.160101.0800)
4645c18.284c: FileDescription: Windows NT BASE API Client DLL
4655c18.284c: \SystemRoot\System32\apisetschema.dll:
4665c18.284c: CreationTime: 2019-03-19T04:43:54.837151500Z
4675c18.284c: LastWriteTime: 2019-03-19T04:43:54.837151500Z
4685c18.284c: ChangeTime: 2019-10-09T14:13:33.707335000Z
4695c18.284c: FileAttributes: 0x20
4705c18.284c: Size: 0x1d028
4715c18.284c: NT Headers: 0xc8
4725c18.284c: Timestamp: 0xd6ced080
4735c18.284c: Machine: 0x8664 - amd64
4745c18.284c: Timestamp: 0xd6ced080
4755c18.284c: Image Version: 10.0
4765c18.284c: SizeOfImage: 0x1e000 (122880)
4775c18.284c: Resource Dir: 0x1d000 LB 0x408
4785c18.284c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
4795c18.284c: [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
4805c18.284c: ProductName: Microsoft® Windows® Operating System
4815c18.284c: ProductVersion: 10.0.18362.1
4825c18.284c: FileVersion: 10.0.18362.1 (WinBuild.160101.0800)
4835c18.284c: FileDescription: ApiSet Schema DLL
4845c18.284c: NtOpenDirectoryObject failed on \Driver: 0xc0000022
4855c18.284c: supR3HardenedWinFindAdversaries: 0x0
4865c18.284c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
4875c18.284c: Calling main()
4885c18.284c: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
4895c18.284c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
4905c18.284c: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
4915c18.284c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
4925c18.284c: SUPR3HardenedMain: Respawn #2
4935c18.284c: supR3HardNtEnableThreadCreationEx:
4945c18.284c: supR3HardenedDllNotificationCallback: load 00007ffd8c0e0000 LB 0x00120000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
4955c18.284c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll)
4965c18.284c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
4975c18.284c: supR3HardenedDllNotificationCallback: load 00007ffd8b720000 LB 0x00097000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
4985c18.284c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
4995c18.284c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\sechost.dll)
5005c18.284c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sechost.dll
5015c18.284c: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
5025c18.284c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntdll.dll)
5035c18.284c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntdll.dll
5045c18.284c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
5055c18.284c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
5065c18.284c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
5075c18.284c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5085c18.284c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8d580000 'C:\WINDOWS\System32\ntdll.dll'
5095c18.284c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffd8d5f17f0 pvNtTerminateThread=00007ffd8d61cb10
5105c18.284c: supR3HardenedWinDoReSpawn(2): New child 5a4.3670 [kernel32].
5115c18.284c: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
5125c18.284c: supR3HardNtChildGatherData: PebBaseAddress=000000000069d000 cbPeb=0x388
5135c18.284c: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffd8d580000 uNtDllChildAddr=00007ffd8d580000
5145c18.284c: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffd8d5f17f0
5155c18.284c: supR3HardenedWinSetupChildInit: Start child.
5165c18.284c: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms.
5175c18.284c: supR3HardNtChildPurify: Startup delay kludge #1/0: 264 ms, 30 sleeps
5185c18.284c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
5195c18.284c: *0000000000000000-00000000005affff 0x0001/0x0000 0x0000000
5205c18.284c: *00000000005b0000-00000000005cffff 0x0004/0x0004 0x0020000
5215c18.284c: *00000000005d0000-00000000005eafff 0x0002/0x0002 0x0040000
5225c18.284c: 00000000005eb000-00000000005effff 0x0001/0x0000 0x0000000
5235c18.284c: *00000000005f0000-00000000005f3fff 0x0002/0x0002 0x0040000
5245c18.284c: 00000000005f4000-00000000005fffff 0x0001/0x0000 0x0000000
5255c18.284c: *0000000000600000-000000000069cfff 0x0000/0x0004 0x0020000
5265c18.284c: 000000000069d000-000000000069ffff 0x0004/0x0004 0x0020000
5275c18.284c: 00000000006a0000-00000000007fffff 0x0000/0x0004 0x0020000
5285c18.284c: *0000000000800000-00000000008fafff 0x0000/0x0004 0x0020000
5295c18.284c: 00000000008fb000-00000000008fdfff 0x0104/0x0004 0x0020000
5305c18.284c: 00000000008fe000-00000000008fffff 0x0004/0x0004 0x0020000
5315c18.284c: *0000000000900000-0000000000901fff 0x0004/0x0004 0x0020000
5325c18.284c: 0000000000902000-000000007ffdffff 0x0001/0x0000 0x0000000
5335c18.284c: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
5345c18.284c: 000000007ffe1000-000000007ffe7fff 0x0001/0x0000 0x0000000
5355c18.284c: *000000007ffe8000-000000007ffe8fff 0x0002/0x0002 0x0020000
5365c18.284c: 000000007ffe9000-00007ff55fbfffff 0x0001/0x0000 0x0000000
5375c18.284c: *00007ff55fc00000-00007ff55fc00fff 0x0002/0x0002 0x0040000
5385c18.284c: 00007ff55fc01000-00007ff55fc0ffff 0x0001/0x0000 0x0000000
5395c18.284c: *00007ff55fc10000-00007ff55fc32fff 0x0002/0x0002 0x0040000
5405c18.284c: 00007ff55fc33000-00007ff7fac3ffff 0x0001/0x0000 0x0000000
5415c18.284c: *00007ff7fac40000-00007ff7fac40fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
5425c18.284c: 00007ff7fac41000-00007ff7facb5fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
5435c18.284c: 00007ff7facb6000-00007ff7facb6fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
5445c18.284c: 00007ff7facb7000-00007ff7facfefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
5455c18.284c: 00007ff7facff000-00007ff7facfffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
5465c18.284c: 00007ff7fad00000-00007ff7fad00fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
5475c18.284c: 00007ff7fad01000-00007ff7fad05fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
5485c18.284c: 00007ff7fad06000-00007ff7fad06fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
5495c18.284c: 00007ff7fad07000-00007ff7fad07fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
5505c18.284c: 00007ff7fad08000-00007ff7fad0bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
5515c18.284c: 00007ff7fad0c000-00007ff7fad54fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
5525c18.284c: 00007ff7fad55000-00007ffd8d57ffff 0x0001/0x0000 0x0000000
5535c18.284c: *00007ffd8d580000-00007ffd8d580fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
5545c18.284c: 00007ffd8d581000-00007ffd8d697fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
5555c18.284c: 00007ffd8d698000-00007ffd8d6defff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
5565c18.284c: 00007ffd8d6df000-00007ffd8d6eafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
5575c18.284c: 00007ffd8d6eb000-00007ffd8d6f9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
5585c18.284c: 00007ffd8d6fa000-00007ffd8d6fafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
5595c18.284c: 00007ffd8d6fb000-00007ffd8d6fdfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
5605c18.284c: 00007ffd8d6fe000-00007ffd8d76ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
5615c18.284c: 00007ffd8d770000-00007ffffffeffff 0x0001/0x0000 0x0000000
5625c18.284c: VirtualBoxVM.exe: timestamp 0x5d6e3430 (rc=VINF_SUCCESS)
5635c18.284c: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
5645c18.284c: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
5655c18.284c: supR3HardNtChildPurify: Done after 314 ms and 0 fixes (loop #0).
5665a4.3670: Log file opened: 6.0.12r133076 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa047ba00
5675a4.3670: supR3HardenedVmProcessInit: uNtDllAddr=00007ffd8d580000 g_uNtVerCombined=0xa047ba00
5685c18.284c: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000850000 LB 0x400000)
5695a4.3670: ntdll.dll: timestamp 0x99ca0526 (rc=VINF_SUCCESS)
5705a4.3670: New simple heap: #1 0000000000a10000 LB 0x400000 (for 2031616 allocation)
5715c18.284c: supR3HardNtEnableThreadCreationEx:
5725a4.3670: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
5735a4.3670: System32: \Device\HarddiskVolume3\Windows\System32
5745a4.3670: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
5755a4.3670: KnownDllPath: C:\WINDOWS\System32
5765a4.3670: supR3HardenedVmProcessInit: Opening vboxdrv...
5775a4.3670: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
5785a4.3670: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
5795a4.3670: Registered Dll notification callback with NTDLL.
5805a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
5815a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
5825a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
5835a4.3670: supR3HardenedMonitor_KiUserApcDispatcher_C: pfnRoutine=00000000005b0078 enmState=4 -> supR3HardenedWinDummyApcRoutine
5845a4.3670: supR3HardenedWinDummyApcRoutine: pvArg1=00000000005b0000 pvArg2=0000000000000000 pvArg3=0000000000000000
5855a4.3670: supR3HardenedDllNotificationCallback: load 00007ffd8b230000 LB 0x002a3000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
5865a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
5875a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
5885a4.3670: supR3HardenedDllNotificationCallback: load 00007ffd8d390000 LB 0x000b2000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
5895a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
5905a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8d390000 'C:\WINDOWS\System32\KERNEL32.DLL'
5915a4.3670: supR3HardenedDllNotificationCallback: load 00007ff7fac40000 LB 0x00115000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
5925a4.3670: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
5935a4.3670: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
5945a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
5955a4.3670: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffd8d5f17f0 pvNtTerminateThread=00007ffd8d61cb10
5965c18.284c: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 158 ms.
5975a4.3670: \SystemRoot\System32\ntdll.dll:
5985a4.3670: CreationTime: 2019-10-09T14:12:22.923913800Z
5995a4.3670: LastWriteTime: 2019-10-09T14:12:22.978901800Z
6005a4.3670: ChangeTime: 2019-10-09T15:01:27.057710600Z
6015a4.3670: FileAttributes: 0x20
6025a4.3670: Size: 0x1e8528
6035a4.3670: NT Headers: 0xd8
6045a4.3670: Timestamp: 0x99ca0526
6055a4.3670: Machine: 0x8664 - amd64
6065a4.3670: Timestamp: 0x99ca0526
6075a4.3670: Image Version: 10.0
6085a4.3670: SizeOfImage: 0x1f0000 (2031616)
6095a4.3670: Resource Dir: 0x17f000 LB 0x6f310
6105a4.3670: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
6115a4.3670: [Raw version resource data: 0x17f0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
6125a4.3670: ProductName: Microsoft® Windows® Operating System
6135a4.3670: ProductVersion: 10.0.18362.418
6145a4.3670: FileVersion: 10.0.18362.418 (WinBuild.160101.0800)
6155a4.3670: FileDescription: NT Layer DLL
6165a4.3670: \SystemRoot\System32\kernel32.dll:
6175a4.3670: CreationTime: 2019-09-16T11:25:18.491625800Z
6185a4.3670: LastWriteTime: 2019-09-16T11:25:18.507256100Z
6195a4.3670: ChangeTime: 2019-10-09T14:13:33.730336600Z
6205a4.3670: FileAttributes: 0x20
6215a4.3670: Size: 0xb0570
6225a4.3670: NT Headers: 0xe8
6235a4.3670: Timestamp: 0xd0cecc10
6245a4.3670: Machine: 0x8664 - amd64
6255a4.3670: Timestamp: 0xd0cecc10
6265a4.3670: Image Version: 10.0
6275a4.3670: SizeOfImage: 0xb2000 (729088)
6285a4.3670: Resource Dir: 0xb0000 LB 0x520
6295a4.3670: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
6305a4.3670: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
6315a4.3670: ProductName: Microsoft® Windows® Operating System
6325a4.3670: ProductVersion: 10.0.18362.329
6335a4.3670: FileVersion: 10.0.18362.329 (WinBuild.160101.0800)
6345a4.3670: FileDescription: Windows NT BASE API Client DLL
6355a4.3670: \SystemRoot\System32\KernelBase.dll:
6365a4.3670: CreationTime: 2019-10-09T14:12:23.420939100Z
6375a4.3670: LastWriteTime: 2019-10-09T14:12:23.535929100Z
6385a4.3670: ChangeTime: 2019-10-09T15:01:26.573192100Z
6395a4.3670: FileAttributes: 0x20
6405a4.3670: Size: 0x2a2708
6415a4.3670: NT Headers: 0xf0
6425a4.3670: Timestamp: 0xfba22159
6435a4.3670: Machine: 0x8664 - amd64
6445a4.3670: Timestamp: 0xfba22159
6455a4.3670: Image Version: 10.0
6465a4.3670: SizeOfImage: 0x2a3000 (2764800)
6475a4.3670: Resource Dir: 0x27d000 LB 0x548
6485a4.3670: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
6495a4.3670: [Raw version resource data: 0x27d0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
6505a4.3670: ProductName: Microsoft® Windows® Operating System
6515a4.3670: ProductVersion: 10.0.18362.418
6525a4.3670: FileVersion: 10.0.18362.418 (WinBuild.160101.0800)
6535a4.3670: FileDescription: Windows NT BASE API Client DLL
6545a4.3670: \SystemRoot\System32\apisetschema.dll:
6555a4.3670: CreationTime: 2019-03-19T04:43:54.837151500Z
6565a4.3670: LastWriteTime: 2019-03-19T04:43:54.837151500Z
6575a4.3670: ChangeTime: 2019-10-09T14:13:33.707335000Z
6585a4.3670: FileAttributes: 0x20
6595a4.3670: Size: 0x1d028
6605a4.3670: NT Headers: 0xc8
6615a4.3670: Timestamp: 0xd6ced080
6625a4.3670: Machine: 0x8664 - amd64
6635a4.3670: Timestamp: 0xd6ced080
6645a4.3670: Image Version: 10.0
6655a4.3670: SizeOfImage: 0x1e000 (122880)
6665a4.3670: Resource Dir: 0x1d000 LB 0x408
6675a4.3670: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
6685a4.3670: [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
6695a4.3670: ProductName: Microsoft® Windows® Operating System
6705a4.3670: ProductVersion: 10.0.18362.1
6715a4.3670: FileVersion: 10.0.18362.1 (WinBuild.160101.0800)
6725a4.3670: FileDescription: ApiSet Schema DLL
6735a4.3670: NtOpenDirectoryObject failed on \Driver: 0xc0000022
6745a4.3670: supR3HardenedWinFindAdversaries: 0x0
6755a4.3670: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
6765a4.3670: Calling main()
6775a4.3670: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
6785a4.3670: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
6795a4.3670: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
6805a4.3670: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
6815a4.3670: SUPR3HardenedMain: Final process, opening VBoxDrv...
6825a4.3670: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000a10000 LB 0x400000)
6835a4.3670: supR3HardNtEnableThreadCreationEx:
6845a4.3670: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
6855a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
6865a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6875a4.3670: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
6885a4.3670: supR3HardenedDllNotificationCallback: load 00007ffd83bf0000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
6895a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
6905a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
6915a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6925a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd83bf0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
6935a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
6945a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6955a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd83bf0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
6965a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd83bf0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
6975a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6985a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
6995a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
7005a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
7015a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wintrust.dll)
7025a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wintrust.dll
7035a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
7045a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
7055a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll)
7065a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
7075a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
7085a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
7095a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'msasn1.dll'.
7105a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\crypt32.dll)
7115a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\crypt32.dll
7125a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
7135a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
7145a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msasn1.dll)
7155a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msasn1.dll
7165a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
7175a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
7185a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcrt.dll)
7195a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
7205a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
7215a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
7225a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
7235a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
7245a4.3670: supR3HardenedDllNotificationCallback: load 00007ffd8cfb0000 LB 0x0009e000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0]
7255a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
7265a4.3670: supR3HardenedDllNotificationCallback: load 00007ffd8a4f0000 LB 0x00012000 C:\WINDOWS\System32\MSASN1.dll [fFlags=0x0]
7275a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
7285a4.3670: supR3HardenedDllNotificationCallback: load 00007ffd8b530000 LB 0x000fa000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0]
7295a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ucrtbase.dll)
7305a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ucrtbase.dll
7315a4.3670: supR3HardenedDllNotificationCallback: load 00007ffd8ada0000 LB 0x00149000 C:\WINDOWS\System32\CRYPT32.dll [fFlags=0x0]
7325a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
7335a4.3670: supR3HardenedDllNotificationCallback: load 00007ffd8c0e0000 LB 0x00120000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
7345a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
7355a4.3670: supR3HardenedDllNotificationCallback: load 00007ffd8ac90000 LB 0x0005c000 C:\WINDOWS\System32\Wintrust.dll [fFlags=0x0]
7365a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
7375a4.3670: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
7385a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
7395a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8b230000 'api-ms-win-core-synch-l1-2-0'
7405a4.3670: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
7415a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
7425a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8b230000 'api-ms-win-core-fibers-l1-1-1'
7435a4.3670: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
7445a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
7455a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8b230000 'api-ms-win-core-fibers-l1-1-1'
7465a4.3670: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
7475a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
7485a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8b230000 'api-ms-win-core-synch-l1-2-0'
7495a4.3670: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
7505a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
7515a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8b230000 'api-ms-win-core-localization-l1-2-1'
7525a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ac90000 'C:\WINDOWS\system32\Wintrust.dll'
7535a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcrypt.dll)
7545a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
7555a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
7565a4.3670: supR3HardenedDllNotificationCallback: load 00007ffd8acf0000 LB 0x00026000 C:\WINDOWS\System32\bcrypt.dll [fFlags=0x0]
7575a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
7585a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8acf0000 'C:\WINDOWS\system32\bcrypt.dll'
7595a4.3670: bcrypt.dll loaded at 00007ffd8acf0000, BCryptOpenAlgorithmProvider at 00007ffd8acf4c70, preloading providers:
7605a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll)
7615a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
7625a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7635a4.3670: supR3HardenedDllNotificationCallback: load 00007ffd8ad20000 LB 0x00080000 C:\WINDOWS\System32\bcryptprimitives.dll [fFlags=0x0]
7645a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
7655a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ad20000 'C:\WINDOWS\system32\bcryptprimitives.dll'
7665a4.3670: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=0000000000e1d4c0)
7675a4.3670: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=0000000000e1ea30)
7685a4.3670: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=0000000000e1ed30)
7695a4.3670: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000000000e1f030)
7705a4.3670: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000000e1f330)
7715a4.3670: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000000e1f630)
7725a4.3670: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000000e1f930)
7735a4.3670: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000000e1fc30)
7745a4.3670: supR3HardenedDllNotificationCallback: load 00007ffd8b0c0000 LB 0x00017000 C:\WINDOWS\System32\CRYPTSP.dll [fFlags=0x0]
7755a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptsp.dll)
7765a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptsp.dll
7775a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'bcrypt.dll'.
7785a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rsaenh.dll)
7795a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
7805a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
7815a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
7825a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
7835a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7845a4.3670: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7855a4.3670: supR3HardenedDllNotificationCallback: load 00007ffd897d0000 LB 0x00033000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
7865a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7875a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
7885a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
7895a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptbase.dll)
7905a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptbase.dll
7915a4.3670: supR3HardenedDllNotificationCallback: load 00007ffd89e30000 LB 0x0000c000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
7925a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
7935a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
7945a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
7955a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
7965a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
7975a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7985a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8d390000 'C:\WINDOWS\System32\kernel32.dll'
7995a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
8005a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8015a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ac90000 'C:\WINDOWS\System32\WINTRUST.DLL'
8025a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
8035a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
8045a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\CRYPT32.dll'
8055a4.3670: supR3HardenedDllNotificationCallback: load 00007ffd8d450000 LB 0x0001d000 C:\WINDOWS\System32\imagehlp.dll [fFlags=0x0]
8065a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'rpcrt4.dll'.
8075a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\imagehlp.dll)
8085a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imagehlp.dll
8095a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8105a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8115a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8125a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
8135a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8145a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
8155a4.3670: supR3HardenedDllNotificationCallback: load 00007ffd8b720000 LB 0x00097000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
8165a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
8175a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\sechost.dll)
8185a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sechost.dll
8195a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8205a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
8215a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gpapi.dll)
8225a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gpapi.dll
8235a4.3670: supR3HardenedDllNotificationCallback: load 00007ffd89070000 LB 0x00022000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0]
8245a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
8255a4.3670: supR3HardenedDllNotificationCallback: load 00007ffd8a480000 LB 0x0001f000 C:\WINDOWS\System32\profapi.dll [fFlags=0x0]
8265a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\profapi.dll)
8275a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\profapi.dll
8285a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8295a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
8305a4.3670: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\cryptnet.dll)
8315a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptnet.dll
8325a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
8335a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
8345a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
8355a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8365a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8375a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8385a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8395a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8405a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
8415a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8425a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8435a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8445a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8455a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8465a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
8475a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8485a4.3670: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8495a4.3670: supR3HardenedDllNotificationCallback: load 00007ffd74a60000 LB 0x0002f000 C:\WINDOWS\System32\cryptnet.dll [fFlags=0x0]
8505a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8515a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8525a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
8535a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd74a60000 'C:\WINDOWS\System32\cryptnet.dll'
8545a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8555a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
8565a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd74a60000 'C:\WINDOWS\System32\cryptnet.dll'
8575a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8585a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
8595a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd74a60000 'C:\WINDOWS\System32\cryptnet.dll'
8605a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8615a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
8625a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd74a60000 'C:\WINDOWS\System32\cryptnet.dll'
8635a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8645a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
8655a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd74a60000 'C:\WINDOWS\System32\cryptnet.dll'
8665a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8675a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
8685a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd74a60000 'C:\WINDOWS\System32\cryptnet.dll'
8695a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8705a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd74a60000 'C:\WINDOWS\System32\cryptnet.dll'
8715a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8725a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd74a60000 'C:\WINDOWS\System32\cryptnet.dll'
8735a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8745a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd74a60000 'C:\WINDOWS\System32\cryptnet.dll'
8755a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8765a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd74a60000 'C:\WINDOWS\System32\cryptnet.dll'
8775a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8785a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd74a60000 'C:\WINDOWS\System32\cryptnet.dll'
8795a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd74a60000 'C:\WINDOWS\System32\cryptnet.dll'
8805a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8815a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd74a60000 'C:\Windows\System32\cryptnet.dll'
8825a4.3670: supR3HardenedDllNotificationCallback: load 00007ffd8ca50000 LB 0x000a3000 C:\WINDOWS\System32\advapi32.dll [fFlags=0x0]
8835a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8845a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.
8855a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
8865a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\advapi32.dll)
8875a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\advapi32.dll
8885a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8895a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8905a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8915a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
8925a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
8935a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume3\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
8945a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\sechost.dll [lacks WinVerifyTrust]
8955a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8965a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8975a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8985a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8995a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
9005a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
9015a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9025a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
9035a4.3670: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
9045a4.3670: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000e39b80
9055a4.3670: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000e39b80
9065a4.3670: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E42142C43484BA84DDDB10D97303487D47E882DE
9075a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
9085a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9095a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8c0e0000 'C:\WINDOWS\System32\rpcrt4.dll'
9105a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9115a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9125a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
9135a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
9145a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9155a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
9165a4.3670: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.18362.418.cat'; file='\SystemRoot\System32\ntdll.dll'
9175a4.3670: g_pfnWinVerifyTrust=00007ffd8ac961f0
9185a4.3670: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
9195a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9205a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9215a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
9225a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
9235a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9245a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
9255a4.3670: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\crypt32.dll'
9265a4.3670: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
9275a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9285a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9295a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
9305a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
9315a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9325a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
9335a4.3670: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\wintrust.dll'
9345a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9355a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9365a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
9375a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
9385a4.3670: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\advapi32.dll'
9395a4.3670: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000394 pwszName=\Device\HarddiskVolume3\Windows\System32\cryptnet.dll
9405a4.3670: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000e39b80
9415a4.3670: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000e39b80
9425a4.3670: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=09032EBC3D9D9BDDC0EE4A6463C043296B79FF20
9435a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9445a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
9455a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
9465a4.3670: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.18362.418.cat'; file='\Device\HarddiskVolume3\Windows\System32\cryptnet.dll'
9475a4.3670: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
9485a4.3670: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptnet.dll'
9495a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9505a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
9515a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
9525a4.3670: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\profapi.dll'
9535a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9545a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
9555a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
9565a4.3670: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gpapi.dll'
9575a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9585a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
9595a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
9605a4.3670: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\sechost.dll'
9615a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9625a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
9635a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
9645a4.3670: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imagehlp.dll'
9655a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9665a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
9675a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
9685a4.3670: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptbase.dll'
9695a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9705a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
9715a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
9725a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9735a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
9745a4.3670: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rsaenh.dll'
9755a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
9765a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9775a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
9785a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
9795a4.3670: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptsp.dll'
9805a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
9815a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
9825a4.3670: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll'
9835a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
9845a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
9855a4.3670: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll'
9865a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
9875a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
9885a4.3670: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ucrtbase.dll'
9895a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
9905a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
9915a4.3670: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll'
9925a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
9935a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
9945a4.3670: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msasn1.dll'
9955a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
9965a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
9975a4.3670: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll'
9985a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
9995a4.3670: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
10005a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
10015a4.3670: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe'
10025a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
10035a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
10045a4.3670: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\KernelBase.dll'
10055a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
10065a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
10075a4.3670: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\kernel32.dll'
10085a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\system32\crypt32.dll'
10095a4.3670: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
10105a4.3670: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
10115a4.3670: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
10125a4.3670: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
10135a4.3670: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
10145a4.3670: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
10155a4.3670: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
10165a4.3670: supR3HardenedWinIsDesiredRootCA: Adding 0x795a119f4097f600 OU=generated by AVG Antivirus for SSL/TLS scanning, O=AVG Web/Mail Shield, CN=AVG Web/Mail Shield Root
10175a4.3670: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
10185a4.3670: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
10195a4.3670: supR3HardenedWinIsDesiredRootCA: Adding 0xf3bb4d7e894b420 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC TS Root Certificate Authority 2018
10205a4.3670: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
10215a4.3670: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
10225a4.3670: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018
10235a4.3670: supR3HardenedWinIsDesiredRootCA: Adding 0xca58a05dd401ae00 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Time Stamp Root Certificate Authority 2014
10245a4.3670: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
10255a4.3670: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
10265a4.3670: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
10275a4.3670: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
10285a4.3670: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
10295a4.3670: supR3HardenedWinIsDesiredRootCA: Adding 0xeae16ef49d40be00 C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
10305a4.3670: supR3HardenedWinIsDesiredRootCA: Adding 0xc6536f24d57ae723 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust ECC Certification Authority
10315a4.3670: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
10325a4.3670: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
10335a4.3670: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
10345a4.3670: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
10355a4.3670: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
10365a4.3670: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
10375a4.3670: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
10385a4.3670: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
10395a4.3670: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
10405a4.3670: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
10415a4.3670: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
10425a4.3670: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
10435a4.3670: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
10445a4.3670: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
10455a4.3670: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
10465a4.3670: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
10475a4.3670: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
10485a4.3670: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
10495a4.3670: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
10505a4.3670: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
10515a4.3670: supR3HardenedWinIsDesiredRootCA: Adding 0xb9ff821d139e9bf OU=GlobalSign ECC Root CA - R5, O=GlobalSign, CN=GlobalSign
10525a4.3670: supR3HardenedWinIsDesiredRootCA: Adding 0xdc1801b225aea100 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 G3
10535a4.3670: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
10545a4.3670: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
10555a4.3670: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
10565a4.3670: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=47
10575a4.3670: SUPR3HardenedMain: Load Runtime...
10585a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
10595a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
10605a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
10615a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
10625a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
10635a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
10645a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
10655a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
10665a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
10675a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
10685a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
10695a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
10705a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ws2_32.dll) WinVerifyTrust
10715a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
10725a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
10735a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
10745a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
10755a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
10765a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
10775a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
10785a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
10795a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
10805a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
10815a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
10825a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
10835a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
10845a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
10855a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
10865a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
10875a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
10885a4.3670: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10895a4.3670: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll)
10905a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
10915a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
10925a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
10935a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
10945a4.3670: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
10955a4.3670: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
10965a4.3670: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
10975a4.3670: supR3HardenedDllNotificationCallback: load 0000000072ae0000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
10985a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
10995a4.3670: supR3HardenedDllNotificationCallback: load 0000000071f60000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
11005a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
11015a4.3670: supR3HardenedDllNotificationCallback: load 00007ffd8cd70000 LB 0x0006f000 C:\WINDOWS\System32\WS2_32.dll [fFlags=0x0]
11025a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
11035a4.3670: supR3HardenedDllNotificationCallback: load 00007ffcf2220000 LB 0x005e0000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
11045a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
11055a4.3670: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11065a4.3670: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11075a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
11085a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11095a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf2220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11105a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
11115a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11125a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf2220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11135a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
11145a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11155a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf2220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11165a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
11175a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11185a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf2220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11195a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
11205a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11215a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf2220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11225a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
11235a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11245a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf2220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11255a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf2220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11265a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf2220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11275a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf2220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11285a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf2220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11295a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf2220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11305a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf2220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11315a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf2220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11325a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
11335a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11345a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf2220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11355a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf2220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11365a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf2220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11375a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf2220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11385a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf2220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11395a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf2220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11405a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf2220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11415a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf2220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11425a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf2220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11435a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf2220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11445a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf2220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11455a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf2220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11465a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf2220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11475a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf2220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11485a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf2220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11495a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf2220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11505a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
11515a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11525a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf2220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11535a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf2220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11545a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf2220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11555a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf2220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11565a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll
11575a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
11585a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ac90000 'C:\WINDOWS\system32\Wintrust.dll'
11595a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
11605a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
11615a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
11625a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11635a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
11645a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
11655a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\system32\crypt32.dll'
11665a4.3670: SUPR3HardenedMain: Load TrustedMain...
11675a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
11685a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
11695a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxglobal.dll'.
11705a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
11715a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcp100.dll'.
11725a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcr100.dll'.
11735a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5corevbox.dll'.
11745a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5guivbox.dll'.
11755a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5widgetsvbox.dll'.
11765a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
11775a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
11785a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'ole32.dll'.
11795a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'oleaut32.dll'.
11805a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'winmm.dll'.
11815a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll) WinVerifyTrust
11825a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
11835a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
11845a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
11855a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
11865a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
11875a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
11885a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
11895a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winmm.dll) WinVerifyTrust
11905a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winmm.dll
11915a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
11925a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
11935a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11945a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11955a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
11965a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
11975a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
11985a4.3670: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'.
11995a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12005a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winmmbase.dll)
12015a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winmmbase.dll
12025a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12035a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12045a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
12055a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
12065a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
12075a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12085a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
12095a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
12105a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
12115a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'.
12125a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\oleaut32.dll) WinVerifyTrust
12135a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
12145a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
12155a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
12165a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
12175a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
12185a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
12195a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
12205a4.3670: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
12215a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
12225a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #46 'bcryptprimitives.dll'.
12235a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\combase.dll)
12245a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\combase.dll
12255a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
12265a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
12275a4.3670: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
12285a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll)
12295a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
12305a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
12315a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
12325a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
12335a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
12345a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
12355a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
12365a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
12375a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
12385a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #56 'gdi32.dll'.
12395a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #57 'user32.dll'.
12405a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #58 'combase.dll'.
12415a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ole32.dll) WinVerifyTrust
12425a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ole32.dll
12435a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12445a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12455a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
12465a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
12475a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [lacks WinVerifyTrust]
12485a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12495a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12505a4.3670: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
12515a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
12525a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
12535a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\user32.dll)
12545a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\user32.dll
12555a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12565a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
12575a4.3670: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
12585a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'win32u.dll'.
12595a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32.dll)
12605a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32.dll
12615a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
12625a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
12635a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
12645a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
12655a4.3670: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
12665a4.3670: '\Device\HarddiskVolume3\Windows\System32\win32u.dll' has no imports
12675a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\win32u.dll)
12685a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\win32u.dll
12695a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12705a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
12715a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
12725a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
12735a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
12745a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
12755a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
12765a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
12775a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
12785a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
12795a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\user32.dll) WinVerifyTrust
12805a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
12815a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
12825a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12835a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
12845a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
12855a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
12865a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
12875a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
12885a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
12895a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
12905a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
12915a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
12925a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
12935a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
12945a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
12955a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
12965a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
12975a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
12985a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
12995a4.3670: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
13005a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
13015a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
13025a4.3670: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'.
13035a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
13045a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
13055a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
13065a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
13075a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
13085a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
13095a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
13105a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
13115a4.3670: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll)
13125a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
13135a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
13145a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
13155a4.3670: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'.
13165a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
13175a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
13185a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
13195a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
13205a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
13215a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
13225a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
13235a4.3670: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll)
13245a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
13255a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
13265a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
13275a4.3670: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
13285a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
13295a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
13305a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
13315a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
13325a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
13335a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
13345a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
13355a4.3670: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll)
13365a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
13375a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
13385a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
13395a4.3670: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
13405a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
13415a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
13425a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
13435a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
13445a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
13455a4.3670: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
13465a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #77 'user32.dll'.
13475a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #79 'gdi32.dll'.
13485a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shell32.dll)
13495a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shell32.dll
13505a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
13515a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
13525a4.3670: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
13535a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
13545a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
13555a4.3670: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
13565a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13575a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13585a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
13595a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13605a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13615a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
13625a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
13635a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
13645a4.3670: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
13655a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
13665a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
13675a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
13685a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
13695a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
13705a4.3670: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
13715a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13725a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13735a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
13745a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13755a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13765a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
13775a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
13785a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
13795a4.3670: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\opengl32.dll'.
13805a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
13815a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
13825a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
13835a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
13845a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'glu32.dll'.
13855a4.3670: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\opengl32.dll)
13865a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\opengl32.dll
13875a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
13885a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
13895a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
13905a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
13915a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
13925a4.3670: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
13935a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
13945a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
13955a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
13965a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
13975a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
13985a4.3670: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
13995a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\mpr.dll)
14005a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\mpr.dll
14015a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
14025a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
14035a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
14045a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
14055a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
14065a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
14075a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
14085a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
14095a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
14105a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
14115a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
14125a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [lacks WinVerifyTrust]
14135a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14145a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14155a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
14165a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
14175a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
14185a4.3670: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
14195a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14205a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
14215a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'opengl32.dll'.
14225a4.3670: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\glu32.dll)
14235a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\glu32.dll
14245a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
14255a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
14265a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
14275a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14285a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14295a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
14305a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
14315a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
14325a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
14335a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
14345a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
14355a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
14365a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
14375a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
14385a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
14395a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14405a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14415a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
14425a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
14435a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
14445a4.3670: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
14455a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14465a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14475a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
14485a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
14495a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
14505a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
14515a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
14525a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
14535a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
14545a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
14555a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
14565a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
14575a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
14585a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
14595a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust
14605a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
14615a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
14625a4.3670: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust]
14635a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
14645a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
14655a4.3670: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
14665a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
14675a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
14685a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
14695a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
14705a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
14715a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [lacks WinVerifyTrust]
14725a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
14735a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
14745a4.3670: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
14755a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
14765a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
14775a4.3670: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
14785a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14795a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14805a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
14815a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
14825a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
14835a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
14845a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
14855a4.3670: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'
14865a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
14875a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
14885a4.3670: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust]
14895a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
14905a4.3670: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'
14915a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
14925a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
14935a4.3670: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [redoing WinVerifyTrust]
14945a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
14955a4.3670: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'
14965a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
14975a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
14985a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
14995a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
15005a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
15015a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxglobal.dll'...
15025a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxglobal.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxglobal.dll' [rcNtRedir=0xc0150008]
15035a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
15045a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
15055a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcr100.dll'.
15065a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
15075a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
15085a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5widgetsvbox.dll'.
15095a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
15105a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
15115a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'.
15125a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
15135a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
15145a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGlobal.dll) WinVerifyTrust
15155a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGlobal.dll
15165a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
15175a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
15185a4.3670: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
15195a4.3670: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004a8 pwszName=\Device\HarddiskVolume3\Windows\System32\opengl32.dll
15205a4.3670: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000e39b80
15215a4.3670: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000e39b80
15225a4.3670: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0837440FAE05EB650168FFA2D15E73182F6A3A26
15235a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
15245a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
15255a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
15265a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
15275a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
15285a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
15295a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
15305a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
15315a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
15325a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
15335a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
15345a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15355a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15365a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
15375a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
15385a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
15395a4.3670: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust]
15405a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
15415a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
15425a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
15435a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
15445a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
15455a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
15465a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
15475a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
15485a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
15495a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
15505a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
15515a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
15525a4.3670: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0212~31bf3856ad364e35~amd64~~10.0.18362.387.cat'; file='\Device\HarddiskVolume3\Windows\System32\opengl32.dll'
15535a4.3670: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15545a4.3670: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\opengl32.dll'
15555a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
15565a4.3670: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
15575a4.3670: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
15585a4.3670: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGlobal.dll
15595a4.3670: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
15605a4.3670: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
15615a4.3670: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [avoiding WinVerifyTrust]
15625a4.3670: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
15635a4.3670: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
15645a4.3670: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
15655a4.3670: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
15665a4.3670: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
15675a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
15685a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'win32u.dll'.
15695a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\DXCore.dll)
15705a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\DXCore.dll
15715a4.3670: supR3HardenedDllNotificationCallback: load 00007ffd8aef0000 LB 0x00021000 C:\WINDOWS\System32\win32u.dll [fFlags=0x0]
15725a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [avoiding WinVerifyTrust]
15735a4.3670: supR3HardenedDllNotificationCallback: load 00007ffd8b0e0000 LB 0x0009e000 C:\WINDOWS\System32\msvcp_win.dll [fFlags=0x0]
15745a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [avoiding WinVerifyTrust]
15755a4.3670: supR3HardenedDllNotificationCallback: load 00007ffd8af20000 LB 0x00194000 C:\WINDOWS\System32\gdi32full.dll [fFlags=0x0]
15765a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
15775a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
15785a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'user32.dll'.
15795a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'win32u.dll'.
15805a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32full.dll)
15815a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32full.dll
15825a4.3670: supR3HardenedDllNotificationCallback: load 00007ffd8ce40000 LB 0x00026000 C:\WINDOWS\System32\GDI32.dll [fFlags=0x0]
15835a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [avoiding WinVerifyTrust]
15845a4.3670: supR3HardenedDllNotificationCallback: load 00007ffd8b7c0000 LB 0x00194000 C:\WINDOWS\System32\USER32.dll [fFlags=0x0]
15855a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [avoiding WinVerifyTrust]
15865a4.3670: supR3HardenedDllNotificationCallback: load 00007ffd8d050000 LB 0x00336000 C:\WINDOWS\System32\combase.dll [fFlags=0x0]
15875a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [avoiding WinVerifyTrust]
15885a4.3670: supR3HardenedDllNotificationCallback: load 00007ffd8b4e0000 LB 0x0004a000 C:\WINDOWS\System32\cfgmgr32.dll [fFlags=0x0]
15895a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll)
15905a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
15915a4.3670: supR3HardenedDllNotificationCallback: load 00007ffd890c0000 LB 0x00020000 C:\WINDOWS\SYSTEM32\dxcore.dll [fFlags=0x0]
15925a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DXCore.dll [avoiding WinVerifyTrust]
15935a4.3670: supR3HardenedDllNotificationCallback: load 00007ffd610b0000 LB 0x0002c000 C:\WINDOWS\SYSTEM32\GLU32.dll [fFlags=0x0]
15945a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
15955a4.3670: supR3HardenedDllNotificationCallback: load 00007ffd47790000 LB 0x00156000 C:\WINDOWS\SYSTEM32\OPENGL32.dll [fFlags=0x0]
15965a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
15975a4.3670: supR3HardenedDllNotificationCallback: load 00007ffd8cb80000 LB 0x000a9000 C:\WINDOWS\System32\shcore.dll [fFlags=0x0]
15985a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
15995a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'rpcrt4.dll'.
16005a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'combase.dll'.
16015a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\SHCore.dll)
16025a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\SHCore.dll
16035a4.3670: supR3HardenedDllNotificationCallback: load 00007ffd8a450000 LB 0x00010000 C:\WINDOWS\System32\UMPDC.dll [fFlags=0x0]
16045a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\umpdc.dll)
16055a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\umpdc.dll
16065a4.3670: supR3HardenedDllNotificationCallback: load 00007ffd8a4a0000 LB 0x0004a000 C:\WINDOWS\System32\powrprof.dll [fFlags=0x0]
16075a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
16085a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'umpdc.dll'.
16095a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\powrprof.dll)
16105a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\powrprof.dll
16115a4.3670: supR3HardenedDllNotificationCallback: load 00007ffd8b960000 LB 0x00052000 C:\WINDOWS\System32\shlwapi.dll [fFlags=0x0]
16125a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
16135a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'gdi32.dll'.
16145a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'user32.dll'.
16155a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shlwapi.dll)
16165a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
16175a4.3670: supR3HardenedDllNotificationCallback: load 00007ffd8a460000 LB 0x00011000 C:\WINDOWS\System32\kernel.appcore.dll [fFlags=0x0]
16185a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'.
16195a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
16205a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll)
16215a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll
16225a4.3670: supR3HardenedDllNotificationCallback: load 00007ffd8a510000 LB 0x0077f000 C:\WINDOWS\System32\windows.storage.dll [fFlags=0x0]
16235a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'combase.dll'.
16245a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'msvcp_win.dll'.
16255a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'rpcrt4.dll'.
16265a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #56 'profapi.dll'.
16275a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\windows.storage.dll)
16285a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\windows.storage.dll
16295a4.3670: supR3HardenedDllNotificationCallback: load 00007ffd8c360000 LB 0x006e5000 C:\WINDOWS\System32\SHELL32.dll [fFlags=0x0]
16305a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [avoiding WinVerifyTrust]
16315a4.3670: supR3HardenedDllNotificationCallback: load 00007ffd8c200000 LB 0x00156000 C:\WINDOWS\System32\ole32.dll [fFlags=0x0]
16325a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
16335a4.3670: supR3HardenedDllNotificationCallback: load 00007ffd7e4e0000 LB 0x0001b000 C:\WINDOWS\SYSTEM32\MPR.dll [fFlags=0x0]
16345a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
16355a4.3670: supR3HardenedDllNotificationCallback: load 0000000072570000 LB 0x00565000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
16365a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
16375a4.3670: supR3HardenedDllNotificationCallback: load 00007ffcf1c20000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
16385a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
16395a4.3670: supR3HardenedDllNotificationCallback: load 0000000072000000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
16405a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [avoiding WinVerifyTrust]
16415a4.3670: supR3HardenedDllNotificationCallback: load 00007ffd8ce70000 LB 0x000c4000 C:\WINDOWS\System32\OLEAUT32.dll [fFlags=0x0]
16425a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
16435a4.3670: supR3HardenedDllNotificationCallback: load 00007ffd32f40000 LB 0x02387000 C:\Program Files\Oracle\VirtualBox\VBoxGlobal.dll [fFlags=0x0]
16445a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGlobal.dll
16455a4.3670: supR3HardenedDllNotificationCallback: load 0000000071f00000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
16465a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
16475a4.3670: supR3HardenedDllNotificationCallback: load 00007ffd87810000 LB 0x0002d000 C:\WINDOWS\SYSTEM32\WINMMBASE.dll [fFlags=0x0]
16485a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
16495a4.3670: supR3HardenedDllNotificationCallback: load 00007ffd87840000 LB 0x00024000 C:\WINDOWS\SYSTEM32\WINMM.dll [fFlags=0x0]
16505a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
16515a4.3670: supR3HardenedDllNotificationCallback: load 00007ffd47540000 LB 0x00188000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll [fFlags=0x0]
16525a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
16535a4.3670: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'.
16545a4.3670: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' [rescheduled]
16555a4.3670: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'.
16565a4.3670: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll' [rescheduled]
16575a4.3670: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'.
16585a4.3670: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rescheduled]
16595a4.3670: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'.
16605a4.3670: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled]
16615a4.3670: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'.
16625a4.3670: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\umpdc.dll' [rescheduled]
16635a4.3670: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'.
16645a4.3670: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' [rescheduled]
16655a4.3670: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'.
16665a4.3670: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rescheduled]
16675a4.3670: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
16685a4.3670: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
16695a4.3670: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\DXCore.dll'.
16705a4.3670: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\DXCore.dll' [rescheduled]
16715a4.3670: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
16725a4.3670: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
16735a4.3670: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
16745a4.3670: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
16755a4.3670: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
16765a4.3670: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
16775a4.3670: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
16785a4.3670: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
16795a4.3670: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
16805a4.3670: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
16815a4.3670: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
16825a4.3670: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
16835a4.3670: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
16845a4.3670: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
16855a4.3670: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
16865a4.3670: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
16875a4.3670: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
16885a4.3670: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
16895a4.3670: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'.
16905a4.3670: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled]
16915a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
16925a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
16935a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
16945a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\profapi.dll
16955a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
16965a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
16975a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
16985a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
16995a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
17005a4.3670: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
17015a4.3670: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
17025a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
17035a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
17045a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [redoing WinVerifyTrust]
17055a4.3670: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
17065a4.3670: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\combase.dll
17075a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
17085a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
17095a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17105a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17115a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17125a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17135a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [redoing WinVerifyTrust]
17145a4.3670: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
17155a4.3670: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\user32.dll
17165a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17175a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17185a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
17195a4.3670: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
17205a4.3670: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\gdi32.dll
17215a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17225a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17235a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'umpdc.dll'...
17245a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'umpdc.dll' -> '\Device\HarddiskVolume3\Windows\System32\umpdc.dll' [rcNtRedir=0xc0150008]
17255a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\umpdc.dll [redoing WinVerifyTrust]
17265a4.3670: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'.
17275a4.3670: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\umpdc.dll
17285a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
17295a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
17305a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
17315a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
17325a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [redoing WinVerifyTrust]
17335a4.3670: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
17345a4.3670: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\combase.dll
17355a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
17365a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
17375a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
17385a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17395a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17405a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
17415a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
17425a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [redoing WinVerifyTrust]
17435a4.3670: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
17445a4.3670: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\win32u.dll
17455a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17465a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17475a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [redoing WinVerifyTrust]
17485a4.3670: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
17495a4.3670: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\user32.dll
17505a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17515a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17525a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
17535a4.3670: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
17545a4.3670: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\gdi32.dll
17555a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
17565a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
17575a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
17585a4.3670: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
17595a4.3670: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
17605a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
17615a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
17625a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [redoing WinVerifyTrust]
17635a4.3670: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
17645a4.3670: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\win32u.dll
17655a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
17665a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
17675a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
17685a4.3670: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
17695a4.3670: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
17705a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
17715a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8d390000 'C:\WINDOWS\System32\kernel32.dll'
17725a4.3670: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
17735a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
17745a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8b230000 'api-ms-win-core-string-l1-1-0'
17755a4.3670: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
17765a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
17775a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8b230000 'api-ms-win-core-datetime-l1-1-1'
17785a4.3670: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
17795a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
17805a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8b230000 'api-ms-win-core-localization-obsolete-l1-2-0'
17815a4.3670: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
17825a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
17835a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'win32u.dll'.
17845a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\imm32.dll)
17855a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imm32.dll
17865a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
17875a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
17885a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [redoing WinVerifyTrust]
17895a4.3670: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
17905a4.3670: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\win32u.dll
17915a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17925a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17935a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [redoing WinVerifyTrust]
17945a4.3670: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
17955a4.3670: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\user32.dll
17965a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
17975a4.3670: supR3HardenedDllNotificationCallback: load 00007ffd8bb90000 LB 0x0002e000 C:\WINDOWS\System32\IMM32.DLL [fFlags=0x0]
17985a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
17995a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8bb90000 'C:\WINDOWS\system32\IMM32.DLL'
18005a4.3670: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
18015a4.3670: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rescheduled]
18025a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
18035a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18045a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ca50000 'C:\WINDOWS\System32\ADVAPI32.DLL'
18055a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd47540000 'C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll'
18065a4.3670: SUPR3HardenedMain: Calling TrustedMain (00007ffd475416c0)...
18075a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
18085a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
18095a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
18105a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
18115a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
18125a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
18135a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
18145a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
18155a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
18165a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
18175a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
18185a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
18195a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
18205a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
18215a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
18225a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
18235a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
18245a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
18255a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
18265a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
18275a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
18285a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
18295a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
18305a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
18315a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
18325a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
18335a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
18345a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [redoing WinVerifyTrust]
18355a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
18365a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
18375a4.3670: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll'
18385a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
18395a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
18405a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
18415a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
18425a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
18435a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
18445a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
18455a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
18465a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [redoing WinVerifyTrust]
18475a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
18485a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
18495a4.3670: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll'
18505a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18515a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18525a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [redoing WinVerifyTrust]
18535a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
18545a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
18555a4.3670: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\user32.dll'
18565a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
18575a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
18585a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
18595a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18605a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18615a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
18625a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
18635a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
18645a4.3670: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'
18655a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18665a4.3670: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
18675a4.3670: supR3HardenedDllNotificationCallback: load 00007ffd52030000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
18685a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
18695a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd52030000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
18705a4.3670: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000065c pwszName=\Device\HarddiskVolume3\Windows\System32\uxtheme.dll
18715a4.3670: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000e39b80
18725a4.3670: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000e39b80
18735a4.3670: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=82B037C728F1D3B9BD48A82BCF042A2CC5FF9800
18745a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
18755a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
18765a4.3670: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0415~31bf3856ad364e35~amd64~~10.0.18362.388.cat'; file='\Device\HarddiskVolume3\Windows\System32\uxtheme.dll'
18775a4.3670: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18785a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18795a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
18805a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'user32.dll'.
18815a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\uxtheme.dll) WinVerifyTrust
18825a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
18835a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18845a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18855a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18865a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18875a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18885a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18895a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
18905a4.3670: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
18915a4.3670: supR3HardenedDllNotificationCallback: load 00007ffd88100000 LB 0x00099000 C:\WINDOWS\system32\uxtheme.dll [fFlags=0x0]
18925a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
18935a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd88100000 'C:\WINDOWS\system32\uxtheme.dll'
18945a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8b7c0000 'C:\WINDOWS\system32\user32.dll'
18955a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
18965a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18975a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8c360000 'C:\WINDOWS\system32\shell32.dll'
18985a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll [redoing WinVerifyTrust]
18995a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
19005a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
19015a4.3670: supR3HardenedScreenImage/LdrLoadDll: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'
19025a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\SHCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
19035a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8cb80000 'C:\WINDOWS\system32\SHCore.dll'
19045a4.3670: \Device\HarddiskVolume3\Windows\System32\wintab32.dll: Owner is administrators group.
19055a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
19065a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'hid.dll'.
19075a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'wtsapi32.dll'.
19085a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'setupapi.dll'.
19095a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'mpr.dll'.
19105a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
19115a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
19125a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'shell32.dll'.
19135a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'.
19145a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
19155a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wintab32.dll) WinVerifyTrust
19165a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wintab32.dll
19175a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
19185a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
19195a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
19205a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
19215a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
19225a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
19235a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
19245a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
19255a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
19265a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
19275a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
19285a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
19295a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19305a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19315a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
19325a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
19335a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
19345a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mpr.dll [redoing WinVerifyTrust]
19355a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
19365a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
19375a4.3670: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll'
19385a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
19395a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
19405a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
19415a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
19425a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19435a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'rpcrt4.dll'.
19445a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'cfgmgr32.dll'.
19455a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #41 'bcrypt.dll'.
19465a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\setupapi.dll) WinVerifyTrust
19475a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\setupapi.dll
19485a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wtsapi32.dll'...
19495a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'wtsapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\wtsapi32.dll' [rcNtRedir=0xc0150008]
19505a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
19515a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
19525a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
19535a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
19545a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
19555a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust]
19565a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
19575a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
19585a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19595a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19605a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
19615a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
19625a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19635a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wtsapi32.dll) WinVerifyTrust
19645a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wtsapi32.dll
19655a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hid.dll'...
19665a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'hid.dll' -> '\Device\HarddiskVolume3\Windows\System32\hid.dll' [rcNtRedir=0xc0150008]
19675a4.3670: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000006c8 pwszName=\Device\HarddiskVolume3\Windows\System32\hid.dll
19685a4.3670: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000e39b80
19695a4.3670: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000e39b80
19705a4.3670: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3ACFC39BB848DB5E331DF6A8CA69E5111A67A4BE
19715a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19725a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19735a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
19745a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
19755a4.3670: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04110~31bf3856ad364e35~amd64~~10.0.18362.388.cat'; file='\Device\HarddiskVolume3\Windows\System32\hid.dll'
19765a4.3670: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19775a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19785a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\hid.dll) WinVerifyTrust
19795a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\hid.dll
19805a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19815a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19825a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
19835a4.3670: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintab32.dll
19845a4.3670: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\hid.dll
19855a4.3670: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wtsapi32.dll
19865a4.3670: supR3HardenedDllNotificationCallback: load 00007ffd89020000 LB 0x0000e000 C:\WINDOWS\SYSTEM32\HID.DLL [fFlags=0x0]
19875a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\hid.dll
19885a4.3670: supR3HardenedDllNotificationCallback: load 00007ffd881d0000 LB 0x00013000 C:\WINDOWS\SYSTEM32\WTSAPI32.dll [fFlags=0x0]
19895a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wtsapi32.dll
19905a4.3670: supR3HardenedDllNotificationCallback: load 00007ffd8bc70000 LB 0x00470000 C:\WINDOWS\System32\SETUPAPI.dll [fFlags=0x0]
19915a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
19925a4.3670: supR3HardenedDllNotificationCallback: load 00007ffd4e360000 LB 0x0020f000 C:\WINDOWS\system32\wintab32.dll [fFlags=0x0]
19935a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintab32.dll
19945a4.3670: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
19955a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
19965a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8b230000 'api-ms-win-core-synch-l1-2-0'
19975a4.3670: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
19985a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
19995a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8b230000 'api-ms-win-core-fibers-l1-1-1'
20005a4.3670: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
20015a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
20025a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8b230000 'api-ms-win-core-synch-l1-2-0'
20035a4.3670: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
20045a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
20055a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8b230000 'api-ms-win-core-fibers-l1-1-1'
20065a4.3670: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
20075a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
20085a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8b230000 'api-ms-win-core-localization-l1-2-1'
20095a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd4e360000 'C:\WINDOWS\system32\wintab32.dll'
20105a4.3670: Error (rc=0):
20115a4.3670: supR3HardenedMonitor_LdrLoadDll: relative name not permitted: .\Wacom_Tablet.dll
20125a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000033
20135a4.3670: Error (rc=0):
20145a4.3670: supR3HardenedMonitor_LdrLoadDll: relative name not permitted: .\Pen_Tablet.dll
20155a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000033
20165a4.3670: Error (rc=0):
20175a4.3670: supR3HardenedMonitor_LdrLoadDll: relative name not permitted: .\ISD_Tablet.dll
20185a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000033
20195a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8b7c0000 'C:\WINDOWS\system32\user32.dll'
20205a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
20215a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20225a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd87840000 'C:\WINDOWS\system32\winmm.dll'
20235a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
20245a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20255a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd87840000 'C:\WINDOWS\system32\winmm.dll'
20265a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
20275a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20285a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8c360000 'C:\WINDOWS\system32\shell32.dll'
20295a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
20305a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20315a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd88100000 'C:\WINDOWS\system32\uxtheme.dll'
20325a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
20335a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20345a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ca50000 'C:\WINDOWS\system32\advapi32.dll'
20355a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
20365a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
20375a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
20385a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'profapi.dll'.
20395a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\userenv.dll) WinVerifyTrust
20405a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\userenv.dll
20415a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
20425a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
20435a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\profapi.dll
20445a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
20455a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
20465a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20475a4.3670: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll
20485a4.3670: supR3HardenedDllNotificationCallback: load 00007ffd8a370000 LB 0x00025000 C:\WINDOWS\system32\userenv.dll [fFlags=0x0]
20495a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll
20505a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8a370000 'C:\WINDOWS\system32\userenv.dll'
20515a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
20525a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20535a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8d390000 'C:\WINDOWS\System32\kernel32.dll'
20545a4.3670: supR3HardenedDllNotificationCallback: load 00007ffd8bbc0000 LB 0x000a2000 C:\WINDOWS\System32\clbcatq.dll [fFlags=0x0]
20555a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20565a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
20575a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\clbcatq.dll)
20585a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\clbcatq.dll
20595a4.2508: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
20605a4.2508: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
20615a4.2508: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20625a4.2508: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20635a4.2508: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
20645a4.2508: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
20655a4.2508: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
20665a4.2508: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\clbcatq.dll'
20675a4.2508: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
20685a4.2508: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
20695a4.2508: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
20705a4.2508: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
20715a4.2508: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
20725a4.2508: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
20735a4.2508: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
20745a4.2508: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
20755a4.2508: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
20765a4.2508: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
20775a4.2508: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
20785a4.2508: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
20795a4.2508: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
20805a4.2508: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
20815a4.2508: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
20825a4.2508: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
20835a4.2508: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
20845a4.2508: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
20855a4.2508: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
20865a4.2508: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
20875a4.2508: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
20885a4.2508: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
20895a4.2508: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
20905a4.2508: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
20915a4.2508: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
20925a4.2508: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
20935a4.2508: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
20945a4.2508: supR3HardenedDllNotificationCallback: load 00007ffd32b90000 LB 0x003a4000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
20955a4.2508: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
20965a4.2508: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd32b90000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
20975a4.2508: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
20985a4.2508: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
20995a4.2508: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
21005a4.2508: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
21015a4.2508: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
21025a4.2508: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
21035a4.2508: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
21045a4.2508: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
21055a4.2508: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
21065a4.2508: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
21075a4.2508: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
21085a4.2508: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
21095a4.2508: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
21105a4.2508: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
21115a4.2508: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
21125a4.2508: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
21135a4.2508: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
21145a4.2508: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
21155a4.2508: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
21165a4.2508: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
21175a4.2508: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll [redoing WinVerifyTrust]
21185a4.2508: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
21195a4.2508: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
21205a4.2508: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'
21215a4.2508: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
21225a4.2508: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
21235a4.2508: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
21245a4.2508: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
21255a4.2508: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
21265a4.2508: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
21275a4.2508: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
21285a4.2508: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
21295a4.2508: supR3HardenedDllNotificationCallback: load 00007ffd51c50000 LB 0x000d5000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
21305a4.2508: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
21315a4.2508: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd51c50000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
21325a4.2508: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
21335a4.2508: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
21345a4.2508: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ce70000 'C:\Windows\System32\oleaut32.dll'
21355a4.3670: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003ec pwszName=\Device\HarddiskVolume3\Windows\System32\DWrite.dll
21365a4.3670: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000e39b80
21375a4.3670: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000e39b80
21385a4.3670: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AA4A1E6DEBD9F7AD6E847C8A45F1AFCF349A485F
21395a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
21405a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
21415a4.3670: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0417~31bf3856ad364e35~amd64~~10.0.18362.356.cat'; file='\Device\HarddiskVolume3\Windows\System32\DWrite.dll'
21425a4.3670: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21435a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21445a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
21455a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\DWrite.dll) WinVerifyTrust
21465a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\DWrite.dll
21475a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
21485a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
21495a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21505a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21515a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dwrite.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21525a4.3670: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DWrite.dll
21535a4.3670: supR3HardenedDllNotificationCallback: load 00007ffd77eb0000 LB 0x002fe000 C:\WINDOWS\system32\dwrite.dll [fFlags=0x0]
21545a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DWrite.dll
21555a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd77eb0000 'C:\WINDOWS\system32\dwrite.dll'
21565a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
21575a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21585a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8c360000 'C:\WINDOWS\system32\shell32.dll'
21595a4.3670: supR3HardenedDllNotificationCallback: load 00007ffd8cc30000 LB 0x00136000 C:\WINDOWS\System32\MSCTF.dll [fFlags=0x0]
21605a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21615a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'oleaut32.dll'.
21625a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'user32.dll'.
21635a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'gdi32.dll'.
21645a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'imm32.dll'.
21655a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #41 'advapi32.dll'.
21665a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msctf.dll)
21675a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msctf.dll
21685a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
21695a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
21705a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
21715a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
21725a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll
21735a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
21745a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
21755a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
21765a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
21775a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
21785a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
21795a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
21805a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21815a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21825a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
21835a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
21845a4.3670: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msctf.dll'
21855a4.3670: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a08 pwszName=\Device\HarddiskVolume3\Windows\System32\DataExchange.dll
21865a4.3670: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000e39b80
21875a4.3670: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000e39b80
21885a4.3670: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3632E0380EF7C400BBC7C4B0B9ED8D9F9860503B
21895a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
21905a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21915a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
21925a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
21935a4.3670: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0410~31bf3856ad364e35~amd64~~10.0.18362.356.cat'; file='\Device\HarddiskVolume3\Windows\System32\DataExchange.dll'
21945a4.3670: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21955a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21965a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shcore.dll'.
21975a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'combase.dll'.
21985a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'd3d11.dll'.
21995a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'dcomp.dll'.
22005a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\DataExchange.dll) WinVerifyTrust
22015a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\DataExchange.dll
22025a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'...
22035a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume3\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008]
22045a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
22055a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
22065a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
22075a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp_win.dll'.
22085a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dcomp.dll) WinVerifyTrust
22095a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dcomp.dll
22105a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
22115a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume3\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
22125a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
22135a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
22145a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust]
22155a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
22165a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
22175a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
22185a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
22195a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
22205a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22215a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'dxgi.dll'.
22225a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'win32u.dll'.
22235a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\d3d11.dll) WinVerifyTrust
22245a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\d3d11.dll
22255a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
22265a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
22275a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [redoing WinVerifyTrust]
22285a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
22295a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
22305a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
22315a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
22325a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume3\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
22335a4.3670: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\dxgi.dll'.
22345a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22355a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'win32u.dll'.
22365a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dxgi.dll)
22375a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dxgi.dll
22385a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22395a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22405a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
22415a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
22425a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
22435a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22445a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22455a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
22465a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
22475a4.3670: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\combase.dll'
22485a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
22495a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume3\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
22505a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll
22515a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22525a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22535a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
22545a4.3670: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DataExchange.dll
22555a4.3670: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d11.dll
22565a4.3670: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dcomp.dll
22575a4.3670: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
22585a4.3670: supR3HardenedDllNotificationCallback: load 00007ffd89150000 LB 0x000eb000 C:\WINDOWS\system32\dxgi.dll [fFlags=0x0]
22595a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
22605a4.3670: supR3HardenedDllNotificationCallback: load 00007ffd873a0000 LB 0x0025b000 C:\WINDOWS\system32\d3d11.dll [fFlags=0x0]
22615a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d11.dll
22625a4.3670: supR3HardenedDllNotificationCallback: load 00007ffd87630000 LB 0x001db000 C:\WINDOWS\system32\dcomp.dll [fFlags=0x0]
22635a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dcomp.dll
22645a4.3670: supR3HardenedDllNotificationCallback: load 00007ffd78a30000 LB 0x0003a000 C:\WINDOWS\system32\dataexchange.dll [fFlags=0x0]
22655a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DataExchange.dll
22665a4.3670: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\dxgi.dll'.
22675a4.3670: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\dxgi.dll' [rescheduled]
22685a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ce40000 'C:\WINDOWS\System32\gdi32.dll'
22695a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd78a30000 'C:\WINDOWS\system32\dataexchange.dll'
22705a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rmclient.dll'.
22715a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'rpcrt4.dll'.
22725a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #47 'combase.dll'.
22735a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #50 'msvcp_win.dll'.
22745a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll)
22755a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll
22765a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22775a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
22785a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rmclient.dll)
22795a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rmclient.dll
22805a4.3670: supR3HardenedDllNotificationCallback: load 00007ffd88870000 LB 0x00029000 C:\WINDOWS\system32\RMCLIENT.dll [fFlags=0x0]
22815a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rmclient.dll [avoiding WinVerifyTrust]
22825a4.3670: supR3HardenedDllNotificationCallback: load 00007ffd88440000 LB 0x0025a000 C:\WINDOWS\system32\twinapi.appcore.dll [fFlags=0x0]
22835a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust]
22845a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
22855a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
22865a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22875a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22885a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
22895a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
22905a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust]
22915a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
22925a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
22935a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll
22945a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
22955a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
22965a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rmclient.dll'...
22975a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'rmclient.dll' -> '\Device\HarddiskVolume3\Windows\System32\rmclient.dll' [rcNtRedir=0xc0150008]
22985a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rmclient.dll [lacks WinVerifyTrust]
22995a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
23005a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
23015a4.3670: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rmclient.dll'
23025a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
23035a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
23045a4.3670: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll'
23055a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll
23065a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Shcore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23075a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8cb80000 'C:\WINDOWS\system32\Shcore.dll'
23085a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23095a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'rpcrt4.dll'.
23105a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'coreuicomponents.dll'.
23115a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'coremessaging.dll'.
23125a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll)
23135a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll
23145a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23155a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'coremessaging.dll'.
23165a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #47 'shcore.dll'.
23175a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll)
23185a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll
23195a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23205a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll)
23215a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll
23225a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntmarta.dll)
23235a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntmarta.dll
23245a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'combase.dll'.
23255a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'.
23265a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'bcryptprimitives.dll'.
23275a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\WinTypes.dll)
23285a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\WinTypes.dll
23295a4.3670: supR3HardenedDllNotificationCallback: load 00007ffd894b0000 LB 0x00031000 C:\WINDOWS\SYSTEM32\ntmarta.dll [fFlags=0x0]
23305a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntmarta.dll [avoiding WinVerifyTrust]
23315a4.3670: supR3HardenedDllNotificationCallback: load 00007ffd87870000 LB 0x000d4000 C:\WINDOWS\System32\CoreMessaging.dll [fFlags=0x0]
23325a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [avoiding WinVerifyTrust]
23335a4.3670: supR3HardenedDllNotificationCallback: load 00007ffd85690000 LB 0x00153000 C:\WINDOWS\SYSTEM32\wintypes.dll [fFlags=0x0]
23345a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust]
23355a4.3670: supR3HardenedDllNotificationCallback: load 00007ffd85c70000 LB 0x0032a000 C:\WINDOWS\System32\CoreUIComponents.dll [fFlags=0x0]
23365a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll [avoiding WinVerifyTrust]
23375a4.3670: supR3HardenedDllNotificationCallback: load 00007ffd7c8c0000 LB 0x0009e000 C:\WINDOWS\System32\TextInputFramework.dll [fFlags=0x0]
23385a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll [avoiding WinVerifyTrust]
23395a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
23405a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
23415a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
23425a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
23435a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
23445a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
23455a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
23465a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll
23475a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23485a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23495a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
23505a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume3\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
23515a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll
23525a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
23535a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume3\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
23545a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
23555a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23565a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23575a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
23585a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume3\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
23595a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
23605a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coreuicomponents.dll'...
23615a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'coreuicomponents.dll' -> '\Device\HarddiskVolume3\Windows\System32\coreuicomponents.dll' [rcNtRedir=0xc0150008]
23625a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll [lacks WinVerifyTrust]
23635a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
23645a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
23655a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23665a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23675a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
23685a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
23695a4.3670: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\WinTypes.dll'
23705a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
23715a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
23725a4.3670: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ntmarta.dll'
23735a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
23745a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
23755a4.3670: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll'
23765a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
23775a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
23785a4.3670: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll'
23795a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
23805a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
23815a4.3670: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll'
23825a4.3670: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll) -> 0x0, fPresent=1
23835a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23845a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8b7c0000 'ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll'
23855a4.3670: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll) -> 0x0, fPresent=1
23865a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23875a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8b7c0000 'ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll'
23885a4.3670: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-com-l1-1-0.dll) -> 0x0, fPresent=1
23895a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-com-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23905a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8d050000 'api-ms-win-core-com-l1-1-0.dll'
23915a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23925a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\iertutil.dll)
23935a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\iertutil.dll
23945a4.3670: supR3HardenedDllNotificationCallback: load 00007ffd79730000 LB 0x002a6000 C:\WINDOWS\System32\iertutil.dll [fFlags=0x0]
23955a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\iertutil.dll [avoiding WinVerifyTrust]
23965a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23975a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23985a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
23995a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
24005a4.3670: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\iertutil.dll'
24015a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msctf.dll
24025a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
24035a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8cc30000 'C:\WINDOWS\System32\MSCTF.dll'
24045a4.3670: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bb8 pwszName=\Device\HarddiskVolume3\Windows\System32\oleacc.dll
24055a4.3670: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000e39b80
24065a4.3670: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000e39b80
24075a4.3670: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4DE24409C9F6743A292F9B0C8FB1A7F688A78696
24085a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
24095a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
24105a4.3670: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04113~31bf3856ad364e35~amd64~~10.0.18362.356.cat'; file='\Device\HarddiskVolume3\Windows\System32\oleacc.dll'
24115a4.3670: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24125a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
24135a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'user32.dll'.
24145a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\oleacc.dll) WinVerifyTrust
24155a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\oleacc.dll
24165a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
24175a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
24185a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
24195a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
24205a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Oleacc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
24215a4.3670: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleacc.dll
24225a4.3670: supR3HardenedDllNotificationCallback: load 00007ffd745a0000 LB 0x00065000 C:\WINDOWS\system32\Oleacc.dll [fFlags=0x0]
24235a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleacc.dll
24245a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd745a0000 'C:\WINDOWS\system32\Oleacc.dll'
24255a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ce70000 'C:\WINDOWS\System32\OLEAUT32.DLL'
24265a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleacc.dll
24275a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\oleacc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24285a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd745a0000 'C:\WINDOWS\system32\oleacc.dll'
24295a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleacc.dll
24305a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleacc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
24315a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd745a0000 'C:\Windows\System32\oleacc.dll'
24325a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8c200000 'C:\WINDOWS\System32\ole32.dll'
24335a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ce70000 'C:\WINDOWS\System32\OLEAUT32.dll'
24345a4.3670: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b1c pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
24355a4.3670: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000e39b80
24365a4.3670: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000e39b80
24375a4.3670: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DB1AA7E2E4704C908EC9382E1F9E64808B9E5E1D
24385a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
24395a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
24405a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24415a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
24425a4.3670: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.18362.388.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll'
24435a4.3670: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24445a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24455a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
24465a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
24475a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
24485a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
24495a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
24505a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
24515a4.3670: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b38 pwszName=\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
24525a4.3670: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000e39b80
24535a4.3670: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000e39b80
24545a4.3670: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=22EAF38FA276D7A374D3945ACD556FA0953D3440
24555a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
24565a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
24575a4.3670: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.18362.388.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll'
24585a4.3670: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24595a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24605a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'bcrypt.dll'.
24615a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'ws2_32.dll'.
24625a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll) WinVerifyTrust
24635a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
24645a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
24655a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
24665a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
24675a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24685a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24695a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
24705a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
24715a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
24725a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
24735a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
24745a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
24755a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24765a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24775a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
24785a4.3670: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
24795a4.3670: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
24805a4.3670: supR3HardenedDllNotificationCallback: load 00007ffd77db0000 LB 0x00084000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [fFlags=0x0]
24815a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
24825a4.3670: supR3HardenedDllNotificationCallback: load 00007ffd70b10000 LB 0x00011000 C:\WINDOWS\system32\wbem\wbemprox.dll [fFlags=0x0]
24835a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
24845a4.3670: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(API-MS-Win-Core-LocalRegistry-L1-1-0.dll) -> 0x0, fPresent=1
24855a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
24865a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8b230000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
24875a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd70b10000 'C:\WINDOWS\system32\wbem\wbemprox.dll'
24885a4.3670: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bec pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
24895a4.3670: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000e39b80
24905a4.3670: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000e39b80
24915a4.3670: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=00C864D7F76A7AD25E7D0DA164B0B66188F5B7FF
24925a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
24935a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
24945a4.3670: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.18362.388.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll'
24955a4.3670: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24965a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24975a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
24985a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
24995a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
25005a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
25015a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
25025a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25035a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25045a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
25055a4.3670: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
25065a4.3670: supR3HardenedDllNotificationCallback: load 00007ffd6ecb0000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [fFlags=0x0]
25075a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
25085a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd6ecb0000 'C:\WINDOWS\system32\wbem\wbemsvc.dll'
25095a4.3670: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-0.dll) -> 0x0, fPresent=1
25105a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
25115a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8b230000 'api-ms-win-core-localization-l1-2-0.dll'
25125a4.3670: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-1-0.dll) -> 0x0, fPresent=1
25135a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
25145a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8b230000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
25155a4.3670: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000be4 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
25165a4.3670: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000e39b80
25175a4.3670: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000e39b80
25185a4.3670: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0708A64F48237CD4D5092546CE9C373F20B30CA1
25195a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
25205a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
25215a4.3670: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.18362.388.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll'
25225a4.3670: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
25235a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25245a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'wbemcomn.dll'.
25255a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
25265a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
25275a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
25285a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
25295a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
25305a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25315a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25325a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
25335a4.3670: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
25345a4.3670: supR3HardenedDllNotificationCallback: load 00007ffd6eea0000 LB 0x00101000 C:\WINDOWS\system32\wbem\fastprox.dll [fFlags=0x0]
25355a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
25365a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd6eea0000 'C:\WINDOWS\system32\wbem\fastprox.dll'
25375a4.3670: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b20 pwszName=\Device\HarddiskVolume3\Windows\System32\amsi.dll
25385a4.3670: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000e39b80
25395a4.3670: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000e39b80
25405a4.3670: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B5D4D58A583ACAD5AA76D7DD0F2DB8ADE903942B
25415a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
25425a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
25435a4.3670: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.18362.356.cat'; file='\Device\HarddiskVolume3\Windows\System32\amsi.dll'
25445a4.3670: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
25455a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25465a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
25475a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'userenv.dll'.
25485a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\amsi.dll) WinVerifyTrust
25495a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\amsi.dll
25505a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'...
25515a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume3\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008]
25525a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll
25535a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
25545a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
25555a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25565a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25575a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\amsi.dll (Input=amsi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
25585a4.3670: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\amsi.dll
25595a4.3670: supR3HardenedDllNotificationCallback: load 00007ffd6dc00000 LB 0x00015000 C:\WINDOWS\System32\amsi.dll [fFlags=0x0]
25605a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\amsi.dll
25615a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd6dc00000 'C:\WINDOWS\System32\amsi.dll'
25625a4.3670: \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswAMSI.dll: Owner is administrators group.
25635a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
25645a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
25655a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
25665a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
25675a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
25685a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
25695a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
25705a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp140.dll'.
25715a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'powrprof.dll'.
25725a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'vcruntime140.dll'.
25735a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'dbghelp.dll'.
25745a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'shlwapi.dll'.
25755a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswAMSI.dll) WinVerifyTrust
25765a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswAMSI.dll
25775a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
25785a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
25795a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
25805a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dbghelp.dll'...
25815a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'dbghelp.dll' -> '\Device\HarddiskVolume3\Windows\System32\dbghelp.dll' [rcNtRedir=0xc0150008]
25825a4.3670: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b90 pwszName=\Device\HarddiskVolume3\Windows\System32\dbghelp.dll
25835a4.3670: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000e39b80
25845a4.3670: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000e39b80
25855a4.3670: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=621C45C74AAC05D7EB618FACC2D534657D23E51C
25865a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
25875a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
25885a4.3670: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.18362.418.cat'; file='\Device\HarddiskVolume3\Windows\System32\dbghelp.dll'
25895a4.3670: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
25905a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dbghelp.dll) WinVerifyTrust
25915a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dbghelp.dll
25925a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
25935a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
25945a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
25955a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\vcruntime140.dll) WinVerifyTrust
25965a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\vcruntime140.dll
25975a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'powrprof.dll'...
25985a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'powrprof.dll' -> '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rcNtRedir=0xc0150008]
25995a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\powrprof.dll [redoing WinVerifyTrust]
26005a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
26015a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
26025a4.3670: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'
26035a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
26045a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
26055a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
26065a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.
26075a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcp140.dll) WinVerifyTrust
26085a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcp140.dll
26095a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
26105a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
26115a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
26125a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
26135a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
26145a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
26155a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
26165a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
26175a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
26185a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
26195a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
26205a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
26215a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vcruntime140.dll
26225a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\AVG\Antivirus\aswAMSI.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26235a4.3670: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswAMSI.dll
26245a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.
26255a4.3670: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.27821.0_none_6ed61cbfd309270b\msvcp140.dll)
26265a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.27821.0_none_6ed61cbfd309270b\msvcp140.dll
26275a4.3670: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.27821.0_none_6ed61cbfd309270b\vcruntime140.dll)
26285a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.27821.0_none_6ed61cbfd309270b\vcruntime140.dll
26295a4.3670: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dbghelp.dll
26305a4.3670: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\dbgcore.dll)
26315a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dbgcore.dll
26325a4.3670: supR3HardenedDllNotificationCallback: load 00007ffd7acf0000 LB 0x00016000 C:\WINDOWS\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.27821.0_none_6ed61cbfd309270b\VCRUNTIME140.dll [fFlags=0x0]
26335a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.27821.0_none_6ed61cbfd309270b\vcruntime140.dll [avoiding WinVerifyTrust]
26345a4.3670: supR3HardenedDllNotificationCallback: load 00007ffd7ac50000 LB 0x00099000 C:\WINDOWS\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.27821.0_none_6ed61cbfd309270b\MSVCP140.dll [fFlags=0x0]
26355a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.27821.0_none_6ed61cbfd309270b\msvcp140.dll [avoiding WinVerifyTrust]
26365a4.3670: supR3HardenedDllNotificationCallback: load 00007ffd88d00000 LB 0x001f4000 C:\WINDOWS\SYSTEM32\dbghelp.dll [fFlags=0x0]
26375a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dbghelp.dll
26385a4.3670: supR3HardenedDllNotificationCallback: load 00007ffd7ebb0000 LB 0x0002a000 C:\WINDOWS\SYSTEM32\dbgcore.DLL [fFlags=0x0]
26395a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\dbgcore.dll [avoiding WinVerifyTrust]
26405a4.3670: supR3HardenedDllNotificationCallback: load 00007ffd6da30000 LB 0x0015f000 C:\Program Files\AVG\Antivirus\aswAMSI.dll [fFlags=0x0]
26415a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswAMSI.dll
26425a4.3670: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\dbgcore.dll'.
26435a4.3670: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\dbgcore.dll' [rescheduled]
26445a4.3670: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.27821.0_none_6ed61cbfd309270b\vcruntime140.dll'.
26455a4.3670: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.27821.0_none_6ed61cbfd309270b\vcruntime140.dll' [rescheduled]
26465a4.3670: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.27821.0_none_6ed61cbfd309270b\msvcp140.dll'.
26475a4.3670: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.27821.0_none_6ed61cbfd309270b\msvcp140.dll' [rescheduled]
26485a4.3670: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
26495a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
26505a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8b230000 'api-ms-win-core-synch-l1-2-0'
26515a4.3670: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
26525a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
26535a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8b230000 'api-ms-win-core-fibers-l1-1-1'
26545a4.3670: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-file-l1-2-1.dll) -> 0x0, fPresent=1
26555a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-file-l1-2-1.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26565a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8b230000 'api-ms-win-core-file-l1-2-1.dll'
26575a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd6da30000 'C:\Program Files\AVG\Antivirus\aswAMSI.dll'
26585a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
26595a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
26605a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vcruntime140.dll
26615a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
26625a4.3670: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-sysinfo-l1-2-1) -> 0x0, fPresent=1
26635a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-sysinfo-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
26645a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8b230000 'api-ms-win-core-sysinfo-l1-2-1'
26655a4.3670: \Device\HarddiskVolume3\Program Files\AVG\Antivirus\AavmRpch.dll: Owner is administrators group.
26665a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
26675a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
26685a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'rpcrt4.dll'.
26695a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
26705a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
26715a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'shell32.dll'.
26725a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcp140.dll'.
26735a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'vcruntime140.dll'.
26745a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shlwapi.dll'.
26755a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\AVG\Antivirus\AavmRpch.dll) WinVerifyTrust
26765a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\AVG\Antivirus\AavmRpch.dll
26775a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
26785a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
26795a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
26805a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
26815a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
26825a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vcruntime140.dll
26835a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
26845a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
26855a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp140.dll
26865a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
26875a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
26885a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
26895a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
26905a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
26915a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
26925a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
26935a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
26945a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\AVG\Antivirus\AavmRpch.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
26955a4.3670: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\AVG\Antivirus\AavmRpch.dll
26965a4.3670: supR3HardenedDllNotificationCallback: load 00007ffd75ec0000 LB 0x0006f000 C:\Program Files\AVG\Antivirus\AavmRpch.dll [fFlags=0x0]
26975a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\AVG\Antivirus\AavmRpch.dll
26985a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd75ec0000 'C:\Program Files\AVG\Antivirus\AavmRpch.dll'
26995a4.3bd8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-appmodel-runtime-l1-1-2) -> 0x0, fPresent=1
27005a4.3bd8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-appmodel-runtime-l1-1-2 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
27015a4.3bd8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8a460000 'api-ms-win-appmodel-runtime-l1-1-2'
27025a4.3670: \Device\HarddiskVolume3\Program Files\AVG\Antivirus\dll_loader.dll: Owner is administrators group.
27035a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
27045a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
27055a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp140.dll'.
27065a4.3670: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vcruntime140.dll'.
27075a4.3670: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\AVG\Antivirus\dll_loader.dll) WinVerifyTrust
27085a4.3670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\AVG\Antivirus\dll_loader.dll
27095a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
27105a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
27115a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vcruntime140.dll
27125a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
27135a4.3670: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
27145a4.3670: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp140.dll
27155a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\AVG\Antivirus\dll_loader.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
27165a4.3670: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\AVG\Antivirus\dll_loader.dll
27175a4.3670: supR3HardenedDllNotificationCallback: load 00007ffd77bb0000 LB 0x00010000 C:\Program Files\AVG\Antivirus\dll_loader.dll [fFlags=0x0]
27185a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\AVG\Antivirus\dll_loader.dll
27195a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd77bb0000 'C:\Program Files\AVG\Antivirus\dll_loader.dll'
27205a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\AVG\Antivirus\AavmRpch.dll
27215a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\AVG\Antivirus\AavmRpch.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
27225a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd75ec0000 'C:\Program Files\AVG\Antivirus\AavmRpch.dll'
27235a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\AVG\Antivirus\AavmRpch.dll
27245a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\AVG\Antivirus\AavmRpch.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
27255a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd75ec0000 'C:\Program Files\AVG\Antivirus\AavmRpch.dll'
27265a4.ec8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
27275a4.ec8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
27285a4.ec8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
27295a4.ec8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
27305a4.ec8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
27315a4.ec8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
27325a4.ec8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
27335a4.ec8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
27345a4.ec8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
27355a4.ec8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
27365a4.ec8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
27375a4.ec8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
27385a4.ec8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
27395a4.ec8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
27405a4.ec8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
27415a4.ec8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll
27425a4.ec8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
27435a4.ec8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
27445a4.ec8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27455a4.ec8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27465a4.ec8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
27475a4.ec8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
27485a4.ec8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
27495a4.ec8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
27505a4.ec8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
27515a4.ec8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
27525a4.ec8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27535a4.ec8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
27545a4.ec8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll
27555a4.ec8: supR3HardenedDllNotificationCallback: load 0000000071df0000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
27565a4.ec8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll
27575a4.ec8: supR3HardenedDllNotificationCallback: load 00007ffd2b750000 LB 0x00331000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
27585a4.ec8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
27595a4.ec8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd2b750000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
27605a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
27615a4.54f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
27625a4.54f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
27635a4.54f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
27645a4.54f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
27655a4.54f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
27665a4.54f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
27675a4.54f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
27685a4.54f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
27695a4.54f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
27705a4.54f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
27715a4.54f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
27725a4.54f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
27735a4.54f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
27745a4.54f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
27755a4.54f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
27765a4.54f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
27775a4.54f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27785a4.54f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
27795a4.54f8: supR3HardenedDllNotificationCallback: load 00007ffd839b0000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
27805a4.54f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
27815a4.54f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd839b0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
27825a4.54f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8b7c0000 'C:\WINDOWS\system32\User32.dll'
27835a4.3fb8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
27845a4.3fb8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
27855a4.3fb8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
27865a4.3fb8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
27875a4.3fb8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
27885a4.3fb8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
27895a4.3fb8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
27905a4.3fb8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
27915a4.3fb8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
27925a4.3fb8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
27935a4.3fb8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
27945a4.3fb8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
27955a4.3fb8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27965a4.3fb8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
27975a4.3fb8: supR3HardenedDllNotificationCallback: load 00007ffd7d6d0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
27985a4.3fb8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
27995a4.3fb8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd7d6d0000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
28005a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8c360000 'C:\WINDOWS\system32\Shell32.dll'
28015a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
28025a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
28035a4.2afc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
28045a4.2afc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
28055a4.2afc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
28065a4.2afc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
28075a4.2afc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
28085a4.2afc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
28095a4.2afc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
28105a4.2afc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
28115a4.2afc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
28125a4.2afc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
28135a4.2afc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
28145a4.2afc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
28155a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
28165a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
28175a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
28185a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
28195a4.2afc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
28205a4.2afc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
28215a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
28225a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
28235a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
28245a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
28255a4.2afc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
28265a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
28275a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
28285a4.2afc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
28295a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
28305a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
28315a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
28325a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
28335a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
28345a4.2afc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
28355a4.2afc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
28365a4.2afc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
28375a4.2afc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
28385a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
28395a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
28405a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
28415a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
28425a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
28435a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
28445a4.2afc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
28455a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
28465a4.2afc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
28475a4.2afc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
28485a4.2afc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
28495a4.2afc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
28505a4.2afc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
28515a4.2afc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
28525a4.2afc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
28535a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
28545a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
28555a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
28565a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
28575a4.2afc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
28585a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
28595a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
28605a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
28615a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
28625a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
28635a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
28645a4.2afc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
28655a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
28665a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
28675a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
28685a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
28695a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
28705a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
28715a4.2afc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28725a4.2afc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
28735a4.2afc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
28745a4.2afc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
28755a4.2afc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
28765a4.2afc: supR3HardenedDllNotificationCallback: load 00007ffd634c0000 LB 0x00064000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
28775a4.2afc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
28785a4.2afc: supR3HardenedDllNotificationCallback: load 00007ffd5aa30000 LB 0x0005c000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
28795a4.2afc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
28805a4.2afc: supR3HardenedDllNotificationCallback: load 00007ffd89970000 LB 0x0003a000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
28815a4.2afc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
28825a4.2afc: supR3HardenedDllNotificationCallback: load 00007ffce5f00000 LB 0x009d9000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
28835a4.2afc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
28845a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce5f00000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
28855a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
28865a4.2afc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
28875a4.2afc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28885a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd32b90000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
28895a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
28905a4.2afc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
28915a4.2afc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28925a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd5aa30000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
28935a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
28945a4.23e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
28955a4.23e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
28965a4.23e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
28975a4.23e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
28985a4.23e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
28995a4.23e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
29005a4.23e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
29015a4.23e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
29025a4.23e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
29035a4.23e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
29045a4.23e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
29055a4.23e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
29065a4.23e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
29075a4.23e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29085a4.23e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
29095a4.23e4: supR3HardenedDllNotificationCallback: load 00007ffd7bd60000 LB 0x00014000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
29105a4.23e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
29115a4.23e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd7bd60000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
29125a4.4bb8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
29135a4.4bb8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
29145a4.4bb8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
29155a4.4bb8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
29165a4.4bb8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
29175a4.4bb8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
29185a4.4bb8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
29195a4.4bb8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
29205a4.4bb8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
29215a4.4bb8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
29225a4.4bb8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
29235a4.4bb8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
29245a4.4bb8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
29255a4.4bb8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
29265a4.4bb8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
29275a4.4bb8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
29285a4.4bb8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29295a4.4bb8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
29305a4.4bb8: supR3HardenedDllNotificationCallback: load 00007ffd7d650000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
29315a4.4bb8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
29325a4.4bb8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd7d650000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
29335a4.58c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
29345a4.58c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
29355a4.58c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
29365a4.58c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
29375a4.58c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
29385a4.58c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
29395a4.58c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
29405a4.58c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
29415a4.58c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
29425a4.58c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
29435a4.58c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
29445a4.58c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
29455a4.58c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29465a4.58c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
29475a4.58c: supR3HardenedDllNotificationCallback: load 00007ffd7b720000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
29485a4.58c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
29495a4.58c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd7b720000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
29505a4.2afc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
29515a4.2afc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29525a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd89970000 'C:\WINDOWS\system32\Iphlpapi.dll'
29535a4.2afc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
29545a4.2afc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'nsi.dll'.
29555a4.2afc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winnsi.dll)
29565a4.2afc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winnsi.dll
29575a4.2afc: supR3HardenedDllNotificationCallback: load 00007ffd8b9c0000 LB 0x00008000 C:\WINDOWS\System32\NSI.dll [fFlags=0x0]
29585a4.2afc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\nsi.dll)
29595a4.2afc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\nsi.dll
29605a4.2afc: supR3HardenedDllNotificationCallback: load 00007ffd828b0000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\WINNSI.DLL [fFlags=0x0]
29615a4.2afc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winnsi.dll [avoiding WinVerifyTrust]
29625a4.2afc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
29635a4.2afc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll)
29645a4.2afc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll
29655a4.2afc: supR3HardenedDllNotificationCallback: load 00007ffd82870000 LB 0x00016000 C:\WINDOWS\SYSTEM32\dhcpcsvc6.DLL [fFlags=0x0]
29665a4.2afc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll [avoiding WinVerifyTrust]
29675a4.2afc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
29685a4.2afc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
29695a4.2afc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'nsi.dll'.
29705a4.2afc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll)
29715a4.2afc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll
29725a4.2afc: supR3HardenedDllNotificationCallback: load 00007ffd82540000 LB 0x0001c000 C:\WINDOWS\SYSTEM32\dhcpcsvc.DLL [fFlags=0x0]
29735a4.2afc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll [avoiding WinVerifyTrust]
29745a4.2afc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'ws2_32.dll'.
29755a4.2afc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'nsi.dll'.
29765a4.2afc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dnsapi.dll)
29775a4.2afc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dnsapi.dll
29785a4.2afc: supR3HardenedDllNotificationCallback: load 00007ffd899b0000 LB 0x000ca000 C:\WINDOWS\SYSTEM32\DNSAPI.dll [fFlags=0x0]
29795a4.2afc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dnsapi.dll [avoiding WinVerifyTrust]
29805a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
29815a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
29825a4.2afc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll [lacks WinVerifyTrust]
29835a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
29845a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
29855a4.2afc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
29865a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
29875a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
29885a4.2afc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll [lacks WinVerifyTrust]
29895a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
29905a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
29915a4.2afc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
29925a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
29935a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
29945a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
29955a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
29965a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
29975a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
29985a4.2afc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll [lacks WinVerifyTrust]
29995a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
30005a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
30015a4.2afc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
30025a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
30035a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
30045a4.2afc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dnsapi.dll'
30055a4.2afc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000113c pwszName=\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll
30065a4.2afc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000e39b80
30075a4.2afc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000e39b80
30085a4.2afc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=ABBE12EE7925737522BCF905613B49C6CAA0BE8C
30095a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
30105a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
30115a4.2afc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.18362.418.cat'; file='\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll'
30125a4.2afc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
30135a4.2afc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll'
30145a4.2afc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001130 pwszName=\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll
30155a4.2afc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000e39b80
30165a4.2afc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000e39b80
30175a4.2afc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=62657CFC96994F71846A6491CB0A48C51E4DCEBA
30185a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
30195a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
30205a4.2afc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.18362.418.cat'; file='\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll'
30215a4.2afc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
30225a4.2afc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll'
30235a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
30245a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
30255a4.2afc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\nsi.dll'
30265a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
30275a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
30285a4.2afc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\winnsi.dll'
30295a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
30305a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
30315a4.2afc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
30325a4.2afc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
30335a4.2afc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'devobj.dll'.
30345a4.2afc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll) WinVerifyTrust
30355a4.2afc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
30365a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
30375a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume3\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
30385a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
30395a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
30405a4.2afc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'cfgmgr32.dll'.
30415a4.2afc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\devobj.dll) WinVerifyTrust
30425a4.2afc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\devobj.dll
30435a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
30445a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
30455a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
30465a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
30475a4.2afc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
30485a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
30495a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
30505a4.2afc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust]
30515a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
30525a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
30535a4.2afc: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'
30545a4.2afc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
30555a4.2afc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
30565a4.2afc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devobj.dll
30575a4.2afc: supR3HardenedDllNotificationCallback: load 00007ffd8a250000 LB 0x0002a000 C:\WINDOWS\System32\DEVOBJ.dll [fFlags=0x0]
30585a4.2afc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devobj.dll
30595a4.2afc: supR3HardenedDllNotificationCallback: load 00007ffd7e210000 LB 0x00072000 C:\WINDOWS\System32\MMDevApi.dll [fFlags=0x0]
30605a4.2afc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
30615a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd7e210000 'C:\WINDOWS\System32\MMDevApi.dll'
30625a4.2afc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001200 pwszName=\Device\HarddiskVolume3\Windows\System32\dsound.dll
30635a4.2afc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000e39b80
30645a4.2afc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000e39b80
30655a4.2afc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8184043CF3F3DF1E3CF96E74DBBF7D0836417373
30665a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
30675a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
30685a4.2afc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.18362.418.cat'; file='\Device\HarddiskVolume3\Windows\System32\dsound.dll'
30695a4.2afc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
30705a4.2afc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
30715a4.2afc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'winmm.dll'.
30725a4.2afc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dsound.dll) WinVerifyTrust
30735a4.2afc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dsound.dll
30745a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
30755a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
30765a4.2afc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
30775a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
30785a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
30795a4.2afc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
30805a4.2afc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
30815a4.2afc: supR3HardenedDllNotificationCallback: load 00007ffd52bb0000 LB 0x00099000 C:\WINDOWS\System32\dsound.dll [fFlags=0x0]
30825a4.2afc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
30835a4.2afc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
30845a4.2afc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
30855a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd52bb0000 'C:\WINDOWS\System32\dsound.dll'
30865a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd52bb0000 'C:\WINDOWS\System32\dsound.dll'
30875a4.2afc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
30885a4.2afc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30895a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd52bb0000 'C:\WINDOWS\system32\dsound.dll'
30905a4.2afc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
30915a4.2afc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30925a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd7e210000 'C:\WINDOWS\System32\MMDEVAPI.DLL'
30935a4.1638: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
30945a4.1638: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
30955a4.1638: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
30965a4.1638: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
30975a4.1638: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'.
30985a4.1638: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'mmdevapi.dll'.
30995a4.1638: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\AudioSes.dll) WinVerifyTrust
31005a4.1638: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\AudioSes.dll
31015a4.1638: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
31025a4.1638: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
31035a4.1638: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
31045a4.1638: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
31055a4.1638: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
31065a4.1638: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
31075a4.1638: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
31085a4.1638: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
31095a4.1638: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
31105a4.1638: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
31115a4.1638: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
31125a4.1638: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\AudioSes.dll
31135a4.1638: supR3HardenedDllNotificationCallback: load 00007ffd7cc10000 LB 0x0015d000 C:\WINDOWS\System32\AUDIOSES.DLL [fFlags=0x0]
31145a4.1638: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\AudioSes.dll
31155a4.1638: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd7cc10000 'C:\WINDOWS\System32\AUDIOSES.DLL'
31165a4.1638: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
31175a4.1638: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
31185a4.1638: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ResourcePolicyClient.dll)
31195a4.1638: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ResourcePolicyClient.dll
31205a4.1638: supR3HardenedDllNotificationCallback: load 00007ffd886a0000 LB 0x00014000 C:\WINDOWS\SYSTEM32\resourcepolicyclient.dll [fFlags=0x0]
31215a4.1638: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ResourcePolicyClient.dll [avoiding WinVerifyTrust]
31225a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
31235a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
31245a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
31255a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
31265a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
31275a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
31285a4.2afc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ResourcePolicyClient.dll'
31295a4.2afc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
31305a4.2afc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
31315a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd87840000 'C:\WINDOWS\System32\winmm.dll'
31325a4.2afc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001294 pwszName=\Device\HarddiskVolume3\Windows\System32\wdmaud.drv
31335a4.2afc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000e39b80
31345a4.2afc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000e39b80
31355a4.2afc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=38EA8D6D625C6A0A9075DAE17FD33652FF8FC23A
31365a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
31375a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
31385a4.2afc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.18362.418.cat'; file='\Device\HarddiskVolume3\Windows\System32\wdmaud.drv'
31395a4.2afc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
31405a4.2afc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
31415a4.2afc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'mmdevapi.dll'.
31425a4.2afc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'ksuser.dll'.
31435a4.2afc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'avrt.dll'.
31445a4.2afc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wdmaud.drv) WinVerifyTrust
31455a4.2afc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
31465a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
31475a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
31485a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
31495a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
31505a4.2afc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\avrt.dll) WinVerifyTrust
31515a4.2afc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\avrt.dll
31525a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
31535a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume3\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
31545a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
31555a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
31565a4.2afc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
31575a4.2afc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ksuser.dll) WinVerifyTrust
31585a4.2afc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ksuser.dll
31595a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
31605a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
31615a4.2afc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
31625a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
31635a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
31645a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
31655a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
31665a4.2afc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
31675a4.2afc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
31685a4.2afc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ksuser.dll
31695a4.2afc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\avrt.dll
31705a4.2afc: supR3HardenedDllNotificationCallback: load 00007ffd73010000 LB 0x00009000 C:\WINDOWS\SYSTEM32\ksuser.dll [fFlags=0x0]
31715a4.2afc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ksuser.dll
31725a4.2afc: supR3HardenedDllNotificationCallback: load 00007ffd862b0000 LB 0x0000a000 C:\WINDOWS\SYSTEM32\AVRT.dll [fFlags=0x0]
31735a4.2afc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\avrt.dll
31745a4.2afc: supR3HardenedDllNotificationCallback: load 00007ffd50fb0000 LB 0x00044000 C:\WINDOWS\System32\wdmaud.drv [fFlags=0x0]
31755a4.2afc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
31765a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd50fb0000 'C:\WINDOWS\System32\wdmaud.drv'
31775a4.2afc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
31785a4.2afc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
31795a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd50fb0000 'C:\WINDOWS\System32\wdmaud.drv'
31805a4.2afc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
31815a4.2afc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
31825a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd50fb0000 'C:\WINDOWS\System32\wdmaud.drv'
31835a4.2afc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
31845a4.2afc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
31855a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd50fb0000 'C:\WINDOWS\System32\wdmaud.drv'
31865a4.2afc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
31875a4.2afc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
31885a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd50fb0000 'C:\WINDOWS\System32\wdmaud.drv'
31895a4.2afc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
31905a4.2afc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
31915a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd50fb0000 'C:\WINDOWS\System32\wdmaud.drv'
31925a4.2afc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
31935a4.2afc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
31945a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd50fb0000 'C:\WINDOWS\System32\wdmaud.drv'
31955a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd50fb0000 'C:\WINDOWS\System32\wdmaud.drv'
31965a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd50fb0000 'C:\WINDOWS\System32\wdmaud.drv'
31975a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd50fb0000 'C:\WINDOWS\System32\wdmaud.drv'
31985a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd50fb0000 'C:\WINDOWS\System32\wdmaud.drv'
31995a4.2afc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000127c pwszName=\Device\HarddiskVolume3\Windows\System32\msacm32.drv
32005a4.2afc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000e39b80
32015a4.2afc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000e39b80
32025a4.2afc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=763C5E89A8DA653902990733D245B99CC7C40BEA
32035a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
32045a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
32055a4.2afc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.18362.418.cat'; file='\Device\HarddiskVolume3\Windows\System32\msacm32.drv'
32065a4.2afc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
32075a4.2afc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
32085a4.2afc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'mmdevapi.dll'.
32095a4.2afc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'msacm32.dll'.
32105a4.2afc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'winmmbase.dll'.
32115a4.2afc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msacm32.drv) WinVerifyTrust
32125a4.2afc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msacm32.drv
32135a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
32145a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
32155a4.2afc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmmbase.dll [redoing WinVerifyTrust]
32165a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
32175a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
32185a4.2afc: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'
32195a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
32205a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
32215a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
32225a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
32235a4.2afc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
32245a4.2afc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msacm32.dll) WinVerifyTrust
32255a4.2afc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msacm32.dll
32265a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
32275a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
32285a4.2afc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
32295a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
32305a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
32315a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
32325a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
32335a4.2afc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
32345a4.2afc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
32355a4.2afc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.dll
32365a4.2afc: supR3HardenedDllNotificationCallback: load 00007ffd625c0000 LB 0x0001c000 C:\WINDOWS\SYSTEM32\MSACM32.dll [fFlags=0x0]
32375a4.2afc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.dll
32385a4.2afc: supR3HardenedDllNotificationCallback: load 00007ffd7a9f0000 LB 0x0000d000 C:\WINDOWS\System32\msacm32.drv [fFlags=0x0]
32395a4.2afc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
32405a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd7a9f0000 'C:\WINDOWS\System32\msacm32.drv'
32415a4.2afc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
32425a4.2afc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
32435a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd7a9f0000 'C:\WINDOWS\System32\msacm32.drv'
32445a4.2afc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
32455a4.2afc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
32465a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd7a9f0000 'C:\WINDOWS\System32\msacm32.drv'
32475a4.2afc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
32485a4.2afc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
32495a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd7a9f0000 'C:\WINDOWS\System32\msacm32.drv'
32505a4.2afc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
32515a4.2afc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
32525a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd7a9f0000 'C:\WINDOWS\System32\msacm32.drv'
32535a4.2afc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
32545a4.2afc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
32555a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd7a9f0000 'C:\WINDOWS\System32\msacm32.drv'
32565a4.2afc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
32575a4.2afc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
32585a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd7a9f0000 'C:\WINDOWS\System32\msacm32.drv'
32595a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd7a9f0000 'C:\WINDOWS\System32\msacm32.drv'
32605a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd7a9f0000 'C:\WINDOWS\System32\msacm32.drv'
32615a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd7a9f0000 'C:\WINDOWS\System32\msacm32.drv'
32625a4.2afc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000130c pwszName=\Device\HarddiskVolume3\Windows\System32\midimap.dll
32635a4.2afc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000e39b80
32645a4.2afc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000e39b80
32655a4.2afc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EB34EC166C3F780657AB67E557E6C2E60C398D10
32665a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd897d0000 'C:\WINDOWS\system32\rsaenh.dll'
32675a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8ada0000 'C:\WINDOWS\System32\crypt32.dll'
32685a4.2afc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.18362.418.cat'; file='\Device\HarddiskVolume3\Windows\System32\midimap.dll'
32695a4.2afc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
32705a4.2afc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
32715a4.2afc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'winmm.dll'.
32725a4.2afc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\midimap.dll) WinVerifyTrust
32735a4.2afc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\midimap.dll
32745a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
32755a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
32765a4.2afc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
32775a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
32785a4.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
32795a4.2afc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
32805a4.2afc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
32815a4.2afc: supR3HardenedDllNotificationCallback: load 00007ffd79b80000 LB 0x0000a000 C:\WINDOWS\System32\midimap.dll [fFlags=0x0]
32825a4.2afc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
32835a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd79b80000 'C:\WINDOWS\System32\midimap.dll'
32845a4.2afc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
32855a4.2afc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
32865a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd79b80000 'C:\WINDOWS\System32\midimap.dll'
32875a4.2afc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
32885a4.2afc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
32895a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd79b80000 'C:\WINDOWS\System32\midimap.dll'
32905a4.2afc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
32915a4.2afc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
32925a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd79b80000 'C:\WINDOWS\System32\midimap.dll'
32935a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd87840000 'C:\WINDOWS\System32\winmm.dll'
32945a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd87840000 'C:\WINDOWS\System32\winmm.dll'
32955a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd87840000 'C:\WINDOWS\System32\winmm.dll'
32965a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd87840000 'C:\WINDOWS\System32\winmm.dll'
32975a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd87840000 'C:\WINDOWS\System32\winmm.dll'
32985a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd87840000 'C:\WINDOWS\System32\winmm.dll'
32995a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd87840000 'C:\WINDOWS\System32\winmm.dll'
33005a4.2afc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
33015a4.2afc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33025a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd87840000 'C:\WINDOWS\System32\winmm.dll'
33035a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd87840000 'C:\WINDOWS\System32\winmm.dll'
33045a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd87840000 'C:\WINDOWS\System32\winmm.dll'
33055a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd87840000 'C:\WINDOWS\System32\winmm.dll'
33065a4.2afc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
33075a4.2afc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33085a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd52bb0000 'C:\WINDOWS\system32\dsound.dll'
33095a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd87840000 'C:\WINDOWS\System32\winmm.dll'
33105a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd87840000 'C:\WINDOWS\System32\winmm.dll'
33115a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd87840000 'C:\WINDOWS\System32\winmm.dll'
33125a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd87840000 'C:\WINDOWS\System32\winmm.dll'
33135a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd87840000 'C:\WINDOWS\System32\winmm.dll'
33145a4.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd87840000 'C:\WINDOWS\System32\winmm.dll'
33155a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8c360000 'C:\WINDOWS\system32\shell32.dll'
33165a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8c360000 'C:\WINDOWS\system32\shell32.dll'
33175a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8c360000 'C:\WINDOWS\system32\shell32.dll'
33185a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8c360000 'C:\WINDOWS\system32\shell32.dll'
33195a4.3670: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
33205a4.3670: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33215a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8c360000 'C:\WINDOWS\system32\shell32.dll'
33225a4.3670: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8c360000 'C:\WINDOWS\system32\shell32.dll'
33235a4.58c: supR3HardenedDllNotificationCallback: Unload 00007ffd7b720000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [flags=0x0]
33245a4.4bb8: supR3HardenedDllNotificationCallback: Unload 00007ffd7d650000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [flags=0x0]
33255a4.23e4: supR3HardenedDllNotificationCallback: Unload 00007ffd7bd60000 LB 0x00014000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [flags=0x0]
33265a4.3fb8: supR3HardenedDllNotificationCallback: Unload 00007ffd7d6d0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [flags=0x0]
33275a4.54f8: supR3HardenedDllNotificationCallback: Unload 00007ffd839b0000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [flags=0x0]
33285a4.2afc: supR3HardenedDllNotificationCallback: Unload 00007ffce5f00000 LB 0x009d9000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [flags=0x0]
33295a4.2afc: supR3HardenedDllNotificationCallback: Unload 00007ffd634c0000 LB 0x00064000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [flags=0x0]
33305a4.2afc: supR3HardenedDllNotificationCallback: Unload 00007ffd5aa30000 LB 0x0005c000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [flags=0x0]
33315a4.3670: supR3HardenedDllNotificationCallback: Unload 00007ffd6ecb0000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [flags=0x0]
33325a4.3670: supR3HardenedDllNotificationCallback: Unload 00007ffd78a30000 LB 0x0003a000 C:\WINDOWS\system32\dataexchange.dll [flags=0x0]
33335a4.3670: supR3HardenedDllNotificationCallback: Unload 00007ffd873a0000 LB 0x0025b000 C:\WINDOWS\system32\d3d11.dll [flags=0x0]
33345a4.3670: supR3HardenedDllNotificationCallback: Unload 00007ffd89150000 LB 0x000eb000 C:\WINDOWS\system32\dxgi.dll [flags=0x0]
33355a4.3670: supR3HardenedDllNotificationCallback: Unload 00007ffd87630000 LB 0x001db000 C:\WINDOWS\system32\dcomp.dll [flags=0x0]
33365a4.3670: supR3HardenedDllNotificationCallback: Unload 00007ffd88440000 LB 0x0025a000 C:\WINDOWS\system32\twinapi.appcore.dll [flags=0x0]
33375a4.3670: supR3HardenedDllNotificationCallback: Unload 00007ffd88870000 LB 0x00029000 C:\WINDOWS\system32\RMCLIENT.dll [flags=0x0]
33385a4.3670: supR3HardenedDllNotificationCallback: Unload 00007ffd6eea0000 LB 0x00101000 C:\WINDOWS\system32\wbem\fastprox.dll [flags=0x0]
33395a4.3670: supR3HardenedDllNotificationCallback: Unload 00007ffd51c50000 LB 0x000d5000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [flags=0x0]
33405a4.3670: supR3HardenedDllNotificationCallback: Unload 00007ffd70b10000 LB 0x00011000 C:\WINDOWS\system32\wbem\wbemprox.dll [flags=0x0]
33415a4.3670: supR3HardenedDllNotificationCallback: Unload 00007ffd77db0000 LB 0x00084000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [flags=0x0]
33425a4.3670: supR3HardenedDllNotificationCallback: Unload 00007ffd32b90000 LB 0x003a4000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [flags=0x0]
33435a4.3670: Terminating the normal way: rcExit=0
33445c18.284c: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 55458 ms, the end);
334545f8.48b0: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 56040 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy