VirtualBox

Ticket #19666: VBoxHardening.log

File VBoxHardening.log, 448.7 KB (added by Universal007, 4 years ago)

VboxHardening

Line 
1afc.37d4: Log file opened: 6.1.10r138449 g_hStartupLog=0000000000000074 g_uNtVerCombined=0xa04a6100
2afc.37d4: \SystemRoot\System32\ntdll.dll:
3afc.37d4: CreationTime: 2020-05-28T06:38:08.191919300Z
4afc.37d4: LastWriteTime: 2020-05-28T06:38:08.207545900Z
5afc.37d4: ChangeTime: 2020-06-10T05:48:39.549522100Z
6afc.37d4: FileAttributes: 0x20
7afc.37d4: Size: 0x1ed2f0
8afc.37d4: NT Headers: 0xe8
9afc.37d4: Timestamp: 0xcad89ab4
10afc.37d4: Machine: 0x8664 - amd64
11afc.37d4: Timestamp: 0xcad89ab4
12afc.37d4: Image Version: 10.0
13afc.37d4: SizeOfImage: 0x1f4000 (2048000)
14afc.37d4: Resource Dir: 0x183000 LB 0x6fd28
15afc.37d4: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
16afc.37d4: [Raw version resource data: 0x1830f0 LB 0x380, codepage 0x0 (reserved 0x0)]
17afc.37d4: ProductName: Microsoft® Windows® Operating System
18afc.37d4: ProductVersion: 10.0.19041.207
19afc.37d4: FileVersion: 10.0.19041.207 (WinBuild.160101.0800)
20afc.37d4: FileDescription: NT Layer DLL
21afc.37d4: \SystemRoot\System32\kernel32.dll:
22afc.37d4: CreationTime: 2020-06-10T05:47:59.026012600Z
23afc.37d4: LastWriteTime: 2020-06-10T05:47:59.038706100Z
24afc.37d4: ChangeTime: 2020-06-10T06:00:31.576386400Z
25afc.37d4: FileAttributes: 0x20
26afc.37d4: Size: 0xbaa28
27afc.37d4: NT Headers: 0xf0
28afc.37d4: Timestamp: 0x73317569
29afc.37d4: Machine: 0x8664 - amd64
30afc.37d4: Timestamp: 0x73317569
31afc.37d4: Image Version: 10.0
32afc.37d4: SizeOfImage: 0xbd000 (774144)
33afc.37d4: Resource Dir: 0xbb000 LB 0x520
34afc.37d4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
35afc.37d4: [Raw version resource data: 0xbb0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
36afc.37d4: ProductName: Microsoft® Windows® Operating System
37afc.37d4: ProductVersion: 10.0.19041.292
38afc.37d4: FileVersion: 10.0.19041.292 (WinBuild.160101.0800)
39afc.37d4: FileDescription: Windows NT BASE API Client DLL
40afc.37d4: \SystemRoot\System32\KernelBase.dll:
41afc.37d4: CreationTime: 2020-06-10T05:48:05.967946200Z
42afc.37d4: LastWriteTime: 2020-06-10T05:48:06.023608700Z
43afc.37d4: ChangeTime: 2020-06-10T06:00:32.886389000Z
44afc.37d4: FileAttributes: 0x20
45afc.37d4: Size: 0x2c8740
46afc.37d4: NT Headers: 0x100
47afc.37d4: Timestamp: 0x84cd251b
48afc.37d4: Machine: 0x8664 - amd64
49afc.37d4: Timestamp: 0x84cd251b
50afc.37d4: Image Version: 10.0
51afc.37d4: SizeOfImage: 0x2c7000 (2912256)
52afc.37d4: Resource Dir: 0x29e000 LB 0x548
53afc.37d4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
54afc.37d4: [Raw version resource data: 0x29e0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
55afc.37d4: ProductName: Microsoft® Windows® Operating System
56afc.37d4: ProductVersion: 10.0.19041.292
57afc.37d4: FileVersion: 10.0.19041.292 (WinBuild.160101.0800)
58afc.37d4: FileDescription: Windows NT BASE API Client DLL
59afc.37d4: \SystemRoot\System32\apisetschema.dll:
60afc.37d4: CreationTime: 2019-12-07T09:08:13.518339400Z
61afc.37d4: LastWriteTime: 2019-12-07T09:08:13.518339400Z
62afc.37d4: ChangeTime: 2020-06-10T05:48:39.408907200Z
63afc.37d4: FileAttributes: 0x20
64afc.37d4: Size: 0x1f538
65afc.37d4: NT Headers: 0xd0
66afc.37d4: Timestamp: 0x31288ce0
67afc.37d4: Machine: 0x8664 - amd64
68afc.37d4: Timestamp: 0x31288ce0
69afc.37d4: Image Version: 10.0
70afc.37d4: SizeOfImage: 0x20000 (131072)
71afc.37d4: Resource Dir: 0x1f000 LB 0x408
72afc.37d4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
73afc.37d4: [Raw version resource data: 0x1f060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
74afc.37d4: ProductName: Microsoft® Windows® Operating System
75afc.37d4: ProductVersion: 10.0.19041.1
76afc.37d4: FileVersion: 10.0.19041.1 (WinBuild.160101.0800)
77afc.37d4: FileDescription: ApiSet Schema DLL
78afc.37d4: NtOpenDirectoryObject failed on \Driver: 0xc0000022
79afc.37d4: supR3HardenedWinFindAdversaries: 0x2
80afc.37d4: \SystemRoot\System32\drivers\symevent64x86.sys:
81afc.37d4: CreationTime: 2020-04-05T16:58:37.627740000Z
82afc.37d4: LastWriteTime: 2020-04-05T16:58:37.395368800Z
83afc.37d4: ChangeTime: 2020-05-28T06:51:21.146802000Z
84afc.37d4: FileAttributes: 0x20
85afc.37d4: Size: 0x18608
86afc.37d4: NT Headers: 0xf0
87afc.37d4: Timestamp: 0x5bbbe164
88afc.37d4: Machine: 0x8664 - amd64
89afc.37d4: Timestamp: 0x5bbbe164
90afc.37d4: Image Version: 6.3
91afc.37d4: SizeOfImage: 0x21000 (135168)
92afc.37d4: Resource Dir: 0x1f000 LB 0x3c8
93afc.37d4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
94afc.37d4: [Raw version resource data: 0x1f0b8 LB 0x310, codepage 0x4e4 (reserved 0x0)]
95afc.37d4: ProductName: SYMEVENT
96afc.37d4: ProductVersion: 14.0.7.71
97afc.37d4: FileVersion: 14.0.7.71
98afc.37d4: FileDescription: Symantec Event Library
99afc.37d4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
100afc.37d4: Calling main()
101afc.37d4: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
102afc.37d4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
103afc.37d4: SUPR3HardenedMain: Respawn #1
104afc.37d4: System32: \Device\HarddiskVolume3\Windows\System32
105afc.37d4: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
106afc.37d4: KnownDllPath: C:\WINDOWS\System32
107afc.37d4: supR3HardenedWinInit: Performing a limited self purification...
108afc.37d4: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION
109afc.37d4: *0000000000000000-0000000000a0ffff 0x0001/0x0000 0x0000000
110afc.37d4: *0000000000a10000-0000000000a1ffff 0x0004/0x0004 0x0040000
111afc.37d4: 0000000000a20000-0000000000a2ffff 0x0001/0x0000 0x0000000
112afc.37d4: *0000000000a30000-0000000000a4cfff 0x0002/0x0002 0x0040000
113afc.37d4: 0000000000a4d000-0000000000a4ffff 0x0001/0x0000 0x0000000
114afc.37d4: *0000000000a50000-0000000000b00fff 0x0000/0x0004 0x0020000
115afc.37d4: 0000000000b01000-0000000000b03fff 0x0104/0x0004 0x0020000
116afc.37d4: 0000000000b04000-0000000000b4ffff 0x0004/0x0004 0x0020000
117afc.37d4: *0000000000b50000-0000000000b53fff 0x0002/0x0002 0x0040000
118afc.37d4: 0000000000b54000-0000000000b5ffff 0x0001/0x0000 0x0000000
119afc.37d4: *0000000000b60000-0000000000b61fff 0x0004/0x0004 0x0020000
120afc.37d4: 0000000000b62000-0000000000b6ffff 0x0001/0x0000 0x0000000
121afc.37d4: *0000000000b70000-0000000000b71fff 0x0004/0x0004 0x0020000
122afc.37d4: 0000000000b72000-0000000000ba1fff 0x0000/0x0004 0x0020000
123afc.37d4: 0000000000ba2000-0000000000bfffff 0x0001/0x0000 0x0000000
124afc.37d4: *0000000000c00000-0000000000cfffff 0x0000/0x0004 0x0020000
125afc.37d4: 0000000000d00000-0000000000d02fff 0x0004/0x0004 0x0020000
126afc.37d4: 0000000000d03000-0000000000dfffff 0x0000/0x0004 0x0020000
127afc.37d4: *0000000000e00000-0000000000e05fff 0x0004/0x0004 0x0020000
128afc.37d4: 0000000000e06000-0000000000efffff 0x0000/0x0004 0x0020000
129afc.37d4: *0000000000f00000-0000000000fc8fff 0x0002/0x0002 0x0040000
130afc.37d4: 0000000000fc9000-0000000000fcffff 0x0001/0x0000 0x0000000
131afc.37d4: *0000000000fd0000-0000000000fecfff 0x0004/0x0004 0x0020000
132afc.37d4: 0000000000fed000-00000000010cffff 0x0000/0x0004 0x0020000
133afc.37d4: 00000000010d0000-000000000110ffff 0x0001/0x0000 0x0000000
134afc.37d4: *0000000001110000-000000000111efff 0x0004/0x0004 0x0020000
135afc.37d4: 000000000111f000-000000000111ffff 0x0000/0x0004 0x0020000
136afc.37d4: *0000000001120000-0000000001125fff 0x0000/0x0004 0x0020000
137afc.37d4: 0000000001126000-000000000131afff 0x0004/0x0004 0x0020000
138afc.37d4: 000000000131b000-000000000131bfff 0x0000/0x0004 0x0020000
139afc.37d4: 000000000131c000-000000007ffdffff 0x0001/0x0000 0x0000000
140afc.37d4: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
141afc.37d4: 000000007ffe1000-000000007ffe7fff 0x0001/0x0000 0x0000000
142afc.37d4: *000000007ffe8000-000000007ffe8fff 0x0002/0x0002 0x0020000
143afc.37d4: 000000007ffe9000-00007ff47ccbffff 0x0001/0x0000 0x0000000
144afc.37d4: *00007ff47ccc0000-00007ff47ccc4fff 0x0002/0x0002 0x0040000
145afc.37d4: 00007ff47ccc5000-00007ff47cdbffff 0x0000/0x0002 0x0040000
146afc.37d4: *00007ff47cdc0000-00007ff57cddffff 0x0000/0x0004 0x0020000
147afc.37d4: *00007ff57cde0000-00007ff57eddffff 0x0000/0x0004 0x0020000
148afc.37d4: 00007ff57ede0000-00007ff57ede0fff 0x0004/0x0004 0x0020000
149afc.37d4: 00007ff57ede1000-00007ff57edeffff 0x0001/0x0000 0x0000000
150afc.37d4: *00007ff57edf0000-00007ff57edf0fff 0x0002/0x0002 0x0040000
151afc.37d4: 00007ff57edf1000-00007ff57edfffff 0x0001/0x0000 0x0000000
152afc.37d4: *00007ff57ee00000-00007ff57ee22fff 0x0002/0x0002 0x0040000
153afc.37d4: 00007ff57ee23000-00007ff73f74ffff 0x0001/0x0000 0x0000000
154afc.37d4: *00007ff73f750000-00007ff73f750fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
155afc.37d4: 00007ff73f751000-00007ff73f7c6fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
156afc.37d4: 00007ff73f7c7000-00007ff73f7c7fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
157afc.37d4: 00007ff73f7c8000-00007ff73f80ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
158afc.37d4: 00007ff73f810000-00007ff73f812fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
159afc.37d4: 00007ff73f813000-00007ff73f815fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
160afc.37d4: 00007ff73f816000-00007ff73f818fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
161afc.37d4: 00007ff73f819000-00007ff73f819fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
162afc.37d4: 00007ff73f81a000-00007ff73f81bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
163afc.37d4: 00007ff73f81c000-00007ff73f81cfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
164afc.37d4: 00007ff73f81d000-00007ff73f865fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
165afc.37d4: 00007ff73f866000-00007ff9863cffff 0x0001/0x0000 0x0000000
166afc.37d4: *00007ff9863d0000-00007ff9863d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
167afc.37d4: 00007ff9863d1000-00007ff9864e1fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
168afc.37d4: 00007ff9864e2000-00007ff986658fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
169afc.37d4: 00007ff986659000-00007ff98665cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
170afc.37d4: 00007ff98665d000-00007ff98665dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
171afc.37d4: 00007ff98665e000-00007ff986696fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
172afc.37d4: 00007ff986697000-00007ff9874bffff 0x0001/0x0000 0x0000000
173afc.37d4: *00007ff9874c0000-00007ff9874c0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
174afc.37d4: 00007ff9874c1000-00007ff98753efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
175afc.37d4: 00007ff98753f000-00007ff987571fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
176afc.37d4: 00007ff987572000-00007ff987572fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
177afc.37d4: 00007ff987573000-00007ff987573fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
178afc.37d4: 00007ff987574000-00007ff98757cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
179afc.37d4: 00007ff98757d000-00007ff98898ffff 0x0001/0x0000 0x0000000
180afc.37d4: *00007ff988990000-00007ff988990fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
181afc.37d4: 00007ff988991000-00007ff988aaafff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
182afc.37d4: 00007ff988aab000-00007ff988af2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
183afc.37d4: 00007ff988af3000-00007ff988af3fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
184afc.37d4: 00007ff988af4000-00007ff988af5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
185afc.37d4: 00007ff988af6000-00007ff988afefff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
186afc.37d4: 00007ff988aff000-00007ff988b83fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
187afc.37d4: 00007ff988b84000-00007ffffffeffff 0x0001/0x0000 0x0000000
188afc.37d4: kernel32.dll: timestamp 0x73317569 (rc=VINF_SUCCESS)
189afc.37d4: kernelbase.dll: timestamp 0x84cd251b (rc=VINF_SUCCESS)
190afc.37d4: VirtualBoxVM.exe: timestamp 0x5ed9201b (rc=VINF_SUCCESS)
191afc.37d4: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
192afc.37d4: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
193afc.37d4: supR3HardenedWinInit: SUPHARDNTVPKIND_SELF_PURIFICATION_LIMITED -> VINF_SUCCESS, cFixes=0
194afc.37d4: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
195afc.37d4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
196afc.37d4: supR3HardNtEnableThreadCreationEx:
197afc.37d4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff988a044e0 pvNtTerminateThread=00007ff988a2b7e0
198afc.37d4: supR3HardenedWinDoReSpawn(1): New child d38.2458 [kernel32].
199afc.37d4: supR3HardNtChildGatherData: PebBaseAddress=00000000006f6000 cbPeb=0x388
200afc.37d4: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff988990000 uNtDllChildAddr=00007ff988990000
201afc.37d4: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff988a044e0
202afc.37d4: supR3HardenedWinSetupChildInit: Initial context:
203 rax=0000000000000000 rbx=0000000000000000 rcx=00007ff73f757900 rdx=00000000006f6000
204 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
205 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
206 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
207 rip=00007ff9889dcea0 rsp=00000000005afd48 rbp=0000000000000000 ctxflags=0010001b
208 cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
209 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
210 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
211 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
212 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
213afc.37d4: supR3HardenedWinSetupChildInit: Start child.
214afc.37d4: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
215afc.37d4: supR3HardNtChildPurify: Startup delay kludge #1/0: 513 ms, 33 sleeps
216afc.37d4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
217afc.37d4: *0000000000000000-000000000046ffff 0x0001/0x0000 0x0000000
218afc.37d4: *0000000000470000-000000000048ffff 0x0004/0x0004 0x0020000
219afc.37d4: *0000000000490000-00000000004acfff 0x0002/0x0002 0x0040000
220afc.37d4: 00000000004ad000-00000000004affff 0x0001/0x0000 0x0000000
221afc.37d4: *00000000004b0000-00000000005aafff 0x0000/0x0004 0x0020000
222afc.37d4: 00000000005ab000-00000000005adfff 0x0104/0x0004 0x0020000
223afc.37d4: 00000000005ae000-00000000005affff 0x0004/0x0004 0x0020000
224afc.37d4: *00000000005b0000-00000000005b3fff 0x0002/0x0002 0x0040000
225afc.37d4: 00000000005b4000-00000000005bffff 0x0001/0x0000 0x0000000
226afc.37d4: *00000000005c0000-00000000005c1fff 0x0004/0x0004 0x0020000
227afc.37d4: 00000000005c2000-00000000005fffff 0x0001/0x0000 0x0000000
228afc.37d4: *0000000000600000-00000000006f5fff 0x0000/0x0004 0x0020000
229afc.37d4: 00000000006f6000-00000000006f8fff 0x0004/0x0004 0x0020000
230afc.37d4: 00000000006f9000-00000000007fffff 0x0000/0x0004 0x0020000
231afc.37d4: 0000000000800000-000000007ffdffff 0x0001/0x0000 0x0000000
232afc.37d4: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
233afc.37d4: 000000007ffe1000-000000007ffe7fff 0x0001/0x0000 0x0000000
234afc.37d4: *000000007ffe8000-000000007ffe8fff 0x0002/0x0002 0x0020000
235afc.37d4: 000000007ffe9000-00007ff5cbcbffff 0x0001/0x0000 0x0000000
236afc.37d4: *00007ff5cbcc0000-00007ff5cbcc0fff 0x0002/0x0002 0x0040000
237afc.37d4: 00007ff5cbcc1000-00007ff5cbccffff 0x0001/0x0000 0x0000000
238afc.37d4: *00007ff5cbcd0000-00007ff5cbcf2fff 0x0002/0x0002 0x0040000
239afc.37d4: 00007ff5cbcf3000-00007ff73f74ffff 0x0001/0x0000 0x0000000
240afc.37d4: *00007ff73f750000-00007ff73f750fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
241afc.37d4: 00007ff73f751000-00007ff73f7c6fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
242afc.37d4: 00007ff73f7c7000-00007ff73f7c7fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
243afc.37d4: 00007ff73f7c8000-00007ff73f80ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
244afc.37d4: 00007ff73f810000-00007ff73f810fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
245afc.37d4: 00007ff73f811000-00007ff73f811fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
246afc.37d4: 00007ff73f812000-00007ff73f816fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
247afc.37d4: 00007ff73f817000-00007ff73f817fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
248afc.37d4: 00007ff73f818000-00007ff73f818fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
249afc.37d4: 00007ff73f819000-00007ff73f81cfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
250afc.37d4: 00007ff73f81d000-00007ff73f865fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
251afc.37d4: 00007ff73f866000-00007ff98898ffff 0x0001/0x0000 0x0000000
252afc.37d4: *00007ff988990000-00007ff988990fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
253afc.37d4: 00007ff988991000-00007ff988aaafff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
254afc.37d4: 00007ff988aab000-00007ff988af2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
255afc.37d4: 00007ff988af3000-00007ff988afefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
256afc.37d4: 00007ff988aff000-00007ff988b0dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
257afc.37d4: 00007ff988b0e000-00007ff988b0efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
258afc.37d4: 00007ff988b0f000-00007ff988b11fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
259afc.37d4: 00007ff988b12000-00007ff988b83fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
260afc.37d4: 00007ff988b84000-00007ffffffeffff 0x0001/0x0000 0x0000000
261afc.37d4: supR3HardNtChildPurify: Done after 516 ms and 0 fixes (loop #0).
262afc.37d4: supR3HardNtEnableThreadCreationEx:
263d38.2458: Log file opened: 6.1.10r138449 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa04a6100
264d38.2458: supR3HardenedVmProcessInit: uNtDllAddr=00007ff988990000 g_uNtVerCombined=0xa04a6100 (stack ~00000000005af7d8)
265d38.2458: ntdll.dll: timestamp 0xcad89ab4 (rc=VINF_SUCCESS)
266d38.2458: New simple heap: #1 0000000000900000 LB 0x400000 (for 2048000 allocation)
267d38.2458: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
268d38.2458: System32: \Device\HarddiskVolume3\Windows\System32
269d38.2458: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
270d38.2458: KnownDllPath: C:\WINDOWS\System32
271d38.2458: supR3HardenedVmProcessInit: Opening vboxdrv stub...
272d38.2458: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
273d38.2458: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
274d38.2458: Registered Dll notification callback with NTDLL.
275d38.2458: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
276d38.2458: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
277d38.2458: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
278d38.2458: supR3HardenedDllNotificationCallback: load 00007ff9863d0000 LB 0x002c7000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
279d38.2458: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
280d38.2458: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
281d38.2458: supR3HardenedDllNotificationCallback: load 00007ff9874c0000 LB 0x000bd000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
282d38.2458: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
283d38.2458: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9874c0000 'C:\WINDOWS\System32\KERNEL32.DLL'
284d38.2458: supR3HardenedDllNotificationCallback: load 00007ff73f750000 LB 0x00116000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
285d38.2458: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
286d38.2458: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
287d38.2458: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
288d38.2458: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff988a044e0 pvNtTerminateThread=00007ff988a2b7e0
289afc.37d4: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 91 ms.
290d38.2458: \SystemRoot\System32\ntdll.dll:
291d38.2458: CreationTime: 2020-05-28T06:38:08.191919300Z
292d38.2458: LastWriteTime: 2020-05-28T06:38:08.207545900Z
293d38.2458: ChangeTime: 2020-06-10T05:48:39.549522100Z
294d38.2458: FileAttributes: 0x20
295d38.2458: Size: 0x1ed2f0
296d38.2458: NT Headers: 0xe8
297d38.2458: Timestamp: 0xcad89ab4
298d38.2458: Machine: 0x8664 - amd64
299d38.2458: Timestamp: 0xcad89ab4
300d38.2458: Image Version: 10.0
301d38.2458: SizeOfImage: 0x1f4000 (2048000)
302d38.2458: Resource Dir: 0x183000 LB 0x6fd28
303d38.2458: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
304d38.2458: [Raw version resource data: 0x1830f0 LB 0x380, codepage 0x0 (reserved 0x0)]
305d38.2458: ProductName: Microsoft® Windows® Operating System
306d38.2458: ProductVersion: 10.0.19041.207
307d38.2458: FileVersion: 10.0.19041.207 (WinBuild.160101.0800)
308d38.2458: FileDescription: NT Layer DLL
309d38.2458: \SystemRoot\System32\kernel32.dll:
310d38.2458: CreationTime: 2020-06-10T05:47:59.026012600Z
311d38.2458: LastWriteTime: 2020-06-10T05:47:59.038706100Z
312d38.2458: ChangeTime: 2020-06-10T06:00:31.576386400Z
313d38.2458: FileAttributes: 0x20
314d38.2458: Size: 0xbaa28
315d38.2458: NT Headers: 0xf0
316d38.2458: Timestamp: 0x73317569
317d38.2458: Machine: 0x8664 - amd64
318d38.2458: Timestamp: 0x73317569
319d38.2458: Image Version: 10.0
320d38.2458: SizeOfImage: 0xbd000 (774144)
321d38.2458: Resource Dir: 0xbb000 LB 0x520
322d38.2458: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
323d38.2458: [Raw version resource data: 0xbb0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
324d38.2458: ProductName: Microsoft® Windows® Operating System
325d38.2458: ProductVersion: 10.0.19041.292
326d38.2458: FileVersion: 10.0.19041.292 (WinBuild.160101.0800)
327d38.2458: FileDescription: Windows NT BASE API Client DLL
328d38.2458: \SystemRoot\System32\KernelBase.dll:
329d38.2458: CreationTime: 2020-06-10T05:48:05.967946200Z
330d38.2458: LastWriteTime: 2020-06-10T05:48:06.023608700Z
331d38.2458: ChangeTime: 2020-06-10T06:00:32.886389000Z
332d38.2458: FileAttributes: 0x20
333d38.2458: Size: 0x2c8740
334d38.2458: NT Headers: 0x100
335d38.2458: Timestamp: 0x84cd251b
336d38.2458: Machine: 0x8664 - amd64
337d38.2458: Timestamp: 0x84cd251b
338d38.2458: Image Version: 10.0
339d38.2458: SizeOfImage: 0x2c7000 (2912256)
340d38.2458: Resource Dir: 0x29e000 LB 0x548
341d38.2458: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
342d38.2458: [Raw version resource data: 0x29e0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
343d38.2458: ProductName: Microsoft® Windows® Operating System
344d38.2458: ProductVersion: 10.0.19041.292
345d38.2458: FileVersion: 10.0.19041.292 (WinBuild.160101.0800)
346d38.2458: FileDescription: Windows NT BASE API Client DLL
347d38.2458: \SystemRoot\System32\apisetschema.dll:
348d38.2458: CreationTime: 2019-12-07T09:08:13.518339400Z
349d38.2458: LastWriteTime: 2019-12-07T09:08:13.518339400Z
350d38.2458: ChangeTime: 2020-06-10T05:48:39.408907200Z
351d38.2458: FileAttributes: 0x20
352d38.2458: Size: 0x1f538
353d38.2458: NT Headers: 0xd0
354d38.2458: Timestamp: 0x31288ce0
355d38.2458: Machine: 0x8664 - amd64
356d38.2458: Timestamp: 0x31288ce0
357d38.2458: Image Version: 10.0
358d38.2458: SizeOfImage: 0x20000 (131072)
359d38.2458: Resource Dir: 0x1f000 LB 0x408
360d38.2458: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
361d38.2458: [Raw version resource data: 0x1f060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
362d38.2458: ProductName: Microsoft® Windows® Operating System
363d38.2458: ProductVersion: 10.0.19041.1
364d38.2458: FileVersion: 10.0.19041.1 (WinBuild.160101.0800)
365d38.2458: FileDescription: ApiSet Schema DLL
366d38.2458: NtOpenDirectoryObject failed on \Driver: 0xc0000022
367d38.2458: supR3HardenedWinFindAdversaries: 0x2
368d38.2458: \SystemRoot\System32\drivers\symevent64x86.sys:
369d38.2458: CreationTime: 2020-04-05T16:58:37.627740000Z
370d38.2458: LastWriteTime: 2020-04-05T16:58:37.395368800Z
371d38.2458: ChangeTime: 2020-05-28T06:51:21.146802000Z
372d38.2458: FileAttributes: 0x20
373d38.2458: Size: 0x18608
374d38.2458: NT Headers: 0xf0
375d38.2458: Timestamp: 0x5bbbe164
376d38.2458: Machine: 0x8664 - amd64
377d38.2458: Timestamp: 0x5bbbe164
378d38.2458: Image Version: 6.3
379d38.2458: SizeOfImage: 0x21000 (135168)
380d38.2458: Resource Dir: 0x1f000 LB 0x3c8
381d38.2458: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
382d38.2458: [Raw version resource data: 0x1f0b8 LB 0x310, codepage 0x4e4 (reserved 0x0)]
383d38.2458: ProductName: SYMEVENT
384d38.2458: ProductVersion: 14.0.7.71
385d38.2458: FileVersion: 14.0.7.71
386d38.2458: FileDescription: Symantec Event Library
387d38.2458: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
388d38.2458: Calling main()
389d38.2458: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
390d38.2458: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
391d38.2458: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
392d38.2458: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
393d38.2458: SUPR3HardenedMain: Respawn #2
394d38.2458: supR3HardNtEnableThreadCreationEx:
395d38.2458: supR3HardenedDllNotificationCallback: load 00007ff987cd0000 LB 0x00123000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
396d38.2458: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll)
397d38.2458: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
398d38.2458: supR3HardenedDllNotificationCallback: load 00007ff987760000 LB 0x0009b000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
399d38.2458: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
400d38.2458: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\sechost.dll)
401d38.2458: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sechost.dll
402d38.2458: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
403d38.2458: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntdll.dll)
404d38.2458: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntdll.dll
405d38.2458: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
406d38.2458: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
407d38.2458: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
408d38.2458: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
409d38.2458: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff988990000 'C:\WINDOWS\System32\ntdll.dll'
410d38.2458: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff988a044e0 pvNtTerminateThread=00007ff988a2b7e0
411d38.2458: supR3HardenedWinDoReSpawn(2): New child de0.125c [kernel32].
412d38.2458: supR3HardNtChildGatherData: PebBaseAddress=0000000000591000 cbPeb=0x388
413d38.2458: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff988990000 uNtDllChildAddr=00007ff988990000
414d38.2458: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff988a044e0
415d38.2458: supR3HardenedWinSetupChildInit: Initial context:
416 rax=0000000000000000 rbx=0000000000000000 rcx=00007ff73f757900 rdx=0000000000591000
417 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
418 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
419 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
420 rip=00007ff9889dcea0 rsp=00000000003cfc48 rbp=0000000000000000 ctxflags=0010001b
421 cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
422 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
423 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
424 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
425 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
426d38.2458: kernel32.dll: timestamp 0x73317569 (rc=VINF_SUCCESS)
427d38.2458: supR3HardenedWinSetupChildInit: Start child.
428d38.2458: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms.
429d38.2458: supR3HardNtChildPurify: Startup delay kludge #1/0: 517 ms, 33 sleeps
430d38.2458: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
431d38.2458: *0000000000000000-000000000028ffff 0x0001/0x0000 0x0000000
432d38.2458: *0000000000290000-00000000002affff 0x0004/0x0004 0x0020000
433d38.2458: *00000000002b0000-00000000002ccfff 0x0002/0x0002 0x0040000
434d38.2458: 00000000002cd000-00000000002cffff 0x0001/0x0000 0x0000000
435d38.2458: *00000000002d0000-00000000003cafff 0x0000/0x0004 0x0020000
436d38.2458: 00000000003cb000-00000000003cdfff 0x0104/0x0004 0x0020000
437d38.2458: 00000000003ce000-00000000003cffff 0x0004/0x0004 0x0020000
438d38.2458: *00000000003d0000-00000000003d3fff 0x0002/0x0002 0x0040000
439d38.2458: 00000000003d4000-00000000003dffff 0x0001/0x0000 0x0000000
440d38.2458: *00000000003e0000-00000000003e1fff 0x0004/0x0004 0x0020000
441d38.2458: 00000000003e2000-00000000003fffff 0x0001/0x0000 0x0000000
442d38.2458: *0000000000400000-0000000000590fff 0x0000/0x0004 0x0020000
443d38.2458: 0000000000591000-0000000000593fff 0x0004/0x0004 0x0020000
444d38.2458: 0000000000594000-00000000005fffff 0x0000/0x0004 0x0020000
445d38.2458: 0000000000600000-000000007ffdffff 0x0001/0x0000 0x0000000
446d38.2458: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
447d38.2458: 000000007ffe1000-000000007ffe7fff 0x0001/0x0000 0x0000000
448d38.2458: *000000007ffe8000-000000007ffe8fff 0x0002/0x0002 0x0020000
449d38.2458: 000000007ffe9000-00007ff5171dffff 0x0001/0x0000 0x0000000
450d38.2458: *00007ff5171e0000-00007ff5171e0fff 0x0002/0x0002 0x0040000
451d38.2458: 00007ff5171e1000-00007ff5171effff 0x0001/0x0000 0x0000000
452d38.2458: *00007ff5171f0000-00007ff517212fff 0x0002/0x0002 0x0040000
453d38.2458: 00007ff517213000-00007ff73f74ffff 0x0001/0x0000 0x0000000
454d38.2458: *00007ff73f750000-00007ff73f750fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
455d38.2458: 00007ff73f751000-00007ff73f7c6fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
456d38.2458: 00007ff73f7c7000-00007ff73f7c7fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
457d38.2458: 00007ff73f7c8000-00007ff73f80ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
458d38.2458: 00007ff73f810000-00007ff73f810fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
459d38.2458: 00007ff73f811000-00007ff73f811fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
460d38.2458: 00007ff73f812000-00007ff73f816fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
461d38.2458: 00007ff73f817000-00007ff73f817fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
462d38.2458: 00007ff73f818000-00007ff73f818fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
463d38.2458: 00007ff73f819000-00007ff73f81cfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
464d38.2458: 00007ff73f81d000-00007ff73f865fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
465d38.2458: 00007ff73f866000-00007ff98898ffff 0x0001/0x0000 0x0000000
466d38.2458: *00007ff988990000-00007ff988990fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
467d38.2458: 00007ff988991000-00007ff988aaafff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
468d38.2458: 00007ff988aab000-00007ff988af2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
469d38.2458: 00007ff988af3000-00007ff988afefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
470d38.2458: 00007ff988aff000-00007ff988b0dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
471d38.2458: 00007ff988b0e000-00007ff988b0efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
472d38.2458: 00007ff988b0f000-00007ff988b11fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
473d38.2458: 00007ff988b12000-00007ff988b83fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
474d38.2458: 00007ff988b84000-00007ffffffeffff 0x0001/0x0000 0x0000000
475d38.2458: VirtualBoxVM.exe: timestamp 0x5ed9201b (rc=VINF_SUCCESS)
476d38.2458: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
477d38.2458: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
478d38.2458: supR3HardNtChildPurify: Done after 605 ms and 0 fixes (loop #0).
479d38.2458: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000900000 LB 0x400000)
480d38.2458: supR3HardNtEnableThreadCreationEx:
481de0.125c: Log file opened: 6.1.10r138449 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa04a6100
482de0.125c: supR3HardenedVmProcessInit: uNtDllAddr=00007ff988990000 g_uNtVerCombined=0xa04a6100 (stack ~00000000003cf6d8)
483de0.125c: ntdll.dll: timestamp 0xcad89ab4 (rc=VINF_SUCCESS)
484de0.125c: New simple heap: #1 0000000000700000 LB 0x400000 (for 2048000 allocation)
485de0.125c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
486de0.125c: System32: \Device\HarddiskVolume3\Windows\System32
487de0.125c: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
488de0.125c: KnownDllPath: C:\WINDOWS\System32
489de0.125c: supR3HardenedVmProcessInit: Opening vboxdrv...
490de0.125c: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
491de0.125c: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
492de0.125c: Registered Dll notification callback with NTDLL.
493de0.125c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
494de0.125c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
495de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
496de0.125c: supR3HardenedDllNotificationCallback: load 00007ff9863d0000 LB 0x002c7000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
497de0.125c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
498de0.125c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
499de0.125c: supR3HardenedDllNotificationCallback: load 00007ff9874c0000 LB 0x000bd000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
500de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
501de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9874c0000 'C:\WINDOWS\System32\KERNEL32.DLL'
502de0.125c: supR3HardenedDllNotificationCallback: load 00007ff73f750000 LB 0x00116000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
503de0.125c: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
504de0.125c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
505de0.125c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
506de0.125c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff988a044e0 pvNtTerminateThread=00007ff988a2b7e0
507d38.2458: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 96 ms.
508de0.125c: \SystemRoot\System32\ntdll.dll:
509de0.125c: CreationTime: 2020-05-28T06:38:08.191919300Z
510de0.125c: LastWriteTime: 2020-05-28T06:38:08.207545900Z
511de0.125c: ChangeTime: 2020-06-10T05:48:39.549522100Z
512de0.125c: FileAttributes: 0x20
513de0.125c: Size: 0x1ed2f0
514de0.125c: NT Headers: 0xe8
515de0.125c: Timestamp: 0xcad89ab4
516de0.125c: Machine: 0x8664 - amd64
517de0.125c: Timestamp: 0xcad89ab4
518de0.125c: Image Version: 10.0
519de0.125c: SizeOfImage: 0x1f4000 (2048000)
520de0.125c: Resource Dir: 0x183000 LB 0x6fd28
521de0.125c: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
522de0.125c: [Raw version resource data: 0x1830f0 LB 0x380, codepage 0x0 (reserved 0x0)]
523de0.125c: ProductName: Microsoft® Windows® Operating System
524de0.125c: ProductVersion: 10.0.19041.207
525de0.125c: FileVersion: 10.0.19041.207 (WinBuild.160101.0800)
526de0.125c: FileDescription: NT Layer DLL
527de0.125c: \SystemRoot\System32\kernel32.dll:
528de0.125c: CreationTime: 2020-06-10T05:47:59.026012600Z
529de0.125c: LastWriteTime: 2020-06-10T05:47:59.038706100Z
530de0.125c: ChangeTime: 2020-06-10T06:00:31.576386400Z
531de0.125c: FileAttributes: 0x20
532de0.125c: Size: 0xbaa28
533de0.125c: NT Headers: 0xf0
534de0.125c: Timestamp: 0x73317569
535de0.125c: Machine: 0x8664 - amd64
536de0.125c: Timestamp: 0x73317569
537de0.125c: Image Version: 10.0
538de0.125c: SizeOfImage: 0xbd000 (774144)
539de0.125c: Resource Dir: 0xbb000 LB 0x520
540de0.125c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
541de0.125c: [Raw version resource data: 0xbb0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
542de0.125c: ProductName: Microsoft® Windows® Operating System
543de0.125c: ProductVersion: 10.0.19041.292
544de0.125c: FileVersion: 10.0.19041.292 (WinBuild.160101.0800)
545de0.125c: FileDescription: Windows NT BASE API Client DLL
546de0.125c: \SystemRoot\System32\KernelBase.dll:
547de0.125c: CreationTime: 2020-06-10T05:48:05.967946200Z
548de0.125c: LastWriteTime: 2020-06-10T05:48:06.023608700Z
549de0.125c: ChangeTime: 2020-06-10T06:00:32.886389000Z
550de0.125c: FileAttributes: 0x20
551de0.125c: Size: 0x2c8740
552de0.125c: NT Headers: 0x100
553de0.125c: Timestamp: 0x84cd251b
554de0.125c: Machine: 0x8664 - amd64
555de0.125c: Timestamp: 0x84cd251b
556de0.125c: Image Version: 10.0
557de0.125c: SizeOfImage: 0x2c7000 (2912256)
558de0.125c: Resource Dir: 0x29e000 LB 0x548
559de0.125c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
560de0.125c: [Raw version resource data: 0x29e0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
561de0.125c: ProductName: Microsoft® Windows® Operating System
562de0.125c: ProductVersion: 10.0.19041.292
563de0.125c: FileVersion: 10.0.19041.292 (WinBuild.160101.0800)
564de0.125c: FileDescription: Windows NT BASE API Client DLL
565de0.125c: \SystemRoot\System32\apisetschema.dll:
566de0.125c: CreationTime: 2019-12-07T09:08:13.518339400Z
567de0.125c: LastWriteTime: 2019-12-07T09:08:13.518339400Z
568de0.125c: ChangeTime: 2020-06-10T05:48:39.408907200Z
569de0.125c: FileAttributes: 0x20
570de0.125c: Size: 0x1f538
571de0.125c: NT Headers: 0xd0
572de0.125c: Timestamp: 0x31288ce0
573de0.125c: Machine: 0x8664 - amd64
574de0.125c: Timestamp: 0x31288ce0
575de0.125c: Image Version: 10.0
576de0.125c: SizeOfImage: 0x20000 (131072)
577de0.125c: Resource Dir: 0x1f000 LB 0x408
578de0.125c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
579de0.125c: [Raw version resource data: 0x1f060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
580de0.125c: ProductName: Microsoft® Windows® Operating System
581de0.125c: ProductVersion: 10.0.19041.1
582de0.125c: FileVersion: 10.0.19041.1 (WinBuild.160101.0800)
583de0.125c: FileDescription: ApiSet Schema DLL
584de0.125c: NtOpenDirectoryObject failed on \Driver: 0xc0000022
585de0.125c: supR3HardenedWinFindAdversaries: 0x2
586de0.125c: \SystemRoot\System32\drivers\symevent64x86.sys:
587de0.125c: CreationTime: 2020-04-05T16:58:37.627740000Z
588de0.125c: LastWriteTime: 2020-04-05T16:58:37.395368800Z
589de0.125c: ChangeTime: 2020-05-28T06:51:21.146802000Z
590de0.125c: FileAttributes: 0x20
591de0.125c: Size: 0x18608
592de0.125c: NT Headers: 0xf0
593de0.125c: Timestamp: 0x5bbbe164
594de0.125c: Machine: 0x8664 - amd64
595de0.125c: Timestamp: 0x5bbbe164
596de0.125c: Image Version: 6.3
597de0.125c: SizeOfImage: 0x21000 (135168)
598de0.125c: Resource Dir: 0x1f000 LB 0x3c8
599de0.125c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
600de0.125c: [Raw version resource data: 0x1f0b8 LB 0x310, codepage 0x4e4 (reserved 0x0)]
601de0.125c: ProductName: SYMEVENT
602de0.125c: ProductVersion: 14.0.7.71
603de0.125c: FileVersion: 14.0.7.71
604de0.125c: FileDescription: Symantec Event Library
605de0.125c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
606de0.125c: Calling main()
607de0.125c: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
608de0.125c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
609de0.125c: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
610de0.125c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
611de0.125c: SUPR3HardenedMain: Final process, opening VBoxDrv...
612de0.125c: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000700000 LB 0x400000)
613de0.125c: supR3HardNtEnableThreadCreationEx:
614de0.125c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
615de0.125c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
616de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
617de0.125c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
618de0.125c: supR3HardenedDllNotificationCallback: load 00007ff97e8d0000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
619de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
620de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
621de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
622de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff97e8d0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
623de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
624de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
625de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff97e8d0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
626de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff97e8d0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
627de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
628de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
629de0.125c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wintrust.dll)
630de0.125c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wintrust.dll
631de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
632de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
633de0.125c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll)
634de0.125c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
635de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
636de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
637de0.125c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcrt.dll)
638de0.125c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
639de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
640de0.125c: supR3HardenedDllNotificationCallback: load 00007ff987c30000 LB 0x0009e000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0]
641de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
642de0.125c: supR3HardenedDllNotificationCallback: load 00007ff987cd0000 LB 0x00123000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
643de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
644de0.125c: supR3HardenedDllNotificationCallback: load 00007ff986160000 LB 0x00060000 C:\WINDOWS\System32\Wintrust.dll [fFlags=0x0]
645de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
646de0.125c: supR3HardenedDllNotificationCallback: load 00007ff986700000 LB 0x00100000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0]
647de0.125c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ucrtbase.dll)
648de0.125c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ucrtbase.dll
649de0.125c: supR3HardenedDllNotificationCallback: load 00007ff986270000 LB 0x0015d000 C:\WINDOWS\System32\CRYPT32.dll [fFlags=0x0]
650de0.125c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\crypt32.dll)
651de0.125c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\crypt32.dll
652de0.125c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
653de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
654de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9863d0000 'api-ms-win-core-synch-l1-2-0'
655de0.125c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
656de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
657de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9863d0000 'api-ms-win-core-fibers-l1-1-1'
658de0.125c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
659de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
660de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9863d0000 'api-ms-win-core-fibers-l1-1-1'
661de0.125c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
662de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
663de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9863d0000 'api-ms-win-core-synch-l1-2-0'
664de0.125c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
665de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
666de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9863d0000 'api-ms-win-core-localization-l1-2-1'
667de0.125c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msasn1.dll)
668de0.125c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msasn1.dll
669de0.125c: supR3HardenedDllNotificationCallback: load 00007ff985ce0000 LB 0x00012000 C:\WINDOWS\SYSTEM32\MSASN1.dll [fFlags=0x0]
670de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
671de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986160000 'C:\WINDOWS\system32\Wintrust.dll'
672de0.125c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcrypt.dll)
673de0.125c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
674de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
675de0.125c: supR3HardenedDllNotificationCallback: load 00007ff9866d0000 LB 0x00027000 C:\WINDOWS\System32\bcrypt.dll [fFlags=0x0]
676de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
677de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9866d0000 'C:\WINDOWS\system32\bcrypt.dll'
678de0.125c: bcrypt.dll loaded at 00007ff9866d0000, BCryptOpenAlgorithmProvider at 00007ff9866d51e0, preloading providers:
679de0.125c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll)
680de0.125c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
681de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
682de0.125c: supR3HardenedDllNotificationCallback: load 00007ff9860e0000 LB 0x0007f000 C:\WINDOWS\System32\bcryptprimitives.dll [fFlags=0x0]
683de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
684de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9860e0000 'C:\WINDOWS\system32\bcryptprimitives.dll'
685de0.125c: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=0000000000c5f230)
686de0.125c: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=0000000000c5f7a0)
687de0.125c: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=0000000000c5fac0)
688de0.125c: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000000000c5fde0)
689de0.125c: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000000c60100)
690de0.125c: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000000c60420)
691de0.125c: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000000c60740)
692de0.125c: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000000c60e70)
693de0.125c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptsp.dll)
694de0.125c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptsp.dll
695de0.125c: supR3HardenedDllNotificationCallback: load 00007ff985ad0000 LB 0x00018000 C:\WINDOWS\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
696de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
697de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'bcrypt.dll'.
698de0.125c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rsaenh.dll)
699de0.125c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
700de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
701de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
702de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
703de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
704de0.125c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
705de0.125c: supR3HardenedDllNotificationCallback: load 00007ff985160000 LB 0x00034000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
706de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
707de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
708de0.125c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptbase.dll)
709de0.125c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptbase.dll
710de0.125c: supR3HardenedDllNotificationCallback: load 00007ff985990000 LB 0x0000c000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
711de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
712de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
713de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
714de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9874c0000 'C:\WINDOWS\System32\kernel32.dll'
715de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
716de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
717de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986160000 'C:\WINDOWS\System32\WINTRUST.DLL'
718de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
719de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
720de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\CRYPT32.dll'
721de0.125c: supR3HardenedDllNotificationCallback: load 00007ff9888c0000 LB 0x0001d000 C:\WINDOWS\System32\imagehlp.dll [fFlags=0x0]
722de0.125c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\imagehlp.dll)
723de0.125c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imagehlp.dll
724de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
725de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
726de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
727de0.125c: supR3HardenedDllNotificationCallback: load 00007ff987760000 LB 0x0009b000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
728de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
729de0.125c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\sechost.dll)
730de0.125c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sechost.dll
731de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
732de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
733de0.125c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gpapi.dll)
734de0.125c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gpapi.dll
735de0.125c: supR3HardenedDllNotificationCallback: load 00007ff9849b0000 LB 0x00023000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0]
736de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
737de0.125c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\profapi.dll)
738de0.125c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\profapi.dll
739de0.125c: supR3HardenedDllNotificationCallback: load 00007ff986020000 LB 0x0001f000 C:\WINDOWS\SYSTEM32\profapi.dll [fFlags=0x0]
740de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\profapi.dll [lacks WinVerifyTrust]
741de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
742de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
743de0.125c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\cryptnet.dll)
744de0.125c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptnet.dll
745de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
746de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
747de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
748de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
749de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
750de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
751de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
752de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
753de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
754de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
755de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
756de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
757de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
758de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
759de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
760de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
761de0.125c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
762de0.125c: supR3HardenedDllNotificationCallback: load 00007ff979dc0000 LB 0x00031000 C:\WINDOWS\System32\cryptnet.dll [fFlags=0x0]
763de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
764de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
765de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
766de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff979dc0000 'C:\WINDOWS\System32\cryptnet.dll'
767de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
768de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
769de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff979dc0000 'C:\WINDOWS\System32\cryptnet.dll'
770de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
771de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
772de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff979dc0000 'C:\WINDOWS\System32\cryptnet.dll'
773de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
774de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
775de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff979dc0000 'C:\WINDOWS\System32\cryptnet.dll'
776de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
777de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
778de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff979dc0000 'C:\WINDOWS\System32\cryptnet.dll'
779de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
780de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
781de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff979dc0000 'C:\WINDOWS\System32\cryptnet.dll'
782de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
783de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff979dc0000 'C:\WINDOWS\System32\cryptnet.dll'
784de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
785de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff979dc0000 'C:\WINDOWS\System32\cryptnet.dll'
786de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
787de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff979dc0000 'C:\WINDOWS\System32\cryptnet.dll'
788de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
789de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff979dc0000 'C:\WINDOWS\System32\cryptnet.dll'
790de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
791de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff979dc0000 'C:\WINDOWS\System32\cryptnet.dll'
792de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff979dc0000 'C:\WINDOWS\System32\cryptnet.dll'
793de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
794de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff979dc0000 'C:\Windows\System32\cryptnet.dll'
795de0.125c: supR3HardenedDllNotificationCallback: load 00007ff9880a0000 LB 0x000aa000 C:\WINDOWS\System32\advapi32.dll [fFlags=0x0]
796de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
797de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.
798de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
799de0.125c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\advapi32.dll)
800de0.125c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\advapi32.dll
801de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
802de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
803de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
804de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
805de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
806de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume3\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
807de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\sechost.dll [lacks WinVerifyTrust]
808de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
809de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
810de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
811de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
812de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
813de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
814de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
815de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
816de0.125c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
817de0.125c: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000d09d40
818de0.125c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d09d40
819de0.125c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7C56293D3DC3F537CEAE49D223D95585B6474FA2
820de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
821de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
822de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff987cd0000 'C:\WINDOWS\System32\rpcrt4.dll'
823de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
824de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
825de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
826de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
827de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
828de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
829de0.125c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.19041.264.cat'; file='\SystemRoot\System32\ntdll.dll'
830de0.125c: g_pfnWinVerifyTrust=00007ff986161da0
831de0.125c: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
832de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
833de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
834de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
835de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
836de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
837de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
838de0.125c: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\crypt32.dll'
839de0.125c: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
840de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
841de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
842de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
843de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
844de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
845de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
846de0.125c: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\wintrust.dll'
847de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
848de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
849de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
850de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
851de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
852de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
853de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\advapi32.dll'
854de0.125c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000380 pwszName=\Device\HarddiskVolume3\Windows\System32\cryptnet.dll
855de0.125c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d09d40
856de0.125c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d09d40
857de0.125c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=35D579607A81B539FE4EE838C90FF3AA54A92A17
858de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
859de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
860de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
861de0.125c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.19041.264.cat'; file='\Device\HarddiskVolume3\Windows\System32\cryptnet.dll'
862de0.125c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
863de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptnet.dll'
864de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
865de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
866de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
867de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\profapi.dll'
868de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
869de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
870de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
871de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gpapi.dll'
872de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
873de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
874de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
875de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\sechost.dll'
876de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
877de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
878de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
879de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imagehlp.dll'
880de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
881de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
882de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
883de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptbase.dll'
884de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
885de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
886de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
887de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rsaenh.dll'
888de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
889de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
890de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
891de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
892de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
893de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
894de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptsp.dll'
895de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
896de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
897de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll'
898de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
899de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
900de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll'
901de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
902de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
903de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msasn1.dll'
904de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
905de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
906de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ucrtbase.dll'
907de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
908de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
909de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll'
910de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
911de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
912de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll'
913de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
914de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
915de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
916de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe'
917de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
918de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
919de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\KernelBase.dll'
920de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
921de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
922de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\kernel32.dll'
923de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\system32\crypt32.dll'
924de0.125c: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
925de0.125c: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
926de0.125c: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
927de0.125c: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
928de0.125c: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
929de0.125c: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
930de0.125c: supR3HardenedWinIsDesiredRootCA: Adding 0x4d4f73fbdc4bc315 CN=DESKTOP-E5I3OCF
931de0.125c: supR3HardenedWinIsDesiredRootCA: Adding 0xec15846517d9ac00 C=CA, ST=Ontario, L=Toronto, O=SurfEasy, CN=SurfEasy CA, Email=ops@surfeasy.com
932de0.125c: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
933de0.125c: supR3HardenedWinIsDesiredRootCA: Adding 0xf3bb4d7e894b420 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC TS Root Certificate Authority 2018
934de0.125c: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
935de0.125c: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
936de0.125c: supR3HardenedWinIsDesiredRootCA: Adding 0xf99d8f3e8a37d100 CN=Microsoft Intune Root Certification Authority
937de0.125c: supR3HardenedWinIsDesiredRootCA: Adding 0x6cda646a98a6ca72 CN=DESKTOP-E5I3OCF
938de0.125c: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018
939de0.125c: supR3HardenedWinIsDesiredRootCA: Adding 0xca58a05dd401ae00 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Time Stamp Root Certificate Authority 2014
940de0.125c: supR3HardenedWinIsDesiredRootCA: Adding 0xa12b07674f1bf600 C=US, O=AffirmTrust, CN=AffirmTrust Commercial
941de0.125c: supR3HardenedWinIsDesiredRootCA: Adding 0x2ca429a5c4c6a700 C=IT, L=Milan, O=Actalis S.p.A./03358520967, CN=Actalis Authentication Root CA
942de0.125c: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
943de0.125c: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
944de0.125c: supR3HardenedWinIsDesiredRootCA: Adding 0x50bb81640c01cb00 C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Root Certification Authority
945de0.125c: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
946de0.125c: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
947de0.125c: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
948de0.125c: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
949de0.125c: supR3HardenedWinIsDesiredRootCA: Adding 0xe248b7eeee4af00 C=CH, O=SwissSign AG, CN=SwissSign Gold CA - G2
950de0.125c: supR3HardenedWinIsDesiredRootCA: Adding 0x266e9b638ffac00 C=HK, O=Hongkong Post, CN=Hongkong Post Root CA 1
951de0.125c: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
952de0.125c: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
953de0.125c: supR3HardenedWinIsDesiredRootCA: Adding 0xeae16ef49d40be00 C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
954de0.125c: supR3HardenedWinIsDesiredRootCA: Adding 0xc6536f24d57ae723 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust ECC Certification Authority
955de0.125c: supR3HardenedWinIsDesiredRootCA: Adding 0x9403a4b8727eb000 C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Root Certification Authority
956de0.125c: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
957de0.125c: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
958de0.125c: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
959de0.125c: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
960de0.125c: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
961de0.125c: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
962de0.125c: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
963de0.125c: supR3HardenedWinIsDesiredRootCA: Adding 0x3178d37f87f1c400 C=CH, O=SwissSign AG, CN=SwissSign Silver CA - G2
964de0.125c: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
965de0.125c: supR3HardenedWinIsDesiredRootCA: Adding 0xd578ca718078b200 C=US, O=Amazon, CN=Amazon Root CA 1
966de0.125c: supR3HardenedWinIsDesiredRootCA: Adding 0xef62113787ebace5 C=US, O=GeoTrust Inc., OU=(c) 2007 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G2
967de0.125c: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
968de0.125c: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
969de0.125c: supR3HardenedWinIsDesiredRootCA: Adding 0x4b24f9897ec7e300 C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden EV Root CA
970de0.125c: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
971de0.125c: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
972de0.125c: supR3HardenedWinIsDesiredRootCA: Adding 0xc66d30927ebce400 C=US, O=Network Solutions L.L.C., CN=Network Solutions Certificate Authority
973de0.125c: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
974de0.125c: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
975de0.125c: supR3HardenedWinIsDesiredRootCA: Adding 0xb352b1523915d000 C=JP, O=SECOM Trust Systems CO.,LTD., OU=Security Communication RootCA2
976de0.125c: supR3HardenedWinIsDesiredRootCA: Adding 0x16e64d2a56ccf200 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., OU=http://certificates.starfieldtech.com/repository/, CN=Starfield Services Root Certificate Authority
977de0.125c: supR3HardenedWinIsDesiredRootCA: Adding 0x73e85f1bda5faa00 C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 2
978de0.125c: supR3HardenedWinIsDesiredRootCA: Adding 0xef477acf4ab2d300 C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 2009
979de0.125c: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
980de0.125c: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
981de0.125c: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
982de0.125c: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
983de0.125c: supR3HardenedWinIsDesiredRootCA: Adding 0xb16dd37ffeb3b300 C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1
984de0.125c: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
985de0.125c: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
986de0.125c: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
987de0.125c: supR3HardenedWinIsDesiredRootCA: Adding 0xb9ff821d139e9bf OU=GlobalSign ECC Root CA - R5, O=GlobalSign, CN=GlobalSign
988de0.125c: supR3HardenedWinIsDesiredRootCA: Adding 0xdc1801b225aea100 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 G3
989de0.125c: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
990de0.125c: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
991de0.125c: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
992de0.125c: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=68
993de0.125c: SUPR3HardenedMain: Load Runtime...
994de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
995de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
996de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
997de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
998de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
999de0.125c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
1000de0.125c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1001de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1002de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1003de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
1004de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
1005de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
1006de0.125c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ws2_32.dll) WinVerifyTrust
1007de0.125c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
1008de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1009de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1010de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
1011de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1012de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1013de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1014de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1015de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
1016de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
1017de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1018de0.125c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
1019de0.125c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
1020de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1021de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1022de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1023de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1024de0.125c: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1025de0.125c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll)
1026de0.125c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
1027de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
1028de0.125c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
1029de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
1030de0.125c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1031de0.125c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
1032de0.125c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
1033de0.125c: supR3HardenedDllNotificationCallback: load 000000005c100000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
1034de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
1035de0.125c: supR3HardenedDllNotificationCallback: load 000000005a340000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
1036de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
1037de0.125c: supR3HardenedDllNotificationCallback: load 00007ff9876f0000 LB 0x0006b000 C:\WINDOWS\System32\WS2_32.dll [fFlags=0x0]
1038de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
1039de0.125c: supR3HardenedDllNotificationCallback: load 00007ff92bff0000 LB 0x005d6000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
1040de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1041de0.125c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1042de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1043de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1044de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1045de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92bff0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1046de0.125c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1047de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1048de0.125c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1049de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1050de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1051de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1052de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92bff0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1053de0.125c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1054de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1055de0.125c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1056de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1057de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1058de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1059de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92bff0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1060de0.125c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1061de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1062de0.125c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1063de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1064de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1065de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1066de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92bff0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1067de0.125c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1068de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1069de0.125c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1070de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1071de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1072de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1073de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92bff0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1074de0.125c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1075de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1076de0.125c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1077de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1078de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1079de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1080de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92bff0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1081de0.125c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1082de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1083de0.125c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1084de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1085de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92bff0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1086de0.125c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1087de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1088de0.125c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1089de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1090de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92bff0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1091de0.125c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1092de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1093de0.125c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1094de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1095de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92bff0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1096de0.125c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1097de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1098de0.125c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1099de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1100de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92bff0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1101de0.125c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1102de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1103de0.125c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1104de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1105de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92bff0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1106de0.125c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1107de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1108de0.125c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1109de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1110de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92bff0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1111de0.125c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1112de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1113de0.125c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1114de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1115de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92bff0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1116de0.125c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1117de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1118de0.125c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1119de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1120de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1121de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1122de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92bff0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1123de0.125c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1124de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1125de0.125c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1126de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1127de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92bff0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1128de0.125c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1129de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1130de0.125c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1131de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1132de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92bff0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1133de0.125c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1134de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1135de0.125c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1136de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1137de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92bff0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1138de0.125c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1139de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1140de0.125c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1141de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1142de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92bff0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1143de0.125c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1144de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1145de0.125c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1146de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1147de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92bff0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1148de0.125c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1149de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1150de0.125c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1151de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1152de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92bff0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1153de0.125c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1154de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1155de0.125c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1156de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1157de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92bff0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1158de0.125c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1159de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1160de0.125c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1161de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1162de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92bff0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1163de0.125c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1164de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1165de0.125c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1166de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1167de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92bff0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1168de0.125c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1169de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1170de0.125c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1171de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1172de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92bff0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1173de0.125c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1174de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1175de0.125c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1176de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1177de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92bff0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1178de0.125c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1179de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1180de0.125c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1181de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1182de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92bff0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1183de0.125c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1184de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1185de0.125c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1186de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1187de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92bff0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1188de0.125c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1189de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1190de0.125c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1191de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1192de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92bff0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1193de0.125c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1194de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1195de0.125c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1196de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1197de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92bff0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1198de0.125c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1199de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1200de0.125c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1201de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1202de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1203de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1204de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92bff0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1205de0.125c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1206de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1207de0.125c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1208de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1209de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92bff0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1210de0.125c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1211de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1212de0.125c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1213de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1214de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92bff0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1215de0.125c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1216de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1217de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92bff0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1218de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
1219de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'
1220de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll
1221de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1222de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986160000 'C:\WINDOWS\system32\Wintrust.dll'
1223de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
1224de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1225de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
1226de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
1227de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
1228de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
1229de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\system32\crypt32.dll'
1230de0.125c: SUPR3HardenedMain: Load TrustedMain...
1231de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
1232de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1233de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'uicommon.dll'.
1234de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
1235de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcp100.dll'.
1236de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcr100.dll'.
1237de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5corevbox.dll'.
1238de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5guivbox.dll'.
1239de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5widgetsvbox.dll'.
1240de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
1241de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
1242de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'ole32.dll'.
1243de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'oleaut32.dll'.
1244de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'winmm.dll'.
1245de0.125c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll) WinVerifyTrust
1246de0.125c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
1247de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1248de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1249de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
1250de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
1251de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1252de0.125c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winmm.dll) WinVerifyTrust
1253de0.125c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winmm.dll
1254de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1255de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1256de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1257de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1258de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
1259de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
1260de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
1261de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
1262de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
1263de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
1264de0.125c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\oleaut32.dll) WinVerifyTrust
1265de0.125c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
1266de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1267de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1268de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1269de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1270de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
1271de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1272de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1273de0.125c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
1274de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
1275de0.125c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\combase.dll)
1276de0.125c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\combase.dll
1277de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
1278de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
1279de0.125c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
1280de0.125c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll)
1281de0.125c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
1282de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1283de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1284de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
1285de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
1286de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1287de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
1288de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
1289de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #49 'gdi32.dll'.
1290de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #50 'user32.dll'.
1291de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #51 'combase.dll'.
1292de0.125c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ole32.dll) WinVerifyTrust
1293de0.125c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ole32.dll
1294de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1295de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1296de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1297de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1298de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [lacks WinVerifyTrust]
1299de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1300de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1301de0.125c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
1302de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
1303de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'gdi32.dll'.
1304de0.125c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\user32.dll)
1305de0.125c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\user32.dll
1306de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1307de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1308de0.125c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
1309de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'win32u.dll'.
1310de0.125c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32.dll)
1311de0.125c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32.dll
1312de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1313de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1314de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1315de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1316de0.125c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
1317de0.125c: '\Device\HarddiskVolume3\Windows\System32\win32u.dll' has no imports
1318de0.125c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\win32u.dll)
1319de0.125c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\win32u.dll
1320de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1321de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1322de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1323de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1324de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1325de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
1326de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
1327de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
1328de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
1329de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'gdi32.dll'.
1330de0.125c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\user32.dll) WinVerifyTrust
1331de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
1332de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
1333de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1334de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1335de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1336de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1337de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1338de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
1339de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
1340de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
1341de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
1342de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
1343de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
1344de0.125c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
1345de0.125c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
1346de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1347de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1348de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1349de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1350de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
1351de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1352de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1353de0.125c: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'.
1354de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1355de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
1356de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
1357de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
1358de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
1359de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
1360de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
1361de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
1362de0.125c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll)
1363de0.125c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1364de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1365de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1366de0.125c: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'.
1367de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
1368de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
1369de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1370de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1371de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
1372de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1373de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1374de0.125c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll)
1375de0.125c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1376de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1377de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1378de0.125c: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
1379de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1380de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1381de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
1382de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
1383de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
1384de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1385de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1386de0.125c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll)
1387de0.125c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
1388de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1389de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1390de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
1391de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1392de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1393de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
1394de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1395de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1396de0.125c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
1397de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
1398de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #72 'user32.dll'.
1399de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #74 'gdi32.dll'.
1400de0.125c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shell32.dll)
1401de0.125c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shell32.dll
1402de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1403de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1404de0.125c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
1405de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1406de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1407de0.125c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
1408de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1409de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1410de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
1411de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1412de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1413de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1414de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1415de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1416de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
1417de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1418de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1419de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
1420de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1421de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1422de0.125c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
1423de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1424de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1425de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
1426de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1427de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1428de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1429de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1430de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1431de0.125c: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\opengl32.dll'.
1432de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1433de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
1434de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1435de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1436de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'glu32.dll'.
1437de0.125c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\opengl32.dll)
1438de0.125c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\opengl32.dll
1439de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1440de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1441de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
1442de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1443de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1444de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
1445de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1446de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1447de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
1448de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
1449de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
1450de0.125c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
1451de0.125c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\mpr.dll)
1452de0.125c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\mpr.dll
1453de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1454de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1455de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
1456de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1457de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1458de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
1459de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1460de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1461de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
1462de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1463de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1464de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [lacks WinVerifyTrust]
1465de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1466de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1467de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
1468de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
1469de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
1470de0.125c: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
1471de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1472de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1473de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'opengl32.dll'.
1474de0.125c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\glu32.dll)
1475de0.125c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\glu32.dll
1476de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1477de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1478de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1479de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1480de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1481de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
1482de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1483de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1484de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
1485de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1486de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1487de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
1488de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1489de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1490de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1491de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1492de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1493de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
1494de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
1495de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
1496de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust]
1497de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1498de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1499de0.125c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
1500de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1501de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1502de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
1503de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1504de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1505de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
1506de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
1507de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1508de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1509de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
1510de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
1511de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
1512de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1513de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1514de0.125c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust
1515de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1516de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1517de0.125c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust]
1518de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1519de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1520de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
1521de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1522de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1523de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
1524de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1525de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1526de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [lacks WinVerifyTrust]
1527de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1528de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1529de0.125c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
1530de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1531de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1532de0.125c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
1533de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1534de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1535de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
1536de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1537de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1538de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1539de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
1540de0.125c: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'
1541de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1542de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1543de0.125c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust]
1544de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
1545de0.125c: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'
1546de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1547de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1548de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
1549de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1550de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1551de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
1552de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1553de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1554de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uicommon.dll'...
1555de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'uicommon.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\uicommon.dll' [rcNtRedir=0xc0150008]
1556de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
1557de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
1558de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcr100.dll'.
1559de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
1560de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
1561de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5widgetsvbox.dll'.
1562de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
1563de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
1564de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'.
1565de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
1566de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
1567de0.125c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\UICommon.dll) WinVerifyTrust
1568de0.125c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\UICommon.dll
1569de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1570de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1571de0.125c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
1572de0.125c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004a8 pwszName=\Device\HarddiskVolume3\Windows\System32\opengl32.dll
1573de0.125c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d09d40
1574de0.125c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d09d40
1575de0.125c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D59116339FF1B29B4A343FCBB3B064353F8B9655
1576de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1577de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1578de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1579de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1580de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
1581de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1582de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1583de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
1584de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1585de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1586de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
1587de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1588de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1589de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
1590de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1591de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1592de0.125c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust]
1593de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1594de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1595de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1596de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1597de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1598de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1599de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1600de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1601de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1602de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1603de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
1604de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
1605de0.125c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0212~31bf3856ad364e35~amd64~~10.0.19041.264.cat'; file='\Device\HarddiskVolume3\Windows\System32\opengl32.dll'
1606de0.125c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1607de0.125c: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\opengl32.dll'
1608de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
1609de0.125c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
1610de0.125c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
1611de0.125c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\UICommon.dll
1612de0.125c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1613de0.125c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1614de0.125c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [avoiding WinVerifyTrust]
1615de0.125c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
1616de0.125c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
1617de0.125c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
1618de0.125c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
1619de0.125c: supR3HardenedDllNotificationCallback: load 00007ff9866a0000 LB 0x00022000 C:\WINDOWS\System32\win32u.dll [fFlags=0x0]
1620de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [avoiding WinVerifyTrust]
1621de0.125c: supR3HardenedDllNotificationCallback: load 00007ff986800000 LB 0x0009d000 C:\WINDOWS\System32\msvcp_win.dll [fFlags=0x0]
1622de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [avoiding WinVerifyTrust]
1623de0.125c: supR3HardenedDllNotificationCallback: load 00007ff9868f0000 LB 0x0010a000 C:\WINDOWS\System32\gdi32full.dll [fFlags=0x0]
1624de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
1625de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
1626de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'user32.dll'.
1627de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'win32u.dll'.
1628de0.125c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32full.dll)
1629de0.125c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32full.dll
1630de0.125c: supR3HardenedDllNotificationCallback: load 00007ff988150000 LB 0x0002a000 C:\WINDOWS\System32\GDI32.dll [fFlags=0x0]
1631de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [avoiding WinVerifyTrust]
1632de0.125c: supR3HardenedDllNotificationCallback: load 00007ff987320000 LB 0x001a0000 C:\WINDOWS\System32\USER32.dll [fFlags=0x0]
1633de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [avoiding WinVerifyTrust]
1634de0.125c: supR3HardenedDllNotificationCallback: load 00007ff987800000 LB 0x00353000 C:\WINDOWS\System32\combase.dll [fFlags=0x0]
1635de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [avoiding WinVerifyTrust]
1636de0.125c: supR3HardenedDllNotificationCallback: load 00007ff9684f0000 LB 0x0002c000 C:\WINDOWS\SYSTEM32\GLU32.dll [fFlags=0x0]
1637de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
1638de0.125c: supR3HardenedDllNotificationCallback: load 00007ff968520000 LB 0x0015c000 C:\WINDOWS\SYSTEM32\OPENGL32.dll [fFlags=0x0]
1639de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
1640de0.125c: supR3HardenedDllNotificationCallback: load 00007ff988180000 LB 0x00734000 C:\WINDOWS\System32\SHELL32.dll [fFlags=0x0]
1641de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [avoiding WinVerifyTrust]
1642de0.125c: supR3HardenedDllNotificationCallback: load 00007ff986ae0000 LB 0x00129000 C:\WINDOWS\System32\ole32.dll [fFlags=0x0]
1643de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
1644de0.125c: supR3HardenedDllNotificationCallback: load 00007ff96c8d0000 LB 0x0001d000 C:\WINDOWS\SYSTEM32\MPR.dll [fFlags=0x0]
1645de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
1646de0.125c: supR3HardenedDllNotificationCallback: load 000000005a950000 LB 0x00565000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
1647de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1648de0.125c: supR3HardenedDllNotificationCallback: load 00007ff92b9f0000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
1649de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1650de0.125c: supR3HardenedDllNotificationCallback: load 000000005a3e0000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
1651de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [avoiding WinVerifyTrust]
1652de0.125c: supR3HardenedDllNotificationCallback: load 00007ff986de0000 LB 0x000cd000 C:\WINDOWS\System32\OLEAUT32.dll [fFlags=0x0]
1653de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
1654de0.125c: supR3HardenedDllNotificationCallback: load 00007ff914510000 LB 0x02314000 C:\Program Files\Oracle\VirtualBox\UICommon.dll [fFlags=0x0]
1655de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\UICommon.dll
1656de0.125c: supR3HardenedDllNotificationCallback: load 00000000596f0000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
1657de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
1658de0.125c: supR3HardenedDllNotificationCallback: load 00007ff96f560000 LB 0x00027000 C:\WINDOWS\SYSTEM32\WINMM.dll [fFlags=0x0]
1659de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
1660de0.125c: supR3HardenedDllNotificationCallback: load 00007ff92b1b0000 LB 0x001c8000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll [fFlags=0x0]
1661de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
1662de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
1663de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
1664de0.125c: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
1665de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
1666de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
1667de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
1668de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
1669de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
1670de0.125c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
1671de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
1672de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
1673de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
1674de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
1675de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
1676de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
1677de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
1678de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
1679de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
1680de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
1681de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
1682de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
1683de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1684de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1685de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [redoing WinVerifyTrust]
1686de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
1687de0.125c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\win32u.dll
1688de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1689de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1690de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [redoing WinVerifyTrust]
1691de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
1692de0.125c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\user32.dll
1693de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1694de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1695de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
1696de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
1697de0.125c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\gdi32.dll
1698de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
1699de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
1700de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
1701de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
1702de0.125c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
1703de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1704de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9874c0000 'C:\WINDOWS\System32\kernel32.dll'
1705de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
1706de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
1707de0.125c: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
1708de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
1709de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
1710de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
1711de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
1712de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
1713de0.125c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
1714de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
1715de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
1716de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
1717de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
1718de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
1719de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
1720de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
1721de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
1722de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
1723de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
1724de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
1725de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
1726de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
1727de0.125c: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
1728de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
1729de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
1730de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
1731de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
1732de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
1733de0.125c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
1734de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
1735de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
1736de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
1737de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
1738de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
1739de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
1740de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
1741de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
1742de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
1743de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
1744de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
1745de0.125c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
1746de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1747de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9863d0000 'api-ms-win-core-string-l1-1-0'
1748de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
1749de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
1750de0.125c: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
1751de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
1752de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
1753de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
1754de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
1755de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
1756de0.125c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
1757de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
1758de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
1759de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
1760de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
1761de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
1762de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
1763de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
1764de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
1765de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
1766de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
1767de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
1768de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
1769de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
1770de0.125c: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
1771de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
1772de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
1773de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
1774de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
1775de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
1776de0.125c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
1777de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
1778de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
1779de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
1780de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
1781de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
1782de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
1783de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
1784de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
1785de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
1786de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
1787de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
1788de0.125c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
1789de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1790de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9863d0000 'api-ms-win-core-datetime-l1-1-1'
1791de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
1792de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
1793de0.125c: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
1794de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
1795de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
1796de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
1797de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
1798de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
1799de0.125c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
1800de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
1801de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
1802de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
1803de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
1804de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
1805de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
1806de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
1807de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
1808de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
1809de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
1810de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
1811de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
1812de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
1813de0.125c: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
1814de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
1815de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
1816de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
1817de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
1818de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
1819de0.125c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
1820de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
1821de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
1822de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
1823de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
1824de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
1825de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
1826de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
1827de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
1828de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
1829de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
1830de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
1831de0.125c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
1832de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1833de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9863d0000 'api-ms-win-core-localization-obsolete-l1-2-0'
1834de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
1835de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
1836de0.125c: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
1837de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
1838de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
1839de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
1840de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
1841de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
1842de0.125c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
1843de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
1844de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
1845de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
1846de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
1847de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
1848de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
1849de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
1850de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
1851de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
1852de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
1853de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
1854de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
1855de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
1856de0.125c: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
1857de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
1858de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
1859de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
1860de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
1861de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
1862de0.125c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
1863de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
1864de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
1865de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
1866de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
1867de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
1868de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
1869de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
1870de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
1871de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
1872de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
1873de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
1874de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
1875de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
1876de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'win32u.dll'.
1877de0.125c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\imm32.dll)
1878de0.125c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imm32.dll
1879de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1880de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1881de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [redoing WinVerifyTrust]
1882de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
1883de0.125c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\win32u.dll
1884de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1885de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1886de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [redoing WinVerifyTrust]
1887de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
1888de0.125c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\user32.dll
1889de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
1890de0.125c: supR3HardenedDllNotificationCallback: load 00007ff986ab0000 LB 0x00030000 C:\WINDOWS\System32\IMM32.DLL [fFlags=0x0]
1891de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
1892de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986ab0000 'C:\WINDOWS\system32\IMM32.DLL'
1893de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
1894de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rescheduled]
1895de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
1896de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
1897de0.125c: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
1898de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
1899de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
1900de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
1901de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
1902de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
1903de0.125c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
1904de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
1905de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
1906de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
1907de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
1908de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
1909de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
1910de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
1911de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
1912de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
1913de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
1914de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
1915de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
1916de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rescheduled]
1917de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
1918de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
1919de0.125c: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
1920de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
1921de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
1922de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
1923de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
1924de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
1925de0.125c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
1926de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
1927de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
1928de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
1929de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
1930de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
1931de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
1932de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
1933de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
1934de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
1935de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
1936de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
1937de0.125c: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\System32\edgegdi.dll': 0 (NtPath=\??\C:\WINDOWS\System32\edgegdi.dll; Input=edgegdi.dll; rcNtGetDll=0xc0000135
1938de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\System32\edgegdi.dll'
1939de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
1940de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rescheduled]
1941de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
1942de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
1943de0.125c: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
1944de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
1945de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
1946de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
1947de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
1948de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
1949de0.125c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
1950de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
1951de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
1952de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
1953de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
1954de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
1955de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
1956de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
1957de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
1958de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
1959de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
1960de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
1961de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
1962de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1963de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9880a0000 'C:\WINDOWS\System32\ADVAPI32.DLL'
1964de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
1965de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rescheduled]
1966de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
1967de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
1968de0.125c: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
1969de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
1970de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
1971de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
1972de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
1973de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
1974de0.125c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
1975de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
1976de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
1977de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
1978de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
1979de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
1980de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
1981de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
1982de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
1983de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
1984de0.125c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
1985de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
1986de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92b1b0000 'C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll'
1987de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
1988de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
1989de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll'
1990de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
1991de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
1992de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'
1993de0.125c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000047c pwszName=\Device\HarddiskVolume3\Windows\System32\glu32.dll
1994de0.125c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d09d40
1995de0.125c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d09d40
1996de0.125c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=963449C047676DA4B69F8A6EE574773FF48118F8
1997de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
1998de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
1999de0.125c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0212~31bf3856ad364e35~amd64~~10.0.19041.264.cat'; file='\Device\HarddiskVolume3\Windows\System32\glu32.dll'
2000de0.125c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2001de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll'
2002de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
2003de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
2004de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll'
2005de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
2006de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
2007de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll'
2008de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
2009de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'
2010de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
2011de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
2012de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll'
2013de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
2014de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
2015de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'
2016de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
2017de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
2018de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\user32.dll'
2019de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
2020de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
2021de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'
2022de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
2023de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
2024de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\combase.dll'
2025de0.125c: SUPR3HardenedMain: Calling TrustedMain (00007ff92b1b16c0)...
2026de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'combase.dll'.
2027de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'msvcp_win.dll'.
2028de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'wldp.dll'.
2029de0.125c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\windows.storage.dll)
2030de0.125c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\windows.storage.dll
2031de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2032de0.125c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wldp.dll)
2033de0.125c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wldp.dll
2034de0.125c: supR3HardenedDllNotificationCallback: load 00007ff985a20000 LB 0x0002b000 C:\WINDOWS\SYSTEM32\Wldp.dll [fFlags=0x0]
2035de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wldp.dll [avoiding WinVerifyTrust]
2036de0.125c: supR3HardenedDllNotificationCallback: load 00007ff984210000 LB 0x0078e000 C:\WINDOWS\SYSTEM32\windows.storage.dll [fFlags=0x0]
2037de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\windows.storage.dll [avoiding WinVerifyTrust]
2038de0.125c: supR3HardenedDllNotificationCallback: load 00007ff986a00000 LB 0x000ae000 C:\WINDOWS\System32\SHCORE.dll [fFlags=0x0]
2039de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2040de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'combase.dll'.
2041de0.125c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\SHCore.dll)
2042de0.125c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\SHCore.dll
2043de0.125c: supR3HardenedDllNotificationCallback: load 00007ff987bd0000 LB 0x00055000 C:\WINDOWS\System32\shlwapi.dll [fFlags=0x0]
2044de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
2045de0.125c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shlwapi.dll)
2046de0.125c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
2047de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2048de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2049de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
2050de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
2051de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
2052de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll
2053de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2054de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2055de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2056de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2057de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldp.dll'...
2058de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldp.dll' -> '\Device\HarddiskVolume3\Windows\System32\wldp.dll' [rcNtRedir=0xc0150008]
2059de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wldp.dll [lacks WinVerifyTrust]
2060de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
2061de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
2062de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
2063de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
2064de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
2065de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll
2066de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
2067de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
2068de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'
2069de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
2070de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
2071de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'
2072de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
2073de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
2074de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\wldp.dll'
2075de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
2076de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
2077de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'
2078de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
2079de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
2080de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
2081de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
2082de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
2083de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
2084de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
2085de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
2086de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
2087de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
2088de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
2089de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
2090de0.125c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
2091de0.125c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
2092de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2093de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2094de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
2095de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
2096de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
2097de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
2098de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
2099de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
2100de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2101de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2102de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
2103de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
2104de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
2105de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
2106de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2107de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2108de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
2109de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
2110de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
2111de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
2112de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
2113de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
2114de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll
2115de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2116de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2117de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2118de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2119de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
2120de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2121de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2122de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2123de0.125c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
2124de0.125c: supR3HardenedDllNotificationCallback: load 00007ff95c9e0000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
2125de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
2126de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff95c9e0000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
2127de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'.
2128de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
2129de0.125c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll)
2130de0.125c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll
2131de0.125c: supR3HardenedDllNotificationCallback: load 00007ff984a00000 LB 0x00013000 C:\WINDOWS\SYSTEM32\kernel.appcore.dll [fFlags=0x0]
2132de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll [avoiding WinVerifyTrust]
2133de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2134de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2135de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2136de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2137de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
2138de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
2139de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'
2140de0.125c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000654 pwszName=\Device\HarddiskVolume3\Windows\System32\uxtheme.dll
2141de0.125c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d09d40
2142de0.125c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d09d40
2143de0.125c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=008FC60BD6BD131F2BA2F8399DCDDB004781856F
2144de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
2145de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
2146de0.125c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0419~31bf3856ad364e35~amd64~~10.0.19041.264.cat'; file='\Device\HarddiskVolume3\Windows\System32\uxtheme.dll'
2147de0.125c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2148de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2149de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
2150de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'user32.dll'.
2151de0.125c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\uxtheme.dll) WinVerifyTrust
2152de0.125c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
2153de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2154de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2155de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2156de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2157de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2158de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2159de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2160de0.125c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
2161de0.125c: supR3HardenedDllNotificationCallback: load 00007ff980650000 LB 0x0009f000 C:\WINDOWS\system32\uxtheme.dll [fFlags=0x0]
2162de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
2163de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff980650000 'C:\WINDOWS\system32\uxtheme.dll'
2164de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff987320000 'C:\WINDOWS\system32\user32.dll'
2165de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
2166de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2167de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff988180000 'C:\WINDOWS\system32\shell32.dll'
2168de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll
2169de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\SHCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2170de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986a00000 'C:\WINDOWS\system32\SHCore.dll'
2171de0.125c: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll; rcNtGetDll=0x0
2172de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\system32\wintab32.dll'
2173de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff987320000 'C:\WINDOWS\system32\user32.dll'
2174de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
2175de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2176de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\system32\winmm.dll'
2177de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
2178de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2179de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\system32\winmm.dll'
2180de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
2181de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2182de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff988180000 'C:\WINDOWS\system32\shell32.dll'
2183de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
2184de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2185de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff980650000 'C:\WINDOWS\system32\uxtheme.dll'
2186de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
2187de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2188de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9880a0000 'C:\WINDOWS\system32\advapi32.dll'
2189de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
2190de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
2191de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
2192de0.125c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\userenv.dll) WinVerifyTrust
2193de0.125c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\userenv.dll
2194de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2195de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2196de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2197de0.125c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll
2198de0.125c: supR3HardenedDllNotificationCallback: load 00007ff985fe0000 LB 0x0002e000 C:\WINDOWS\system32\userenv.dll [fFlags=0x0]
2199de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll
2200de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985fe0000 'C:\WINDOWS\system32\userenv.dll'
2201de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
2202de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2203de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9874c0000 'C:\WINDOWS\System32\kernel32.dll'
2204de0.125c: supR3HardenedDllNotificationCallback: load 00007ff986c10000 LB 0x000a8000 C:\WINDOWS\System32\clbcatq.dll [fFlags=0x0]
2205de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2206de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
2207de0.125c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\clbcatq.dll)
2208de0.125c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\clbcatq.dll
2209de0.2a24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
2210de0.2a24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2211de0.2a24: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2212de0.2a24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2213de0.2a24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2214de0.2a24: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2215de0.2a24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
2216de0.2a24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
2217de0.2a24: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\clbcatq.dll'
2218de0.2a24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
2219de0.2a24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2220de0.2a24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2221de0.2a24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2222de0.2a24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
2223de0.2a24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
2224de0.2a24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
2225de0.2a24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
2226de0.2a24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
2227de0.2a24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2228de0.2a24: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2229de0.2a24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
2230de0.2a24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2231de0.2a24: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2232de0.2a24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
2233de0.2a24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2234de0.2a24: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2235de0.2a24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
2236de0.2a24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2237de0.2a24: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2238de0.2a24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2239de0.2a24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2240de0.2a24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
2241de0.2a24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2242de0.2a24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2243de0.2a24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2244de0.2a24: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
2245de0.2a24: supR3HardenedDllNotificationCallback: load 00007ff934280000 LB 0x003b0000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
2246de0.2a24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
2247de0.2a24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff934280000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
2248de0.2a24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
2249de0.2a24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2250de0.2a24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2251de0.2a24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
2252de0.2a24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
2253de0.2a24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
2254de0.2a24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
2255de0.2a24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
2256de0.2a24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
2257de0.2a24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
2258de0.2a24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2259de0.2a24: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2260de0.2a24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2261de0.2a24: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2262de0.2a24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
2263de0.2a24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2264de0.2a24: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2265de0.2a24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
2266de0.2a24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
2267de0.2a24: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
2268de0.2a24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
2269de0.2a24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2270de0.2a24: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2271de0.2a24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
2272de0.2a24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2273de0.2a24: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2274de0.2a24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2275de0.2a24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2276de0.2a24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2277de0.2a24: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
2278de0.2a24: supR3HardenedDllNotificationCallback: load 00007ff95c7c0000 LB 0x000ed000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
2279de0.2a24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
2280de0.2a24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff95c7c0000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
2281de0.2a24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
2282de0.2a24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2283de0.2a24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986de0000 'C:\Windows\System32\oleaut32.dll'
2284de0.125c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005e0 pwszName=\Device\HarddiskVolume3\Windows\System32\DWrite.dll
2285de0.125c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d09d40
2286de0.125c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d09d40
2287de0.125c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9C8E5710EFAC15DE2B94D7841BA8EE6675FBE12E
2288de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
2289de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
2290de0.125c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.19041.264.cat'; file='\Device\HarddiskVolume3\Windows\System32\DWrite.dll'
2291de0.125c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2292de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2293de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
2294de0.125c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\DWrite.dll) WinVerifyTrust
2295de0.125c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\DWrite.dll
2296de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2297de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2298de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
2299de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2300de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2301de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dwrite.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2302de0.125c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DWrite.dll
2303de0.125c: supR3HardenedDllNotificationCallback: load 00007ff971110000 LB 0x0027e000 C:\WINDOWS\system32\dwrite.dll [fFlags=0x0]
2304de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DWrite.dll
2305de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff971110000 'C:\WINDOWS\system32\dwrite.dll'
2306de0.2d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
2307de0.2d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
2308de0.2d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
2309de0.2d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2310de0.2d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2311de0.2d8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll) WinVerifyTrust
2312de0.2d8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
2313de0.2d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2314de0.2d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2315de0.2d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2316de0.2d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2317de0.2d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2318de0.2d8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
2319de0.2d8: supR3HardenedDllNotificationCallback: load 00007ff97e8c0000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL [fFlags=0x0]
2320de0.2d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
2321de0.2d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff97e8c0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL'
2322de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
2323de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2324de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff988180000 'C:\WINDOWS\system32\shell32.dll'
2325de0.125c: supR3HardenedDllNotificationCallback: load 00007ff986cc0000 LB 0x00115000 C:\WINDOWS\System32\MSCTF.dll [fFlags=0x0]
2326de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2327de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'oleaut32.dll'.
2328de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'user32.dll'.
2329de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'gdi32.dll'.
2330de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'imm32.dll'.
2331de0.125c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msctf.dll)
2332de0.125c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msctf.dll
2333de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
2334de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
2335de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll
2336de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2337de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2338de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2339de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2340de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
2341de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2342de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2343de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
2344de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2345de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2346de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
2347de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
2348de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msctf.dll'
2349de0.125c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000007d0 pwszName=\Device\HarddiskVolume3\Windows\System32\DataExchange.dll
2350de0.125c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d09d40
2351de0.125c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d09d40
2352de0.125c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7FF7BB25ED007B3DDC1DFB62FC8FABB1BADD597E
2353de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
2354de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
2355de0.125c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0410~31bf3856ad364e35~amd64~~10.0.19041.264.cat'; file='\Device\HarddiskVolume3\Windows\System32\DataExchange.dll'
2356de0.125c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2357de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2358de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'd3d11.dll'.
2359de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'dcomp.dll'.
2360de0.125c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\DataExchange.dll) WinVerifyTrust
2361de0.125c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\DataExchange.dll
2362de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'...
2363de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume3\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008]
2364de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
2365de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
2366de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
2367de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp_win.dll'.
2368de0.125c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dcomp.dll) WinVerifyTrust
2369de0.125c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dcomp.dll
2370de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
2371de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume3\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
2372de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
2373de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
2374de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
2375de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
2376de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
2377de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll
2378de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
2379de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
2380de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2381de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'dxgi.dll'.
2382de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'win32u.dll'.
2383de0.125c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\d3d11.dll) WinVerifyTrust
2384de0.125c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\d3d11.dll
2385de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2386de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2387de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
2388de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
2389de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
2390de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll
2391de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
2392de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume3\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
2393de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
2394de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
2395de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2396de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'win32u.dll'.
2397de0.125c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dxgi.dll) WinVerifyTrust
2398de0.125c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dxgi.dll
2399de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2400de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2401de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
2402de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
2403de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll
2404de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2405de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2406de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2407de0.125c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DataExchange.dll
2408de0.125c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d11.dll
2409de0.125c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dcomp.dll
2410de0.125c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dxgi.dll
2411de0.125c: supR3HardenedDllNotificationCallback: load 00007ff984a20000 LB 0x000f3000 C:\WINDOWS\system32\dxgi.dll [fFlags=0x0]
2412de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dxgi.dll
2413de0.125c: supR3HardenedDllNotificationCallback: load 00007ff97f070000 LB 0x00263000 C:\WINDOWS\system32\d3d11.dll [fFlags=0x0]
2414de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d11.dll
2415de0.125c: supR3HardenedDllNotificationCallback: load 00007ff97f8a0000 LB 0x001e5000 C:\WINDOWS\system32\dcomp.dll [fFlags=0x0]
2416de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dcomp.dll
2417de0.125c: supR3HardenedDllNotificationCallback: load 00007ff94e450000 LB 0x0003e000 C:\WINDOWS\system32\dataexchange.dll [fFlags=0x0]
2418de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DataExchange.dll
2419de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff988150000 'C:\WINDOWS\System32\gdi32.dll'
2420de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94e450000 'C:\WINDOWS\system32\dataexchange.dll'
2421de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
2422de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'combase.dll'.
2423de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'msvcp_win.dll'.
2424de0.125c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll)
2425de0.125c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll
2426de0.125c: supR3HardenedDllNotificationCallback: load 00007ff97b1d0000 LB 0x00208000 C:\WINDOWS\system32\twinapi.appcore.dll [fFlags=0x0]
2427de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust]
2428de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
2429de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
2430de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
2431de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
2432de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
2433de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll
2434de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2435de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2436de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
2437de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
2438de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll'
2439de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll
2440de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Shcore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2441de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986a00000 'C:\WINDOWS\system32\Shcore.dll'
2442de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2443de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'oleaut32.dll'.
2444de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
2445de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'coreuicomponents.dll'.
2446de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'coremessaging.dll'.
2447de0.125c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll)
2448de0.125c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll
2449de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2450de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'coremessaging.dll'.
2451de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'rpcrt4.dll'.
2452de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #48 'shcore.dll'.
2453de0.125c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll)
2454de0.125c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll
2455de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2456de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'ws2_32.dll'.
2457de0.125c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll)
2458de0.125c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll
2459de0.125c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntmarta.dll)
2460de0.125c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntmarta.dll
2461de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'combase.dll'.
2462de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'.
2463de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'bcryptprimitives.dll'.
2464de0.125c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\WinTypes.dll)
2465de0.125c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\WinTypes.dll
2466de0.125c: supR3HardenedDllNotificationCallback: load 00007ff984e10000 LB 0x00033000 C:\WINDOWS\SYSTEM32\ntmarta.dll [fFlags=0x0]
2467de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntmarta.dll [avoiding WinVerifyTrust]
2468de0.125c: supR3HardenedDllNotificationCallback: load 00007ff980170000 LB 0x000f2000 C:\WINDOWS\System32\CoreMessaging.dll [fFlags=0x0]
2469de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [avoiding WinVerifyTrust]
2470de0.125c: supR3HardenedDllNotificationCallback: load 00007ff97e980000 LB 0x00156000 C:\WINDOWS\SYSTEM32\wintypes.dll [fFlags=0x0]
2471de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust]
2472de0.125c: supR3HardenedDllNotificationCallback: load 00007ff97fa90000 LB 0x0035a000 C:\WINDOWS\System32\CoreUIComponents.dll [fFlags=0x0]
2473de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll [avoiding WinVerifyTrust]
2474de0.125c: supR3HardenedDllNotificationCallback: load 00007ff977420000 LB 0x000fc000 C:\WINDOWS\SYSTEM32\textinputframework.dll [fFlags=0x0]
2475de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll [avoiding WinVerifyTrust]
2476de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
2477de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
2478de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
2479de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2480de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2481de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
2482de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
2483de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll
2484de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2485de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2486de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
2487de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2488de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2489de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
2490de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume3\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
2491de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll
2492de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2493de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2494de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
2495de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume3\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
2496de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
2497de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2498de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2499de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
2500de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume3\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
2501de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
2502de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coreuicomponents.dll'...
2503de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'coreuicomponents.dll' -> '\Device\HarddiskVolume3\Windows\System32\coreuicomponents.dll' [rcNtRedir=0xc0150008]
2504de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll [lacks WinVerifyTrust]
2505de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2506de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2507de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2508de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2509de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
2510de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2511de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2512de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
2513de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
2514de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\WinTypes.dll'
2515de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
2516de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
2517de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ntmarta.dll'
2518de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
2519de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
2520de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll'
2521de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
2522de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
2523de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll'
2524de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
2525de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
2526de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2527de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
2528de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll'
2529de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msctf.dll
2530de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2531de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986cc0000 'C:\WINDOWS\System32\MSCTF.dll'
2532de0.125c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ab8 pwszName=\Device\HarddiskVolume3\Windows\System32\oleacc.dll
2533de0.125c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d09d40
2534de0.125c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d09d40
2535de0.125c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=352C5A55E148149BB7E2232EB8621B89F0C420B3
2536de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
2537de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
2538de0.125c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04111~31bf3856ad364e35~amd64~~10.0.19041.264.cat'; file='\Device\HarddiskVolume3\Windows\System32\oleacc.dll'
2539de0.125c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2540de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
2541de0.125c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\oleacc.dll) WinVerifyTrust
2542de0.125c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\oleacc.dll
2543de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2544de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2545de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Oleacc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2546de0.125c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleacc.dll
2547de0.125c: supR3HardenedDllNotificationCallback: load 00007ff960a20000 LB 0x00066000 C:\WINDOWS\system32\Oleacc.dll [fFlags=0x0]
2548de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleacc.dll
2549de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff960a20000 'C:\WINDOWS\system32\Oleacc.dll'
2550de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986de0000 'C:\WINDOWS\System32\OLEAUT32.DLL'
2551de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleacc.dll
2552de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\oleacc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2553de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff960a20000 'C:\WINDOWS\system32\oleacc.dll'
2554de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleacc.dll
2555de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleacc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2556de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff960a20000 'C:\Windows\System32\oleacc.dll'
2557de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
2558de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
2559de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2560de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'win32u.dll'.
2561de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'user32.dll'.
2562de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'gdi32.dll'.
2563de0.125c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dwmapi.dll) WinVerifyTrust
2564de0.125c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dwmapi.dll
2565de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2566de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2567de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2568de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2569de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
2570de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
2571de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2572de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2573de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dwmapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2574de0.125c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dwmapi.dll
2575de0.125c: supR3HardenedDllNotificationCallback: load 00007ff980920000 LB 0x0002e000 C:\WINDOWS\system32\dwmapi.dll [fFlags=0x0]
2576de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dwmapi.dll
2577de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff980920000 'C:\WINDOWS\system32\dwmapi.dll'
2578de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
2579de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2580de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff980650000 'C:\WINDOWS\system32\uxtheme.dll'
2581de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2582de0.125c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\TextShaping.dll)
2583de0.125c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\TextShaping.dll
2584de0.125c: supR3HardenedDllNotificationCallback: load 00007ff9708d0000 LB 0x000ac000 C:\WINDOWS\SYSTEM32\TextShaping.dll [fFlags=0x0]
2585de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\TextShaping.dll [avoiding WinVerifyTrust]
2586de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2587de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2588de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
2589de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
2590de0.125c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\TextShaping.dll'
2591de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dwmapi.dll
2592de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\SYSTEM32\dwmapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2593de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff980920000 'C:\WINDOWS\SYSTEM32\dwmapi.dll'
2594de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
2595de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2596de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986ae0000 'C:\WINDOWS\System32\ole32.dll'
2597de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986de0000 'C:\WINDOWS\System32\OLEAUT32.dll'
2598de0.125c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a44 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
2599de0.125c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d09d40
2600de0.125c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d09d40
2601de0.125c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=46BE18D02EFADA6E2F926AE4B4C307765628F960
2602de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
2603de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
2604de0.125c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.19041.264.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll'
2605de0.125c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2606de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2607de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
2608de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
2609de0.125c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
2610de0.125c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
2611de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
2612de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
2613de0.125c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b20 pwszName=\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
2614de0.125c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d09d40
2615de0.125c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d09d40
2616de0.125c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6EE8CE12BD1BE2D5C631FB945E56CB8B6B41928B
2617de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
2618de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
2619de0.125c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.19041.264.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll'
2620de0.125c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2621de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2622de0.125c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll) WinVerifyTrust
2623de0.125c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
2624de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2625de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2626de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
2627de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2628de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2629de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2630de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2631de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2632de0.125c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
2633de0.125c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
2634de0.125c: supR3HardenedDllNotificationCallback: load 00007ff96e7e0000 LB 0x00086000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [fFlags=0x0]
2635de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
2636de0.125c: supR3HardenedDllNotificationCallback: load 00007ff96b020000 LB 0x00011000 C:\WINDOWS\system32\wbem\wbemprox.dll [fFlags=0x0]
2637de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
2638de0.125c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(API-MS-Win-Core-LocalRegistry-L1-1-0.dll) -> 0x0, fPresent=1
2639de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2640de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9863d0000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
2641de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96b020000 'C:\WINDOWS\system32\wbem\wbemprox.dll'
2642de0.125c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ad8 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
2643de0.125c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d09d40
2644de0.125c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d09d40
2645de0.125c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BBC2897B72ED5F23C46FCCABE8804053C8A2F56D
2646de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
2647de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
2648de0.125c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.19041.264.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll'
2649de0.125c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2650de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2651de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
2652de0.125c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
2653de0.125c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
2654de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2655de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2656de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2657de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2658de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2659de0.125c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
2660de0.125c: supR3HardenedDllNotificationCallback: load 00007ff965180000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [fFlags=0x0]
2661de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
2662de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff965180000 'C:\WINDOWS\system32\wbem\wbemsvc.dll'
2663de0.125c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-0.dll) -> 0x0, fPresent=1
2664de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2665de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9863d0000 'api-ms-win-core-localization-l1-2-0.dll'
2666de0.125c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-1-0.dll) -> 0x0, fPresent=1
2667de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2668de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9863d0000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
2669de0.125c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b80 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
2670de0.125c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d09d40
2671de0.125c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d09d40
2672de0.125c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=97DB456414A6404D40FC68397CEC149031102AB1
2673de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
2674de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
2675de0.125c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.19041.264.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll'
2676de0.125c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2677de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2678de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'wbemcomn.dll'.
2679de0.125c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
2680de0.125c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
2681de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
2682de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
2683de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
2684de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2685de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2686de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2687de0.125c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
2688de0.125c: supR3HardenedDllNotificationCallback: load 00007ff965060000 LB 0x0010b000 C:\WINDOWS\system32\wbem\fastprox.dll [fFlags=0x0]
2689de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
2690de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff965060000 'C:\WINDOWS\system32\wbem\fastprox.dll'
2691de0.125c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b9c pwszName=\Device\HarddiskVolume3\Windows\System32\amsi.dll
2692de0.125c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d09d40
2693de0.125c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d09d40
2694de0.125c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E5EADECC72051B192313442AC435D4D342659B45
2695de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
2696de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
2697de0.125c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.19041.264.cat'; file='\Device\HarddiskVolume3\Windows\System32\amsi.dll'
2698de0.125c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2699de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2700de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
2701de0.125c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\amsi.dll) WinVerifyTrust
2702de0.125c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\amsi.dll
2703de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2704de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2705de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2706de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2707de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\amsi.dll (Input=amsi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
2708de0.125c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\amsi.dll
2709de0.125c: supR3HardenedDllNotificationCallback: load 00007ff962820000 LB 0x00017000 C:\WINDOWS\System32\amsi.dll [fFlags=0x0]
2710de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\amsi.dll
2711de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff962820000 'C:\WINDOWS\System32\amsi.dll'
2712de0.125c: \Device\HarddiskVolume3\Program Files\Norton Security\Engine\22.20.4.57\symamsi.dll: Owner is administrators group.
2713de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
2714de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'wintrust.dll'.
2715de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'crypt32.dll'.
2716de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
2717de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
2718de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
2719de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ole32.dll'.
2720de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'shlwapi.dll'.
2721de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'userenv.dll'.
2722de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'shell32.dll'.
2723de0.125c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'oleaut32.dll'.
2724de0.125c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Norton Security\Engine\22.20.4.57\symamsi.dll) WinVerifyTrust
2725de0.125c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Norton Security\Engine\22.20.4.57\symamsi.dll
2726de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2727de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2728de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
2729de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
2730de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
2731de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'...
2732de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume3\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008]
2733de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll
2734de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
2735de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
2736de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
2737de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2738de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2739de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2740de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2741de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2742de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2743de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2744de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2745de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
2746de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
2747de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wintrust.dll'...
2748de0.125c: supR3HardenedWinVerifyCacheProcessImportTodos: 'wintrust.dll' -> '\Device\HarddiskVolume3\Windows\System32\wintrust.dll' [rcNtRedir=0xc0150008]
2749de0.125c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll
2750de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Norton Security\Engine\22.20.4.57\symamsi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2751de0.125c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Norton Security\Engine\22.20.4.57\symamsi.dll
2752de0.125c: supR3HardenedDllNotificationCallback: load 00007ff962770000 LB 0x000ae000 C:\Program Files\Norton Security\Engine\22.20.4.57\symamsi.dll [fFlags=0x0]
2753de0.125c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Norton Security\Engine\22.20.4.57\symamsi.dll
2754de0.125c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
2755de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
2756de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9863d0000 'api-ms-win-core-synch-l1-2-0'
2757de0.125c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
2758de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
2759de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9863d0000 'api-ms-win-core-fibers-l1-1-1'
2760de0.125c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
2761de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
2762de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9863d0000 'api-ms-win-core-synch-l1-2-0'
2763de0.125c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
2764de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
2765de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9863d0000 'api-ms-win-core-fibers-l1-1-1'
2766de0.125c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
2767de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
2768de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9863d0000 'api-ms-win-core-localization-l1-2-1'
2769de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff962770000 'C:\Program Files\Norton Security\Engine\22.20.4.57\symamsi.dll'
2770de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9880a0000 'C:\WINDOWS\System32\ADVAPI32.dll'
2771de0.2324: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
2772de0.2324: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2773de0.2324: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2774de0.2324: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
2775de0.2324: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2776de0.2324: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2777de0.2324: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2778de0.2324: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2779de0.2324: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2780de0.2324: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2781de0.2324: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2782de0.2324: supR3HardenedDllNotificationCallback: load 00007ff92ae30000 LB 0x0037d000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
2783de0.2324: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2784de0.2324: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92ae30000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
2785de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
2786de0.16ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
2787de0.16ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2788de0.16ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2789de0.16ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
2790de0.16ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
2791de0.16ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
2792de0.16ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
2793de0.16ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2794de0.16ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2795de0.16ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2796de0.16ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2797de0.16ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2798de0.16ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2799de0.16ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2800de0.16ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2801de0.16ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2802de0.16ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2803de0.16ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2804de0.16ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2805de0.16ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2806de0.16ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2807de0.16ec: supR3HardenedDllNotificationCallback: load 00007ff97ceb0000 LB 0x0000f000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
2808de0.16ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2809de0.16ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff97ceb0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
2810de0.1040: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
2811de0.1040: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2812de0.1040: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2813de0.1040: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2814de0.1040: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
2815de0.1040: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2816de0.1040: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2817de0.1040: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2818de0.1040: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2819de0.1040: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2820de0.1040: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2821de0.1040: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2822de0.1040: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
2823de0.1040: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2824de0.1040: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2825de0.1040: supR3HardenedDllNotificationCallback: load 00007ff97cc90000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
2826de0.1040: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2827de0.1040: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff97cc90000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
2828de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff988180000 'C:\WINDOWS\system32\Shell32.dll'
2829de0.16ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2830de0.16ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2831de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92ae30000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
2832de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
2833de0.16ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2834de0.16ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2835de0.16ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2836de0.16ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
2837de0.16ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
2838de0.16ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll) WinVerifyTrust
2839de0.16ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2840de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2841de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2842de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2843de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2844de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2845de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2846de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2847de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2848de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2849de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2850de0.16ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2851de0.16ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2852de0.16ac: supR3HardenedDllNotificationCallback: load 00007ff97cc40000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
2853de0.16ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2854de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff97cc40000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
2855de0.16ac: supR3HardenedDllNotificationCallback: Unload 00007ff97cc40000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
2856de0.16ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d0c pwszName=\Device\HarddiskVolume3\Windows\System32\WinHvPlatform.dll
2857de0.16ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d09d40
2858de0.16ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d09d40
2859de0.16ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E4C882F4212D993AB8CD1218452ADE578B4E8723
2860de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
2861de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
2862de0.16ac: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.264.cat'; file='\Device\HarddiskVolume3\Windows\System32\WinHvPlatform.dll'
2863de0.16ac: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2864de0.16ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'vid.dll'.
2865de0.16ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\WinHvPlatform.dll) WinVerifyTrust
2866de0.16ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\WinHvPlatform.dll
2867de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vid.dll'...
2868de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vid.dll' -> '\Device\HarddiskVolume3\Windows\System32\vid.dll' [rcNtRedir=0xc0150008]
2869de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
2870de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
2871de0.16ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\vid.dll) WinVerifyTrust
2872de0.16ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\vid.dll
2873de0.16ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\WinHvPlatform.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2874de0.16ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\WinHvPlatform.dll
2875de0.16ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vid.dll
2876de0.16ac: supR3HardenedDllNotificationCallback: load 00007ff9616c0000 LB 0x0001b000 C:\WINDOWS\SYSTEM32\vid.dll [fFlags=0x0]
2877de0.16ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vid.dll
2878de0.16ac: supR3HardenedDllNotificationCallback: load 00007ff97cc60000 LB 0x00026000 C:\WINDOWS\system32\WinHvPlatform.dll [fFlags=0x0]
2879de0.16ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\WinHvPlatform.dll
2880de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff97cc60000 'C:\WINDOWS\system32\WinHvPlatform.dll'
2881de0.16ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vid.dll
2882de0.16ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\vid.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2883de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9616c0000 'C:\WINDOWS\system32\vid.dll'
2884de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
2885de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
2886de0.16ac: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
2887de0.16ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntdll.dll) WinVerifyTrust
2888de0.16ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2889de0.16ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\NTDLL.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2890de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff988990000 'C:\WINDOWS\system32\NTDLL.DLL'
2891de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
2892de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
2893de0.16ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2894de0.16ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2895de0.16ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2896de0.16ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
2897de0.16ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
2898de0.16ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
2899de0.16ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
2900de0.16ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
2901de0.16ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
2902de0.16ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
2903de0.16ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
2904de0.16ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
2905de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
2906de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
2907de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
2908de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
2909de0.16ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
2910de0.16ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
2911de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2912de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2913de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2914de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2915de0.16ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
2916de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2917de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2918de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
2919de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
2920de0.16ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2921de0.16ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'rpcrt4.dll'.
2922de0.16ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'cfgmgr32.dll'.
2923de0.16ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'bcrypt.dll'.
2924de0.16ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\setupapi.dll) WinVerifyTrust
2925de0.16ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\setupapi.dll
2926de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2927de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2928de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
2929de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
2930de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
2931de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
2932de0.16ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
2933de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
2934de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
2935de0.16ac: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'.
2936de0.16ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll)
2937de0.16ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
2938de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2939de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2940de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2941de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2942de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
2943de0.16ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2944de0.16ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2945de0.16ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
2946de0.16ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2947de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
2948de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
2949de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2950de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2951de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2952de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2953de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
2954de0.16ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2955de0.16ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2956de0.16ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2957de0.16ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
2958de0.16ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
2959de0.16ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
2960de0.16ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2961de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2962de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2963de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2964de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2965de0.16ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2966de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2967de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2968de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2969de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2970de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2971de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2972de0.16ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
2973de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2974de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2975de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2976de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2977de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2978de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2979de0.16ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2980de0.16ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
2981de0.16ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2982de0.16ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2983de0.16ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
2984de0.16ac: supR3HardenedDllNotificationCallback: load 00007ff9868a0000 LB 0x0004d000 C:\WINDOWS\System32\cfgmgr32.dll [fFlags=0x0]
2985de0.16ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll [avoiding WinVerifyTrust]
2986de0.16ac: supR3HardenedDllNotificationCallback: load 00007ff986eb0000 LB 0x00467000 C:\WINDOWS\System32\SETUPAPI.dll [fFlags=0x0]
2987de0.16ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
2988de0.16ac: supR3HardenedDllNotificationCallback: load 00007ff9606e0000 LB 0x00066000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
2989de0.16ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2990de0.16ac: supR3HardenedDllNotificationCallback: load 00007ff913cb0000 LB 0x0085c000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
2991de0.16ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2992de0.16ac: supR3HardenedDllNotificationCallback: load 00007ff9854c0000 LB 0x0003b000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
2993de0.16ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
2994de0.16ac: supR3HardenedDllNotificationCallback: load 00007ff91eed0000 LB 0x009e6000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
2995de0.16ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
2996de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91eed0000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
2997de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
2998de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
2999de0.16ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'
3000de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
3001de0.16ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
3002de0.16ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3003de0.16ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
3004de0.16ac: supR3HardenedDllNotificationCallback: load 00007ff979f80000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
3005de0.16ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
3006de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff979f80000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
3007de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
3008de0.16ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
3009de0.16ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3010de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff934280000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
3011de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
3012de0.16ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
3013de0.16ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3014de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff913cb0000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
3015de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
3016de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
3017de0.16ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
3018de0.16ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
3019de0.16ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll) WinVerifyTrust
3020de0.16ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
3021de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3022de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3023de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3024de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
3025de0.16ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3026de0.16ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
3027de0.16ac: supR3HardenedDllNotificationCallback: load 00007ff97cc40000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [fFlags=0x0]
3028de0.16ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
3029de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff97cc40000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL'
3030de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
3031de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
3032de0.16ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
3033de0.16ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
3034de0.16ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll) WinVerifyTrust
3035de0.16ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
3036de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3037de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3038de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3039de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
3040de0.16ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3041de0.16ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
3042de0.16ac: supR3HardenedDllNotificationCallback: load 00007ff9606c0000 LB 0x00012000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL [fFlags=0x0]
3043de0.16ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
3044de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9606c0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL'
3045de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
3046de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
3047de0.16ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
3048de0.16ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
3049de0.16ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll) WinVerifyTrust
3050de0.16ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
3051de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3052de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3053de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3054de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
3055de0.16ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3056de0.16ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
3057de0.16ac: supR3HardenedDllNotificationCallback: load 00007ff9606a0000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [fFlags=0x0]
3058de0.16ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
3059de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9606a0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL'
3060de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
3061de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
3062de0.16ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
3063de0.16ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
3064de0.16ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll) WinVerifyTrust
3065de0.16ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
3066de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3067de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3068de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3069de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
3070de0.16ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3071de0.16ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
3072de0.16ac: supR3HardenedDllNotificationCallback: load 00007ff957ea0000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [fFlags=0x0]
3073de0.16ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
3074de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff957ea0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL'
3075de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
3076de0.273c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
3077de0.273c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
3078de0.273c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
3079de0.273c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
3080de0.273c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
3081de0.273c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
3082de0.273c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3083de0.273c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3084de0.273c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
3085de0.273c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
3086de0.273c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
3087de0.273c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3088de0.273c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
3089de0.273c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3090de0.273c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
3091de0.273c: supR3HardenedDllNotificationCallback: load 00007ff957e80000 LB 0x00014000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
3092de0.273c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
3093de0.273c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff957e80000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
3094de0.1a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
3095de0.1a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
3096de0.1a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
3097de0.1a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
3098de0.1a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
3099de0.1a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
3100de0.1a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
3101de0.1a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3102de0.1a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3103de0.1a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
3104de0.1a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
3105de0.1a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
3106de0.1a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
3107de0.1a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
3108de0.1a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3109de0.1a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
3110de0.1a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3111de0.1a64: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
3112de0.1a64: supR3HardenedDllNotificationCallback: load 00007ff97cc30000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
3113de0.1a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
3114de0.1a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff97cc30000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
3115de0.aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
3116de0.aec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
3117de0.aec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
3118de0.aec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
3119de0.aec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
3120de0.aec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
3121de0.aec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3122de0.aec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3123de0.aec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
3124de0.aec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
3125de0.aec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3126de0.aec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
3127de0.aec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3128de0.aec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
3129de0.aec: supR3HardenedDllNotificationCallback: load 00007ff97c660000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
3130de0.aec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
3131de0.aec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff97c660000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
3132de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
3133de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
3134de0.16ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
3135de0.16ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
3136de0.16ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll) WinVerifyTrust
3137de0.16ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
3138de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3139de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3140de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3141de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
3142de0.16ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3143de0.16ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
3144de0.16ac: supR3HardenedDllNotificationCallback: load 00007ff9803a0000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL [fFlags=0x0]
3145de0.16ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
3146de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9803a0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL'
3147de0.16ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
3148de0.16ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3149de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9854c0000 'C:\WINDOWS\system32\Iphlpapi.dll'
3150de0.16ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
3151de0.16ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'nsi.dll'.
3152de0.16ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winnsi.dll)
3153de0.16ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winnsi.dll
3154de0.16ac: supR3HardenedDllNotificationCallback: load 00007ff988090000 LB 0x00009000 C:\WINDOWS\System32\NSI.dll [fFlags=0x0]
3155de0.16ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\nsi.dll)
3156de0.16ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\nsi.dll
3157de0.16ac: supR3HardenedDllNotificationCallback: load 00007ff97a140000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\WINNSI.DLL [fFlags=0x0]
3158de0.16ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winnsi.dll [avoiding WinVerifyTrust]
3159de0.16ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
3160de0.16ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll)
3161de0.16ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll
3162de0.16ac: supR3HardenedDllNotificationCallback: load 00007ff97a160000 LB 0x00017000 C:\WINDOWS\SYSTEM32\dhcpcsvc6.DLL [fFlags=0x0]
3163de0.16ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll [avoiding WinVerifyTrust]
3164de0.16ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
3165de0.16ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll)
3166de0.16ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll
3167de0.16ac: supR3HardenedDllNotificationCallback: load 00007ff97a120000 LB 0x0001d000 C:\WINDOWS\SYSTEM32\dhcpcsvc.DLL [fFlags=0x0]
3168de0.16ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll [avoiding WinVerifyTrust]
3169de0.16ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dnsapi.dll)
3170de0.16ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dnsapi.dll
3171de0.16ac: supR3HardenedDllNotificationCallback: load 00007ff985500000 LB 0x000ca000 C:\WINDOWS\SYSTEM32\DNSAPI.dll [fFlags=0x0]
3172de0.16ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dnsapi.dll [avoiding WinVerifyTrust]
3173de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3174de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3175de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3176de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3177de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
3178de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
3179de0.16ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll [lacks WinVerifyTrust]
3180de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3181de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3182de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
3183de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
3184de0.16ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dnsapi.dll'
3185de0.16ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001058 pwszName=\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll
3186de0.16ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d09d40
3187de0.16ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d09d40
3188de0.16ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=79BF2453BDEEBB334E2AD6935E3330FBF5D59D03
3189de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
3190de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
3191de0.16ac: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.19041.264.cat'; file='\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll'
3192de0.16ac: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3193de0.16ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll'
3194de0.16ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000cb8 pwszName=\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll
3195de0.16ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d09d40
3196de0.16ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d09d40
3197de0.16ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=653C5E0C6E935EF0939CBEE488076FAF3867E603
3198de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
3199de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
3200de0.16ac: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.19041.264.cat'; file='\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll'
3201de0.16ac: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3202de0.16ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll'
3203de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
3204de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
3205de0.16ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\nsi.dll'
3206de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
3207de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
3208de0.16ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\winnsi.dll'
3209de0.16ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
3210de0.16ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3211de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
3212de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
3213de0.16ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
3214de0.16ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
3215de0.16ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'devobj.dll'.
3216de0.16ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll) WinVerifyTrust
3217de0.16ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
3218de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
3219de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume3\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
3220de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
3221de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
3222de0.16ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'cfgmgr32.dll'.
3223de0.16ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\devobj.dll) WinVerifyTrust
3224de0.16ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\devobj.dll
3225de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3226de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3227de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
3228de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
3229de0.16ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
3230de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
3231de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
3232de0.16ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
3233de0.16ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
3234de0.16ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
3235de0.16ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devobj.dll
3236de0.16ac: supR3HardenedDllNotificationCallback: load 00007ff985ea0000 LB 0x0002c000 C:\WINDOWS\System32\DEVOBJ.dll [fFlags=0x0]
3237de0.16ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devobj.dll
3238de0.16ac: supR3HardenedDllNotificationCallback: load 00007ff97b3e0000 LB 0x00085000 C:\WINDOWS\System32\MMDevApi.dll [fFlags=0x0]
3239de0.16ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
3240de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff97b3e0000 'C:\WINDOWS\System32\MMDevApi.dll'
3241de0.16ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001134 pwszName=\Device\HarddiskVolume3\Windows\System32\dsound.dll
3242de0.16ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d09d40
3243de0.16ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d09d40
3244de0.16ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=52FFFB4153FE3DAE37A0C896FAC0D39F6841832F
3245de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
3246de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
3247de0.16ac: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.19041.329.cat'; file='\Device\HarddiskVolume3\Windows\System32\dsound.dll'
3248de0.16ac: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3249de0.16ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3250de0.16ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dsound.dll) WinVerifyTrust
3251de0.16ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dsound.dll
3252de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3253de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3254de0.16ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
3255de0.16ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
3256de0.16ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
3257de0.16ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\powrprof.dll)
3258de0.16ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\powrprof.dll
3259de0.16ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3260de0.16ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winmmbase.dll)
3261de0.16ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winmmbase.dll
3262de0.16ac: supR3HardenedDllNotificationCallback: load 00007ff985a80000 LB 0x0004b000 C:\WINDOWS\SYSTEM32\powrprof.dll [fFlags=0x0]
3263de0.16ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\powrprof.dll [avoiding WinVerifyTrust]
3264de0.16ac: supR3HardenedDllNotificationCallback: load 00007ff94aec0000 LB 0x00026000 C:\WINDOWS\SYSTEM32\winmmbase.dll [fFlags=0x0]
3265de0.16ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
3266de0.16ac: supR3HardenedDllNotificationCallback: load 00007ff94a7e0000 LB 0x0009c000 C:\WINDOWS\System32\dsound.dll [fFlags=0x0]
3267de0.16ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
3268de0.16ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\umpdc.dll)
3269de0.16ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\umpdc.dll
3270de0.16ac: supR3HardenedDllNotificationCallback: load 00007ff985a60000 LB 0x00012000 C:\WINDOWS\SYSTEM32\UMPDC.dll [fFlags=0x0]
3271de0.16ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\umpdc.dll [avoiding WinVerifyTrust]
3272de0.16ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'.
3273de0.16ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\umpdc.dll' [rescheduled]
3274de0.16ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'.
3275de0.16ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled]
3276de0.16ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'.
3277de0.16ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled]
3278de0.16ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
3279de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3280de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3281de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3282de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3283de0.16ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3284de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a7e0000 'C:\WINDOWS\System32\dsound.dll'
3285de0.16ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'.
3286de0.16ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\umpdc.dll' [rescheduled]
3287de0.16ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'.
3288de0.16ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled]
3289de0.16ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'.
3290de0.16ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled]
3291de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a7e0000 'C:\WINDOWS\System32\dsound.dll'
3292de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
3293de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
3294de0.16ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'
3295de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
3296de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
3297de0.16ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'
3298de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
3299de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
3300de0.16ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'
3301de0.16ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
3302de0.16ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3303de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a7e0000 'C:\WINDOWS\system32\dsound.dll'
3304de0.16ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
3305de0.16ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3306de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff97b3e0000 'C:\WINDOWS\System32\MMDEVAPI.DLL'
3307de0.dc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
3308de0.dc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
3309de0.dc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
3310de0.dc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
3311de0.dc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'.
3312de0.dc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'mmdevapi.dll'.
3313de0.dc4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\AudioSes.dll) WinVerifyTrust
3314de0.dc4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\AudioSes.dll
3315de0.dc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
3316de0.dc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
3317de0.dc4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
3318de0.dc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
3319de0.dc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
3320de0.dc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3321de0.dc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3322de0.dc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
3323de0.dc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
3324de0.dc4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
3325de0.dc4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3326de0.dc4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\AudioSes.dll
3327de0.dc4: supR3HardenedDllNotificationCallback: load 00007ff97b580000 LB 0x00180000 C:\WINDOWS\System32\AUDIOSES.DLL [fFlags=0x0]
3328de0.dc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\AudioSes.dll
3329de0.dc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff97b580000 'C:\WINDOWS\System32\AUDIOSES.DLL'
3330de0.dc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3331de0.dc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
3332de0.dc4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ResourcePolicyClient.dll)
3333de0.dc4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ResourcePolicyClient.dll
3334de0.dc4: supR3HardenedDllNotificationCallback: load 00007ff980730000 LB 0x00014000 C:\WINDOWS\SYSTEM32\resourcepolicyclient.dll [fFlags=0x0]
3335de0.dc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ResourcePolicyClient.dll [avoiding WinVerifyTrust]
3336de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3337de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3338de0.16ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
3339de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3340de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3341de0.16ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
3342de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
3343de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
3344de0.16ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ResourcePolicyClient.dll'
3345de0.16ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
3346de0.16ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3347de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3348de0.16ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000efc pwszName=\Device\HarddiskVolume3\Windows\System32\wdmaud.drv
3349de0.16ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d09d40
3350de0.16ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d09d40
3351de0.16ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7F7F29B63FBFB61F7E4F361F4C3593442D614D77
3352de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
3353de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
3354de0.16ac: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.19041.329.cat'; file='\Device\HarddiskVolume3\Windows\System32\wdmaud.drv'
3355de0.16ac: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3356de0.16ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3357de0.16ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'mmdevapi.dll'.
3358de0.16ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ksuser.dll'.
3359de0.16ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'avrt.dll'.
3360de0.16ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wdmaud.drv) WinVerifyTrust
3361de0.16ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
3362de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
3363de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
3364de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
3365de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
3366de0.16ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\avrt.dll) WinVerifyTrust
3367de0.16ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\avrt.dll
3368de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
3369de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume3\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
3370de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
3371de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
3372de0.16ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3373de0.16ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ksuser.dll) WinVerifyTrust
3374de0.16ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ksuser.dll
3375de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
3376de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
3377de0.16ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
3378de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3379de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3380de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3381de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3382de0.16ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3383de0.16ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
3384de0.16ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ksuser.dll
3385de0.16ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\avrt.dll
3386de0.16ac: supR3HardenedDllNotificationCallback: load 00007ff96ddf0000 LB 0x00009000 C:\WINDOWS\SYSTEM32\ksuser.dll [fFlags=0x0]
3387de0.16ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ksuser.dll
3388de0.16ac: supR3HardenedDllNotificationCallback: load 00007ff97bdc0000 LB 0x0000a000 C:\WINDOWS\SYSTEM32\AVRT.dll [fFlags=0x0]
3389de0.16ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\avrt.dll
3390de0.16ac: supR3HardenedDllNotificationCallback: load 00007ff9272a0000 LB 0x00046000 C:\WINDOWS\System32\wdmaud.drv [fFlags=0x0]
3391de0.16ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
3392de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9272a0000 'C:\WINDOWS\System32\wdmaud.drv'
3393de0.16ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
3394de0.16ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3395de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9272a0000 'C:\WINDOWS\System32\wdmaud.drv'
3396de0.16ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
3397de0.16ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3398de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9272a0000 'C:\WINDOWS\System32\wdmaud.drv'
3399de0.16ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
3400de0.16ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3401de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9272a0000 'C:\WINDOWS\System32\wdmaud.drv'
3402de0.16ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
3403de0.16ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3404de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9272a0000 'C:\WINDOWS\System32\wdmaud.drv'
3405de0.16ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
3406de0.16ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3407de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9272a0000 'C:\WINDOWS\System32\wdmaud.drv'
3408de0.16ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
3409de0.16ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3410de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9272a0000 'C:\WINDOWS\System32\wdmaud.drv'
3411de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9272a0000 'C:\WINDOWS\System32\wdmaud.drv'
3412de0.16ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000011c4 pwszName=\Device\HarddiskVolume3\Windows\System32\msacm32.drv
3413de0.16ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d09d40
3414de0.16ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d09d40
3415de0.16ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F52C3491362A84195D0F4029118265BEC5420E41
3416de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
3417de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
3418de0.16ac: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.19041.329.cat'; file='\Device\HarddiskVolume3\Windows\System32\msacm32.drv'
3419de0.16ac: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3420de0.16ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3421de0.16ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'mmdevapi.dll'.
3422de0.16ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'msacm32.dll'.
3423de0.16ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msacm32.drv) WinVerifyTrust
3424de0.16ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msacm32.drv
3425de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
3426de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
3427de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
3428de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
3429de0.16ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3430de0.16ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msacm32.dll) WinVerifyTrust
3431de0.16ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msacm32.dll
3432de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
3433de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
3434de0.16ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
3435de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3436de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3437de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3438de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3439de0.16ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3440de0.16ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
3441de0.16ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.dll
3442de0.16ac: supR3HardenedDllNotificationCallback: load 00007ff927880000 LB 0x0001e000 C:\WINDOWS\SYSTEM32\MSACM32.dll [fFlags=0x0]
3443de0.16ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.dll
3444de0.16ac: supR3HardenedDllNotificationCallback: load 00007ff928c40000 LB 0x0000d000 C:\WINDOWS\System32\msacm32.drv [fFlags=0x0]
3445de0.16ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
3446de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff928c40000 'C:\WINDOWS\System32\msacm32.drv'
3447de0.16ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
3448de0.16ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3449de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff928c40000 'C:\WINDOWS\System32\msacm32.drv'
3450de0.16ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
3451de0.16ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3452de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff928c40000 'C:\WINDOWS\System32\msacm32.drv'
3453de0.16ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
3454de0.16ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3455de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff928c40000 'C:\WINDOWS\System32\msacm32.drv'
3456de0.16ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
3457de0.16ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3458de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff928c40000 'C:\WINDOWS\System32\msacm32.drv'
3459de0.16ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
3460de0.16ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3461de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff928c40000 'C:\WINDOWS\System32\msacm32.drv'
3462de0.16ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
3463de0.16ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3464de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff928c40000 'C:\WINDOWS\System32\msacm32.drv'
3465de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff928c40000 'C:\WINDOWS\System32\msacm32.drv'
3466de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff928c40000 'C:\WINDOWS\System32\msacm32.drv'
3467de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff928c40000 'C:\WINDOWS\System32\msacm32.drv'
3468de0.16ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000011cc pwszName=\Device\HarddiskVolume3\Windows\System32\midimap.dll
3469de0.16ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d09d40
3470de0.16ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d09d40
3471de0.16ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=379C5E7D3810A2A2921A90444E90F305F8AF3962
3472de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
3473de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
3474de0.16ac: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.19041.329.cat'; file='\Device\HarddiskVolume3\Windows\System32\midimap.dll'
3475de0.16ac: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3476de0.16ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3477de0.16ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
3478de0.16ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\midimap.dll) WinVerifyTrust
3479de0.16ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\midimap.dll
3480de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
3481de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
3482de0.16ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmmbase.dll
3483de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3484de0.16ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3485de0.16ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3486de0.16ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
3487de0.16ac: supR3HardenedDllNotificationCallback: load 00007ff927870000 LB 0x0000b000 C:\WINDOWS\System32\midimap.dll [fFlags=0x0]
3488de0.16ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
3489de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff927870000 'C:\WINDOWS\System32\midimap.dll'
3490de0.16ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
3491de0.16ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3492de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff927870000 'C:\WINDOWS\System32\midimap.dll'
3493de0.16ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
3494de0.16ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3495de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff927870000 'C:\WINDOWS\System32\midimap.dll'
3496de0.16ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
3497de0.16ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3498de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff927870000 'C:\WINDOWS\System32\midimap.dll'
3499de0.16ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
3500de0.16ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3501de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3502de0.16ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
3503de0.16ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3504de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3505de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3506de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3507de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3508de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3509de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3510de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3511de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3512de0.16ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
3513de0.16ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3514de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3515de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3516de0.16ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
3517de0.16ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3518de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a7e0000 'C:\WINDOWS\system32\dsound.dll'
3519de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3520de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3521de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3522de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3523de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3524de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3525de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
3526de0.125c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll) -> 0x0, fPresent=1
3527de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3528de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff987320000 'ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll'
3529de0.125c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll) -> 0x0, fPresent=1
3530de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3531de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff987320000 'ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll'
3532de0.125c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-com-l1-1-0.dll) -> 0x0, fPresent=1
3533de0.125c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-com-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3534de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff987800000 'api-ms-win-core-com-l1-1-0.dll'
3535de0.16ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
3536de0.16ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3537de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a7e0000 'C:\WINDOWS\system32\dsound.dll'
3538de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3539de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3540de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3541de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3542de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3543de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3544de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff988180000 'C:\WINDOWS\system32\shell32.dll'
3545de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff988180000 'C:\WINDOWS\system32\shell32.dll'
3546de0.16ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
3547de0.16ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3548de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a7e0000 'C:\WINDOWS\system32\dsound.dll'
3549de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3550de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3551de0.16ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
3552de0.16ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3553de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3554de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3555de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3556de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3557de0.16ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
3558de0.16ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3559de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a7e0000 'C:\WINDOWS\system32\dsound.dll'
3560de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3561de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3562de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3563de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3564de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3565de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3566de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a7e0000 'C:\WINDOWS\system32\dsound.dll'
3567de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3568de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3569de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3570de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3571de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3572de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3573de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a7e0000 'C:\WINDOWS\system32\dsound.dll'
3574de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3575de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3576de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3577de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3578de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3579de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3580de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a7e0000 'C:\WINDOWS\system32\dsound.dll'
3581de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3582de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3583de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3584de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3585de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3586de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3587de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a7e0000 'C:\WINDOWS\system32\dsound.dll'
3588de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3589de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3590de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3591de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3592de0.16ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
3593de0.16ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3594de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3595de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3596de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a7e0000 'C:\WINDOWS\system32\dsound.dll'
3597de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3598de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3599de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3600de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3601de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3602de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3603de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a7e0000 'C:\WINDOWS\system32\dsound.dll'
3604de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3605de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3606de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3607de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3608de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3609de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3610de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a7e0000 'C:\WINDOWS\system32\dsound.dll'
3611de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3612de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3613de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3614de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3615de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3616de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3617de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3618de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3619de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3620de0.16ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
3621de0.16ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3622de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a7e0000 'C:\WINDOWS\system32\dsound.dll'
3623de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3624de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3625de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3626de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3627de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3628de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3629de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3630de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3631de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3632de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a7e0000 'C:\WINDOWS\system32\dsound.dll'
3633de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3634de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3635de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3636de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3637de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3638de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3639de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3640de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3641de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3642de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a7e0000 'C:\WINDOWS\system32\dsound.dll'
3643de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3644de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3645de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3646de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3647de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3648de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3649de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3650de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3651de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3652de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a7e0000 'C:\WINDOWS\system32\dsound.dll'
3653de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3654de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3655de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3656de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3657de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3658de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3659de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3660de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3661de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3662de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a7e0000 'C:\WINDOWS\system32\dsound.dll'
3663de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3664de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3665de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3666de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3667de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3668de0.16ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
3669de0.16ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3670de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3671de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3672de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3673de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3674de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a7e0000 'C:\WINDOWS\system32\dsound.dll'
3675de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3676de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3677de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3678de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3679de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3680de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3681de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3682de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3683de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3684de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a7e0000 'C:\WINDOWS\system32\dsound.dll'
3685de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3686de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3687de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3688de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3689de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3690de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3691de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3692de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3693de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3694de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a7e0000 'C:\WINDOWS\system32\dsound.dll'
3695de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3696de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3697de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3698de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3699de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3700de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3701de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3702de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3703de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3704de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a7e0000 'C:\WINDOWS\system32\dsound.dll'
3705de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3706de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3707de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3708de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3709de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3710de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3711de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3712de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3713de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3714de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a7e0000 'C:\WINDOWS\system32\dsound.dll'
3715de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3716de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3717de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3718de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3719de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3720de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3721de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3722de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3723de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3724de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a7e0000 'C:\WINDOWS\system32\dsound.dll'
3725de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3726de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3727de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3728de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3729de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3730de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3731de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3732de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3733de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3734de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a7e0000 'C:\WINDOWS\system32\dsound.dll'
3735de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3736de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3737de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3738de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3739de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3740de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3741de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3742de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3743de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3744de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a7e0000 'C:\WINDOWS\system32\dsound.dll'
3745de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3746de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3747de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3748de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3749de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3750de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3751de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3752de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3753de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3754de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a7e0000 'C:\WINDOWS\system32\dsound.dll'
3755de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3756de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3757de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3758de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3759de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3760de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3761de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3762de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3763de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3764de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a7e0000 'C:\WINDOWS\system32\dsound.dll'
3765de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3766de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3767de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3768de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3769de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3770de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3771de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3772de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3773de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3774de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a7e0000 'C:\WINDOWS\system32\dsound.dll'
3775de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3776de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3777de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3778de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3779de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3780de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3781de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3782de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3783de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3784de0.16ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
3785de0.16ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3786de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94a7e0000 'C:\WINDOWS\system32\dsound.dll'
3787de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3788de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3789de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3790de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3791de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3792de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3793de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3794de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3795de0.16ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96f560000 'C:\WINDOWS\System32\winmm.dll'
3796de0.1d64: '\Device\HarddiskVolume3\Windows\System32\tzres.dll' has no imports
3797de0.1d64: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\tzres.dll)
3798de0.1d64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\tzres.dll
3799de0.1d64: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 00000000000013d8 (hFile=0000000000000b24) with 0xc0000022 -> STATUS_TRUST_FAILURE
3800de0.1d64: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\tzres.dll [avoiding WinVerifyTrust]
3801de0.1d64: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000000b24 (hFile=00000000000013d8) with 0xc0000022 -> STATUS_TRUST_FAILURE
3802de0.1d64: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000013f8 pwszName=\Device\HarddiskVolume3\Windows\System32\tzres.dll
3803de0.1d64: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d09d40
3804de0.1d64: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d09d40
3805de0.1d64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll
3806de0.1d64: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3807de0.1d64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986160000 'C:\WINDOWS\System32\WINTRUST.DLL'
3808de0.1d64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\CRYPT32.dll'
3809de0.1d64: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9AE03A57FFD84F7B6BBF711C750699FADBCAA231
3810de0.1d64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
3811de0.1d64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
3812de0.1d64: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.19041.264.cat'; file='\Device\HarddiskVolume3\Windows\System32\tzres.dll'
3813de0.1d64: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3814de0.1d64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\tzres.dll'
3815de0.1d64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985160000 'C:\WINDOWS\system32\rsaenh.dll'
3816de0.1d64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986270000 'C:\WINDOWS\System32\crypt32.dll'
3817de0.1d64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'ws2_32.dll'.
3818de0.1d64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
3819de0.1d64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\mswsock.dll) WinVerifyTrust
3820de0.1d64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\mswsock.dll
3821de0.1d64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3822de0.1d64: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3823de0.1d64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
3824de0.1d64: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
3825de0.1d64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
3826de0.1d64: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\mswsock.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3827de0.1d64: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mswsock.dll
3828de0.1d64: supR3HardenedDllNotificationCallback: load 00007ff985810000 LB 0x0006a000 C:\WINDOWS\system32\mswsock.dll [fFlags=0x0]
3829de0.1d64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mswsock.dll
3830de0.1d64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985810000 'C:\WINDOWS\system32\mswsock.dll'
3831de0.125c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986ae0000 'C:\WINDOWS\system32\ole32.dll'
3832de0.aec: supR3HardenedDllNotificationCallback: Unload 00007ff97c660000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [flags=0x0]
3833de0.1a64: supR3HardenedDllNotificationCallback: Unload 00007ff97cc30000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [flags=0x0]
3834de0.273c: supR3HardenedDllNotificationCallback: Unload 00007ff957e80000 LB 0x00014000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [flags=0x0]
3835de0.1040: supR3HardenedDllNotificationCallback: Unload 00007ff97cc90000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [flags=0x0]
3836de0.16ec: supR3HardenedDllNotificationCallback: Unload 00007ff97ceb0000 LB 0x0000f000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [flags=0x0]
3837de0.16ac: supR3HardenedDllNotificationCallback: Unload 00007ff957ea0000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [flags=0x0]
3838de0.16ac: supR3HardenedDllNotificationCallback: Unload 00007ff9606a0000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [flags=0x0]
3839de0.16ac: supR3HardenedDllNotificationCallback: Unload 00007ff9606c0000 LB 0x00012000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL [flags=0x0]
3840de0.16ac: supR3HardenedDllNotificationCallback: Unload 00007ff97cc40000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [flags=0x0]
3841de0.16ac: supR3HardenedDllNotificationCallback: Unload 00007ff979f80000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
3842de0.16ac: supR3HardenedDllNotificationCallback: Unload 00007ff91eed0000 LB 0x009e6000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [flags=0x0]
3843de0.16ac: supR3HardenedDllNotificationCallback: Unload 00007ff9606e0000 LB 0x00066000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [flags=0x0]
3844de0.16ac: supR3HardenedDllNotificationCallback: Unload 00007ff913cb0000 LB 0x0085c000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [flags=0x0]
3845de0.16ac: supR3HardenedDllNotificationCallback: Unload 00007ff986eb0000 LB 0x00467000 C:\WINDOWS\System32\SETUPAPI.dll [flags=0x0]
3846de0.125c: supR3HardenedDllNotificationCallback: Unload 00007ff97e8c0000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL [flags=0x0]
3847de0.125c: Terminating the normal way: rcExit=0
3848d38.2458: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 323326 ms, the end);
3849afc.37d4: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 324096 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy