4010.dc8: Log file opened: 6.1.18r142142 g_hStartupLog=0000000000000084 g_uNtVerCombined=0xa047bb00 4010.dc8: \SystemRoot\System32\ntdll.dll: 4010.dc8: CreationTime: 2021-01-26T08:52:18.292488700Z 4010.dc8: LastWriteTime: 2021-01-26T08:52:18.384536500Z 4010.dc8: ChangeTime: 2021-01-26T09:44:42.500475500Z 4010.dc8: FileAttributes: 0x20 4010.dc8: Size: 0x1e8060 4010.dc8: NT Headers: 0xd8 4010.dc8: Timestamp: 0x45a49e53 4010.dc8: Machine: 0x8664 - amd64 4010.dc8: Timestamp: 0x45a49e53 4010.dc8: Image Version: 10.0 4010.dc8: SizeOfImage: 0x1f0000 (2031616) 4010.dc8: Resource Dir: 0x17f000 LB 0x6f310 4010.dc8: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 4010.dc8: [Raw version resource data: 0x17f0f0 LB 0x380, codepage 0x0 (reserved 0x0)] 4010.dc8: ProductName: Microsoft® Windows® Operating System 4010.dc8: ProductVersion: 10.0.18362.1316 4010.dc8: FileVersion: 10.0.18362.1316 (WinBuild.160101.0800) 4010.dc8: FileDescription: NT Layer DLL 4010.dc8: \SystemRoot\System32\kernel32.dll: 4010.dc8: CreationTime: 2021-01-26T08:50:39.183677200Z 4010.dc8: LastWriteTime: 2021-01-26T08:50:39.228843100Z 4010.dc8: ChangeTime: 2021-01-26T09:44:41.554974500Z 4010.dc8: FileAttributes: 0x20 4010.dc8: Size: 0xb0498 4010.dc8: NT Headers: 0xf8 4010.dc8: Timestamp: 0x39c32a9b 4010.dc8: Machine: 0x8664 - amd64 4010.dc8: Timestamp: 0x39c32a9b 4010.dc8: Image Version: 10.0 4010.dc8: SizeOfImage: 0xb2000 (729088) 4010.dc8: Resource Dir: 0xb0000 LB 0x520 4010.dc8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 4010.dc8: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)] 4010.dc8: ProductName: Microsoft® Windows® Operating System 4010.dc8: ProductVersion: 10.0.18362.1316 4010.dc8: FileVersion: 10.0.18362.1316 (WinBuild.160101.0800) 4010.dc8: FileDescription: Windows NT BASE API Client DLL 4010.dc8: \SystemRoot\System32\KernelBase.dll: 4010.dc8: CreationTime: 2021-01-26T08:52:20.103079300Z 4010.dc8: LastWriteTime: 2021-01-26T08:52:20.251514900Z 4010.dc8: ChangeTime: 2021-01-26T09:44:30.680602600Z 4010.dc8: FileAttributes: 0x20 4010.dc8: Size: 0x2a5c90 4010.dc8: NT Headers: 0x100 4010.dc8: Timestamp: 0xf9127b9c 4010.dc8: Machine: 0x8664 - amd64 4010.dc8: Timestamp: 0xf9127b9c 4010.dc8: Image Version: 10.0 4010.dc8: SizeOfImage: 0x2a5000 (2772992) 4010.dc8: Resource Dir: 0x27f000 LB 0x548 4010.dc8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 4010.dc8: [Raw version resource data: 0x27f0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)] 4010.dc8: ProductName: Microsoft® Windows® Operating System 4010.dc8: ProductVersion: 10.0.18362.1316 4010.dc8: FileVersion: 10.0.18362.1316 (WinBuild.160101.0800) 4010.dc8: FileDescription: Windows NT BASE API Client DLL 4010.dc8: \SystemRoot\System32\apisetschema.dll: 4010.dc8: CreationTime: 2019-03-19T04:43:54.837151500Z 4010.dc8: LastWriteTime: 2019-03-19T04:43:54.837151500Z 4010.dc8: ChangeTime: 2021-01-26T08:56:21.294159100Z 4010.dc8: FileAttributes: 0x20 4010.dc8: Size: 0x1d028 4010.dc8: NT Headers: 0xc8 4010.dc8: Timestamp: 0xd6ced080 4010.dc8: Machine: 0x8664 - amd64 4010.dc8: Timestamp: 0xd6ced080 4010.dc8: Image Version: 10.0 4010.dc8: SizeOfImage: 0x1e000 (122880) 4010.dc8: Resource Dir: 0x1d000 LB 0x408 4010.dc8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 4010.dc8: [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)] 4010.dc8: ProductName: Microsoft® Windows® Operating System 4010.dc8: ProductVersion: 10.0.18362.1 4010.dc8: FileVersion: 10.0.18362.1 (WinBuild.160101.0800) 4010.dc8: FileDescription: ApiSet Schema DLL 4010.dc8: NtOpenDirectoryObject failed on \Driver: 0xc0000022 4010.dc8: supR3HardenedWinFindAdversaries: 0x0 4010.dc8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' 4010.dc8: Calling main() 4010.dc8: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2 4010.dc8: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' 4010.dc8: SUPR3HardenedMain: Respawn #1 4010.dc8: System32: \Device\HarddiskVolume3\Windows\System32 4010.dc8: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS 4010.dc8: KnownDllPath: C:\WINDOWS\System32 4010.dc8: supR3HardenedWinInit: Performing a limited self purification... 4010.dc8: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION 4010.dc8: *0000000000000000-0000000000f5ffff 0x0001/0x0000 0x0000000 4010.dc8: *0000000000f60000-0000000000f6ffff 0x0004/0x0004 0x0040000 4010.dc8: *0000000000f70000-0000000000f70fff 0x0002/0x0002 0x0040000 4010.dc8: 0000000000f71000-0000000000f7ffff 0x0001/0x0000 0x0000000 4010.dc8: *0000000000f80000-0000000000f9afff 0x0002/0x0002 0x0040000 4010.dc8: 0000000000f9b000-0000000000f9ffff 0x0001/0x0000 0x0000000 4010.dc8: *0000000000fa0000-0000000000fa3fff 0x0002/0x0002 0x0040000 4010.dc8: 0000000000fa4000-0000000000faffff 0x0001/0x0000 0x0000000 4010.dc8: *0000000000fb0000-0000000000fb1fff 0x0004/0x0004 0x0020000 4010.dc8: 0000000000fb2000-0000000000fbffff 0x0001/0x0000 0x0000000 4010.dc8: *0000000000fc0000-0000000000fc0fff 0x0004/0x0004 0x0020000 4010.dc8: 0000000000fc1000-0000000000fcffff 0x0001/0x0000 0x0000000 4010.dc8: *0000000000fd0000-0000000000fd0fff 0x0002/0x0004 0x0020000 4010.dc8: 0000000000fd1000-0000000000fd1fff 0x0020/0x0004 0x0020000 !! 4010.dc8: 0000000000fd2000-0000000000fdffff 0x0001/0x0000 0x0000000 4010.dc8: *0000000000fe0000-0000000000fe0fff 0x0020/0x0004 0x0020000 !! 4010.dc8: 0000000000fe1000-0000000000feffff 0x0001/0x0000 0x0000000 4010.dc8: *0000000000ff0000-0000000000ff0fff 0x0004/0x0004 0x0020000 4010.dc8: 0000000000ff1000-0000000000ffffff 0x0001/0x0000 0x0000000 4010.dc8: *0000000001000000-000000000104ffff 0x0000/0x0004 0x0020000 4010.dc8: 0000000001050000-0000000001052fff 0x0004/0x0004 0x0020000 4010.dc8: 0000000001053000-00000000011fffff 0x0000/0x0004 0x0020000 4010.dc8: *0000000001200000-00000000012b8fff 0x0000/0x0004 0x0020000 4010.dc8: 00000000012b9000-00000000012bbfff 0x0104/0x0004 0x0020000 4010.dc8: 00000000012bc000-00000000012fffff 0x0004/0x0004 0x0020000 4010.dc8: *0000000001300000-0000000001301fff 0x0004/0x0004 0x0020000 4010.dc8: 0000000001302000-0000000001331fff 0x0000/0x0004 0x0020000 4010.dc8: 0000000001332000-000000000136ffff 0x0001/0x0000 0x0000000 4010.dc8: *0000000001370000-0000000001380fff 0x0004/0x0004 0x0020000 4010.dc8: 0000000001381000-000000000146ffff 0x0000/0x0004 0x0020000 4010.dc8: *0000000001470000-0000000001536fff 0x0002/0x0002 0x0040000 4010.dc8: 0000000001537000-000000000153ffff 0x0001/0x0000 0x0000000 4010.dc8: *0000000001540000-0000000001540fff 0x0004/0x0004 0x0020000 4010.dc8: 0000000001541000-0000000001571fff 0x0000/0x0004 0x0020000 4010.dc8: 0000000001572000-000000000157ffff 0x0001/0x0000 0x0000000 4010.dc8: *0000000001580000-0000000001580fff 0x0004/0x0004 0x0020000 4010.dc8: 0000000001581000-00000000015b1fff 0x0000/0x0004 0x0020000 4010.dc8: 00000000015b2000-00000000015bffff 0x0001/0x0000 0x0000000 4010.dc8: *00000000015c0000-00000000015c0fff 0x0004/0x0004 0x0020000 4010.dc8: 00000000015c1000-00000000015f1fff 0x0000/0x0004 0x0020000 4010.dc8: 00000000015f2000-00000000015fffff 0x0001/0x0000 0x0000000 4010.dc8: *0000000001600000-0000000001601fff 0x0004/0x0004 0x0020000 4010.dc8: 0000000001602000-0000000001631fff 0x0000/0x0004 0x0020000 4010.dc8: 0000000001632000-000000000167ffff 0x0001/0x0000 0x0000000 4010.dc8: *0000000001680000-000000000173ffff 0x0004/0x0004 0x0020000 4010.dc8: 0000000001740000-000000000174ffff 0x0000/0x0004 0x0020000 4010.dc8: 0000000001750000-000000000177ffff 0x0001/0x0000 0x0000000 4010.dc8: *0000000001780000-0000000001783fff 0x0004/0x0004 0x0020000 4010.dc8: 0000000001784000-0000000001b7ffff 0x0000/0x0004 0x0020000 4010.dc8: *0000000001b80000-0000000001b9cfff 0x0004/0x0004 0x0020000 4010.dc8: 0000000001b9d000-0000000001c7ffff 0x0000/0x0004 0x0020000 4010.dc8: 0000000001c80000-0000000001ccffff 0x0001/0x0000 0x0000000 4010.dc8: *0000000001cd0000-0000000001ceafff 0x0004/0x0004 0x0020000 4010.dc8: 0000000001ceb000-00000000020cffff 0x0000/0x0004 0x0020000 4010.dc8: 00000000020d0000-000000000221ffff 0x0001/0x0000 0x0000000 4010.dc8: *0000000002220000-000000000222efff 0x0004/0x0004 0x0020000 4010.dc8: 000000000222f000-000000000222ffff 0x0000/0x0004 0x0020000 4010.dc8: *0000000002230000-0000000002234fff 0x0000/0x0004 0x0020000 4010.dc8: 0000000002235000-0000000002425fff 0x0004/0x0004 0x0020000 4010.dc8: 0000000002426000-0000000002426fff 0x0000/0x0004 0x0020000 4010.dc8: 0000000002427000-000000007ffdffff 0x0001/0x0000 0x0000000 4010.dc8: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 4010.dc8: 000000007ffe1000-000000007ffe9fff 0x0001/0x0000 0x0000000 4010.dc8: *000000007ffea000-000000007ffeafff 0x0002/0x0002 0x0020000 4010.dc8: 000000007ffeb000-00007ff45bdcffff 0x0001/0x0000 0x0000000 4010.dc8: *00007ff45bdd0000-00007ff45bdd0fff 0x0004/0x0004 0x0020000 4010.dc8: 00007ff45bdd1000-00007ff45bddffff 0x0001/0x0000 0x0000000 4010.dc8: *00007ff45bde0000-00007ff45bde4fff 0x0002/0x0002 0x0040000 4010.dc8: 00007ff45bde5000-00007ff45bedffff 0x0000/0x0002 0x0040000 4010.dc8: *00007ff45bee0000-00007ff55befffff 0x0000/0x0004 0x0020000 4010.dc8: *00007ff55bf00000-00007ff55defffff 0x0000/0x0004 0x0020000 4010.dc8: 00007ff55df00000-00007ff55df00fff 0x0004/0x0004 0x0020000 4010.dc8: 00007ff55df01000-00007ff55df0ffff 0x0001/0x0000 0x0000000 4010.dc8: *00007ff55df10000-00007ff55df10fff 0x0020/0x0004 0x0020000 !! 4010.dc8: 00007ff55df11000-00007ff55df1ffff 0x0001/0x0000 0x0000000 4010.dc8: *00007ff55df20000-00007ff55df20fff 0x0002/0x0002 0x0040000 4010.dc8: 00007ff55df21000-00007ff55df2ffff 0x0001/0x0000 0x0000000 4010.dc8: *00007ff55df30000-00007ff55df52fff 0x0002/0x0002 0x0040000 4010.dc8: 00007ff55df53000-00007ff687a9ffff 0x0001/0x0000 0x0000000 4010.dc8: *00007ff687aa0000-00007ff687aa0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 4010.dc8: 00007ff687aa1000-00007ff687b17fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 4010.dc8: 00007ff687b18000-00007ff687b18fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 4010.dc8: 00007ff687b19000-00007ff687b61fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 4010.dc8: 00007ff687b62000-00007ff687b64fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 4010.dc8: 00007ff687b65000-00007ff687b67fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 4010.dc8: 00007ff687b68000-00007ff687b6afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 4010.dc8: 00007ff687b6b000-00007ff687b6bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 4010.dc8: 00007ff687b6c000-00007ff687b6dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 4010.dc8: 00007ff687b6e000-00007ff687b6efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 4010.dc8: 00007ff687b6f000-00007ff687bb7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 4010.dc8: 00007ff687bb8000-00007ffa1fd7ffff 0x0001/0x0000 0x0000000 4010.dc8: *00007ffa1fd80000-00007ffa1fd8ffff 0x0020/0x0020 0x0020000 !! 4010.dc8: 00007ffa1fd90000-00007ffa1fddffff 0x0001/0x0000 0x0000000 4010.dc8: *00007ffa1fde0000-00007ffa1fdeffff 0x0020/0x0020 0x0020000 !! 4010.dc8: 00007ffa1fdf0000-00007ffa1fe1ffff 0x0001/0x0000 0x0000000 4010.dc8: *00007ffa1fe20000-00007ffa1fe2ffff 0x0020/0x0020 0x0020000 !! 4010.dc8: 00007ffa1fe30000-00007ffa530dffff 0x0001/0x0000 0x0000000 4010.dc8: *00007ffa530e0000-00007ffa530e0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Bitdefender\Endpoint Security\atcuf\264931047760000000\atcuf64.dll 4010.dc8: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa530e0000 LB 0x1000 (base 00007ffa530e0000) - 'atcuf64.dll' 4010.dc8: 00007ffa530e1000-00007ffa53118fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Bitdefender\Endpoint Security\atcuf\264931047760000000\atcuf64.dll 4010.dc8: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa530e1000 LB 0x38000 (base 00007ffa530e0000) - 'atcuf64.dll' 4010.dc8: 00007ffa53119000-00007ffa5319ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Bitdefender\Endpoint Security\atcuf\264931047760000000\atcuf64.dll 4010.dc8: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa53119000 LB 0x87000 (base 00007ffa530e0000) - 'atcuf64.dll' 4010.dc8: 00007ffa531a0000-00007ffa531a6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Bitdefender\Endpoint Security\atcuf\264931047760000000\atcuf64.dll 4010.dc8: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa531a0000 LB 0x7000 (base 00007ffa530e0000) - 'atcuf64.dll' 4010.dc8: 00007ffa531a7000-00007ffa531a7fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Bitdefender\Endpoint Security\atcuf\264931047760000000\atcuf64.dll 4010.dc8: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa531a7000 LB 0x1000 (base 00007ffa530e0000) - 'atcuf64.dll' 4010.dc8: 00007ffa531a8000-00007ffa531abfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Bitdefender\Endpoint Security\atcuf\264931047760000000\atcuf64.dll 4010.dc8: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa531a8000 LB 0x4000 (base 00007ffa530e0000) - 'atcuf64.dll' 4010.dc8: 00007ffa531ac000-00007ffa531affff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Bitdefender\Endpoint Security\atcuf\264931047760000000\atcuf64.dll 4010.dc8: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa531ac000 LB 0x4000 (base 00007ffa530e0000) - 'atcuf64.dll' 4010.dc8: 00007ffa531b0000-00007ffa531b9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Bitdefender\Endpoint Security\atcuf\264931047760000000\atcuf64.dll 4010.dc8: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffa531b0000 LB 0xa000 (base 00007ffa530e0000) - 'atcuf64.dll' 4010.dc8: 00007ffa531ba000-00007ffa9577ffff 0x0001/0x0000 0x0000000 4010.dc8: *00007ffa95780000-00007ffa95780fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\apphelp.dll 4010.dc8: 00007ffa95781000-00007ffa957cdfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\apphelp.dll 4010.dc8: 00007ffa957ce000-00007ffa957effff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\apphelp.dll 4010.dc8: 00007ffa957f0000-00007ffa957f2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\apphelp.dll 4010.dc8: 00007ffa957f3000-00007ffa9580efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\apphelp.dll 4010.dc8: 00007ffa9580f000-00007ffa9ce6ffff 0x0001/0x0000 0x0000000 4010.dc8: *00007ffa9ce70000-00007ffa9ce70fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll 4010.dc8: 00007ffa9ce71000-00007ffa9cf76fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll 4010.dc8: 00007ffa9cf77000-00007ffa9d0d9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll 4010.dc8: 00007ffa9d0da000-00007ffa9d0ddfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll 4010.dc8: 00007ffa9d0de000-00007ffa9d0defff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll 4010.dc8: 00007ffa9d0df000-00007ffa9d114fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll 4010.dc8: 00007ffa9d115000-00007ffa9e47ffff 0x0001/0x0000 0x0000000 4010.dc8: *00007ffa9e480000-00007ffa9e480fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll 4010.dc8: 00007ffa9e481000-00007ffa9e4f5fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll 4010.dc8: 00007ffa9e4f6000-00007ffa9e527fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll 4010.dc8: 00007ffa9e528000-00007ffa9e528fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll 4010.dc8: 00007ffa9e529000-00007ffa9e529fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll 4010.dc8: 00007ffa9e52a000-00007ffa9e531fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll 4010.dc8: 00007ffa9e532000-00007ffa9fd3ffff 0x0001/0x0000 0x0000000 4010.dc8: *00007ffa9fd40000-00007ffa9fd40fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 4010.dc8: 00007ffa9fd41000-00007ffa9fe57fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 4010.dc8: 00007ffa9fe58000-00007ffa9fe9efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 4010.dc8: 00007ffa9fe9f000-00007ffa9fe9ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 4010.dc8: 00007ffa9fea0000-00007ffa9fea1fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 4010.dc8: 00007ffa9fea2000-00007ffa9feaafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 4010.dc8: 00007ffa9feab000-00007ffa9ff2ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 4010.dc8: 00007ffa9ff30000-00007ffffffeffff 0x0001/0x0000 0x0000000 4010.dc8: kernel32.dll: timestamp 0x39c32a9b (rc=VINF_SUCCESS) 4010.dc8: kernelbase.dll: timestamp 0xf9127b9c (rc=VINF_SUCCESS) 4010.dc8: apphelp.dll: timestamp 0x5b502ec5 (rc=VINF_SUCCESS) 4010.dc8: VirtualBoxVM.exe: timestamp 0x5ff72a09 (rc=VINF_SUCCESS) 4010.dc8: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202 4010.dc8: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports 4010.dc8: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports 4010.dc8: ntdll.dll: Differences in section #1 (.text) between file and memory: 4010.dc8: 00007ffa9fd7aa20 / 0x003aa20: 48 != e9 4010.dc8: 00007ffa9fd7aa21 / 0x003aa21: 89 != db 4010.dc8: 00007ffa9fd7aa22 / 0x003aa22: 5c != 55 4010.dc8: 00007ffa9fd7aa23 / 0x003aa23: 24 != 00 4010.dc8: 00007ffa9fd7aa24 / 0x003aa24: 08 != 80 4010.dc8: Restored 0x2000 bytes of original file content at 00007ffa9fd79000 4010.dc8: ntdll.dll: Differences in section #1 (.text) between file and memory: 4010.dc8: 00007ffa9fddc880 / 0x009c880: 4c != e9 4010.dc8: 00007ffa9fddc881 / 0x009c881: 8b != fb 4010.dc8: 00007ffa9fddc882 / 0x009c882: d1 != 48 4010.dc8: 00007ffa9fddc883 / 0x009c883: b8 != 04 4010.dc8: 00007ffa9fddc884 / 0x009c884: 0d != 80 4010.dc8: 00007ffa9fddc8c0 / 0x009c8c0: 4c != e9 4010.dc8: 00007ffa9fddc8c1 / 0x009c8c1: 8b != 3b 4010.dc8: 00007ffa9fddc8c2 / 0x009c8c2: d1 != 39 4010.dc8: 00007ffa9fddc8c3 / 0x009c8c3: b8 != 04 4010.dc8: 00007ffa9fddc8c4 / 0x009c8c4: 0f != 80 4010.dc8: 00007ffa9fddcba0 / 0x009cba0: 4c != e9 4010.dc8: 00007ffa9fddcba1 / 0x009cba1: 8b != db 4010.dc8: 00007ffa9fddcba2 / 0x009cba2: d1 != 3b 4010.dc8: 00007ffa9fddcba3 / 0x009cba3: b8 != 04 4010.dc8: 00007ffa9fddcba4 / 0x009cba4: 26 != 80 4010.dc8: 00007ffa9fddcbe0 / 0x009cbe0: 4c != e9 4010.dc8: 00007ffa9fddcbe1 / 0x009cbe1: 8b != 1b 4010.dc8: 00007ffa9fddcbe2 / 0x009cbe2: d1 != 34 4010.dc8: 00007ffa9fddcbe3 / 0x009cbe3: b8 != 00 4010.dc8: 00007ffa9fddcbe4 / 0x009cbe4: 28 != 80 4010.dc8: 00007ffa9fddcc60 / 0x009cc60: 4c != e9 4010.dc8: 00007ffa9fddcc61 / 0x009cc61: 8b != 1b 4010.dc8: 00007ffa9fddcc62 / 0x009cc62: d1 != 44 4010.dc8: 00007ffa9fddcc63 / 0x009cc63: b8 != 04 4010.dc8: 00007ffa9fddcc64 / 0x009cc64: 2c != 80 4010.dc8: 00007ffa9fddce20 / 0x009ce20: 4c != e9 4010.dc8: 00007ffa9fddce21 / 0x009ce21: 8b != db 4010.dc8: 00007ffa9fddce22 / 0x009ce22: d1 != 37 4010.dc8: 00007ffa9fddce23 / 0x009ce23: b8 != 04 4010.dc8: 00007ffa9fddce24 / 0x009ce24: 3a != 80 4010.dc8: 00007ffa9fddce60 / 0x009ce60: 4c != e9 4010.dc8: 00007ffa9fddce61 / 0x009ce61: 8b != 1b 4010.dc8: 00007ffa9fddce62 / 0x009ce62: d1 != 3a 4010.dc8: 00007ffa9fddce63 / 0x009ce63: b8 != 04 4010.dc8: 00007ffa9fddce64 / 0x009ce64: 3c != 80 4010.dc8: 00007ffa9fddcf00 / 0x009cf00: 4c != e9 4010.dc8: 00007ffa9fddcf01 / 0x009cf01: 8b != fb 4010.dc8: 00007ffa9fddcf02 / 0x009cf02: d1 != 31 4010.dc8: 00007ffa9fddcf03 / 0x009cf03: b8 != 00 4010.dc8: 00007ffa9fddcf04 / 0x009cf04: 41 != 80 4010.dc8: 00007ffa9fddcf80 / 0x009cf80: 4c != e9 4010.dc8: 00007ffa9fddcf81 / 0x009cf81: 8b != 7b 4010.dc8: 00007ffa9fddcf82 / 0x009cf82: d1 != 39 4010.dc8: 00007ffa9fddcf83 / 0x009cf83: b8 != 04 4010.dc8: 00007ffa9fddcf84 / 0x009cf84: 45 != 80 4010.dc8: 00007ffa9fddd080 / 0x009d080: 4c != e9 4010.dc8: 00007ffa9fddd081 / 0x009d081: 8b != 7b 4010.dc8: 00007ffa9fddd082 / 0x009d082: d1 != 32 4010.dc8: 00007ffa9fddd083 / 0x009d083: b8 != 04 4010.dc8: 00007ffa9fddd084 / 0x009d084: 4d != 80 4010.dc8: 00007ffa9fddd0a0 / 0x009d0a0: 4c != e9 4010.dc8: 00007ffa9fddd0a1 / 0x009d0a1: 8b != 5b 4010.dc8: 00007ffa9fddd0a2 / 0x009d0a2: d1 != 34 4010.dc8: 00007ffa9fddd0a3 / 0x009d0a3: b8 != 04 4010.dc8: 00007ffa9fddd0a4 / 0x009d0a4: 4e != 80 4010.dc8: 00007ffa9fddd5b0 / 0x009d5b0: 4c != e9 4010.dc8: 00007ffa9fddd5b1 / 0x009d5b1: 8b != 4b 4010.dc8: 00007ffa9fddd5b2 / 0x009d5b2: d1 != 3c 4010.dc8: 00007ffa9fddd5b3 / 0x009d5b3: b8 != 04 4010.dc8: 00007ffa9fddd5b4 / 0x009d5b4: 77 != 80 4010.dc8: 00007ffa9fddd5f0 / 0x009d5f0: 4c != e9 4010.dc8: 00007ffa9fddd5f2 / 0x009d5f2: d1 != 3c 4010.dc8: 00007ffa9fddd5f3 / 0x009d5f3: b8 != 04 4010.dc8: 00007ffa9fddd5f4 / 0x009d5f4: 79 != 80 4010.dc8: 00007ffa9fddd810 / 0x009d810: 4c != e9 4010.dc8: 00007ffa9fddd811 / 0x009d811: 8b != eb 4010.dc8: 00007ffa9fddd812 / 0x009d812: d1 != 3a 4010.dc8: 00007ffa9fddd813 / 0x009d813: b8 != 04 4010.dc8: 00007ffa9fddd814 / 0x009d814: 8a != 80 4010.dc8: 00007ffa9fdddd70 / 0x009dd70: 4c != e9 4010.dc8: 00007ffa9fdddd71 / 0x009dd71: 8b != 0b 4010.dc8: 00007ffa9fdddd72 / 0x009dd72: d1 != 25 4010.dc8: 00007ffa9fdddd73 / 0x009dd73: b8 != 04 4010.dc8: 00007ffa9fdddd74 / 0x009dd74: b5 != 80 4010.dc8: Restored 0x2000 bytes of original file content at 00007ffa9fddbdfe 4010.dc8: ntdll.dll: Differences in section #1 (.text) between file and memory: 4010.dc8: 00007ffa9fddde70 / 0x009de70: 4c != e9 4010.dc8: 00007ffa9fddde71 / 0x009de71: 8b != 0b 4010.dc8: 00007ffa9fddde72 / 0x009de72: d1 != 27 4010.dc8: 00007ffa9fddde73 / 0x009de73: b8 != 04 4010.dc8: 00007ffa9fddde74 / 0x009de74: bd != 80 4010.dc8: 00007ffa9fdddf50 / 0x009df50: 4c != e9 4010.dc8: 00007ffa9fdddf51 / 0x009df51: 8b != 2b 4010.dc8: 00007ffa9fdddf52 / 0x009df52: d1 != 24 4010.dc8: 00007ffa9fdddf53 / 0x009df53: b8 != 04 4010.dc8: 00007ffa9fdddf54 / 0x009df54: c4 != 80 4010.dc8: 00007ffa9fddf210 / 0x009f210: 4c != e9 4010.dc8: 00007ffa9fddf211 / 0x009f211: 8b != eb 4010.dc8: 00007ffa9fddf212 / 0x009f212: d1 != 21 4010.dc8: 00007ffa9fddf213 / 0x009f213: b8 != 04 4010.dc8: 00007ffa9fddf214 / 0x009f214: 5a != 80 4010.dc8: 00007ffa9fddf2f0 / 0x009f2f0: 4c != e9 4010.dc8: 00007ffa9fddf2f2 / 0x009f2f2: d1 != 11 4010.dc8: 00007ffa9fddf2f3 / 0x009f2f3: b8 != 00 4010.dc8: 00007ffa9fddf2f4 / 0x009f2f4: 61 != 80 4010.dc8: 00007ffa9fddf770 / 0x009f770: 4c != e9 4010.dc8: 00007ffa9fddf771 / 0x009f771: 8b != 0b 4010.dc8: 00007ffa9fddf772 / 0x009f772: d1 != 09 4010.dc8: 00007ffa9fddf773 / 0x009f773: b8 != 00 4010.dc8: 00007ffa9fddf774 / 0x009f774: 85 != 80 4010.dc8: 00007ffa9fddfb30 / 0x009fb30: 4c != e9 4010.dc8: 00007ffa9fddfb31 / 0x009fb31: 8b != 4b 4010.dc8: 00007ffa9fddfb32 / 0x009fb32: d1 != 18 4010.dc8: 00007ffa9fddfb33 / 0x009fb33: b8 != 04 4010.dc8: 00007ffa9fddfb34 / 0x009fb34: a3 != 80 4010.dc8: Restored 0x2000 bytes of original file content at 00007ffa9fddddfe 4010.dc8: ntdll.dll: Differences in section #1 (.text) between file and memory: 4010.dc8: 00007ffa9fe1b920 / 0x00db920: 48 != e9 4010.dc8: 00007ffa9fe1b921 / 0x00db921: 8b != db 4010.dc8: 00007ffa9fe1b922 / 0x00db922: c4 != 46 4010.dc8: 00007ffa9fe1b923 / 0x00db923: 48 != 00 4010.dc8: 00007ffa9fe1b924 / 0x00db924: 89 != 80 4010.dc8: Restored 0x2000 bytes of original file content at 00007ffa9fe1a49e 4010.dc8: kernel32.dll: Differences in section #1 (.text) between file and memory: 4010.dc8: 00007ffa9e4a0180 / 0x0020180: 4c != e9 4010.dc8: 00007ffa9e4a0181 / 0x0020181: 8b != fb 4010.dc8: 00007ffa9e4a0182 / 0x0020182: dc != ff 4010.dc8: 00007ffa9e4a0183 / 0x0020183: 53 != 97 4010.dc8: 00007ffa9e4a0184 / 0x0020184: 56 != 81 4010.dc8: Restored 0x2000 bytes of original file content at 00007ffa9e49f000 4010.dc8: kernel32.dll: Differences in section #1 (.text) between file and memory: 4010.dc8: 00007ffa9e4a3170 / 0x0023170: 89 != e9 4010.dc8: 00007ffa9e4a3171 / 0x0023171: 54 != 0b 4010.dc8: 00007ffa9e4a3172 / 0x0023172: 24 != d8 4010.dc8: 00007ffa9e4a3173 / 0x0023173: 10 != 97 4010.dc8: 00007ffa9e4a3174 / 0x0023174: 89 != 81 4010.dc8: Restored 0x2000 bytes of original file content at 00007ffa9e4a3000 4010.dc8: kernel32.dll: Differences in section #1 (.text) between file and memory: 4010.dc8: 00007ffa9e4db5f0 / 0x005b5f0: 48 != e9 4010.dc8: 00007ffa9e4db5f1 / 0x005b5f1: 83 != 8b 4010.dc8: 00007ffa9e4db5f2 / 0x005b5f2: ec != 55 4010.dc8: 00007ffa9e4db5f3 / 0x005b5f3: 38 != 94 4010.dc8: 00007ffa9e4db5f4 / 0x005b5f4: 48 != 81 4010.dc8: 00007ffa9e4db6f0 / 0x005b6f0: 48 != e9 4010.dc8: 00007ffa9e4db6f1 / 0x005b6f1: 83 != 8b 4010.dc8: 00007ffa9e4db6f2 / 0x005b6f2: ec != 55 4010.dc8: 00007ffa9e4db6f3 / 0x005b6f3: 38 != 94 4010.dc8: 00007ffa9e4db6f4 / 0x005b6f4: 48 != 81 4010.dc8: 00007ffa9e4dc820 / 0x005c820: 48 != e9 4010.dc8: 00007ffa9e4dc821 / 0x005c821: 89 != 5b 4010.dc8: 00007ffa9e4dc822 / 0x005c822: 5c != 42 4010.dc8: 00007ffa9e4dc823 / 0x005c823: 24 != 94 4010.dc8: 00007ffa9e4dc824 / 0x005c824: 08 != 81 4010.dc8: Restored 0x2000 bytes of original file content at 00007ffa9e4db000 4010.dc8: kernelbase.dll: Differences in section #1 (.text) between file and memory: 4010.dc8: 00007ffa9ce75280 / 0x0005280: 40 != e9 4010.dc8: 00007ffa9ce75281 / 0x0005281: 55 != 7b 4010.dc8: 00007ffa9ce75282 / 0x0005282: 53 != b8 4010.dc8: 00007ffa9ce75283 / 0x0005283: 56 != fa 4010.dc8: 00007ffa9ce75284 / 0x0005284: 57 != 82 4010.dc8: Restored 0x2000 bytes of original file content at 00007ffa9ce75000 4010.dc8: kernelbase.dll: Differences in section #1 (.text) between file and memory: 4010.dc8: 00007ffa9ce83d30 / 0x0013d30: 48 != e9 4010.dc8: 00007ffa9ce83d31 / 0x0013d31: 83 != cb 4010.dc8: 00007ffa9ce83d32 / 0x0013d32: ec != c6 4010.dc8: 00007ffa9ce83d33 / 0x0013d33: 38 != f5 4010.dc8: 00007ffa9ce83d34 / 0x0013d34: b8 != 82 4010.dc8: Restored 0x2000 bytes of original file content at 00007ffa9ce83000 4010.dc8: kernelbase.dll: Differences in section #1 (.text) between file and memory: 4010.dc8: 00007ffa9ce8b040 / 0x001b040: 48 != e9 4010.dc8: 00007ffa9ce8b041 / 0x001b041: 89 != bb 4010.dc8: 00007ffa9ce8b042 / 0x001b042: 5c != 5e 4010.dc8: 00007ffa9ce8b043 / 0x001b043: 24 != f9 4010.dc8: 00007ffa9ce8b044 / 0x001b044: 18 != 82 4010.dc8: Restored 0x2000 bytes of original file content at 00007ffa9ce8b000 4010.dc8: kernelbase.dll: Differences in section #1 (.text) between file and memory: 4010.dc8: 00007ffa9ce9dcc0 / 0x002dcc0: 40 != e9 4010.dc8: 00007ffa9ce9dcc1 / 0x002dcc1: 53 != 3b 4010.dc8: 00007ffa9ce9dcc2 / 0x002dcc2: 48 != 2d 4010.dc8: 00007ffa9ce9dcc3 / 0x002dcc3: 83 != f8 4010.dc8: 00007ffa9ce9dcc4 / 0x002dcc4: ec != 82 4010.dc8: Restored 0x2000 bytes of original file content at 00007ffa9ce9d000 4010.dc8: kernelbase.dll: Differences in section #1 (.text) between file and memory: 4010.dc8: 00007ffa9cea7080 / 0x0037080: 4c != e9 4010.dc8: 00007ffa9cea7081 / 0x0037081: 8b != 7b 4010.dc8: 00007ffa9cea7082 / 0x0037082: dc != 97 4010.dc8: 00007ffa9cea7083 / 0x0037083: 48 != f7 4010.dc8: 00007ffa9cea7084 / 0x0037084: 83 != 82 4010.dc8: Restored 0x2000 bytes of original file content at 00007ffa9cea7000 4010.dc8: kernelbase.dll: Differences in section #1 (.text) between file and memory: 4010.dc8: 00007ffa9cec66f0 / 0x00566f0: 48 != e9 4010.dc8: 00007ffa9cec66f1 / 0x00566f1: 89 != 8b 4010.dc8: 00007ffa9cec66f2 / 0x00566f2: 5c != a8 4010.dc8: 00007ffa9cec66f3 / 0x00566f3: 24 != f5 4010.dc8: 00007ffa9cec66f4 / 0x00566f4: 08 != 82 4010.dc8: 00007ffa9cec6750 / 0x0056750: 4c != e9 4010.dc8: 00007ffa9cec6751 / 0x0056751: 8b != 2b 4010.dc8: 00007ffa9cec6752 / 0x0056752: dc != a7 4010.dc8: 00007ffa9cec6753 / 0x0056753: 48 != f5 4010.dc8: 00007ffa9cec6754 / 0x0056754: 83 != 82 4010.dc8: 00007ffa9cec67d0 / 0x00567d0: 4c != e9 4010.dc8: 00007ffa9cec67d1 / 0x00567d1: 8b != 2b 4010.dc8: 00007ffa9cec67d2 / 0x00567d2: dc != a6 4010.dc8: 00007ffa9cec67d3 / 0x00567d3: 48 != f5 4010.dc8: 00007ffa9cec67d4 / 0x00567d4: 83 != 82 4010.dc8: 00007ffa9cec6c30 / 0x0056c30: 4c != e9 4010.dc8: 00007ffa9cec6c31 / 0x0056c31: 89 != 4b 4010.dc8: 00007ffa9cec6c32 / 0x0056c32: 4c != 9a 4010.dc8: 00007ffa9cec6c33 / 0x0056c33: 24 != f5 4010.dc8: 00007ffa9cec6c34 / 0x0056c34: 20 != 82 4010.dc8: Restored 0x2000 bytes of original file content at 00007ffa9cec5000 4010.dc8: kernelbase.dll: Differences in section #1 (.text) between file and memory: 4010.dc8: 00007ffa9cec7310 / 0x0057310: 40 != e9 4010.dc8: 00007ffa9cec7311 / 0x0057311: 55 != 6b 4010.dc8: 00007ffa9cec7312 / 0x0057312: 53 != 9a 4010.dc8: 00007ffa9cec7313 / 0x0057313: 56 != f5 4010.dc8: 00007ffa9cec7314 / 0x0057314: 57 != 82 4010.dc8: 00007ffa9cec7ea0 / 0x0057ea0: 40 != e9 4010.dc8: 00007ffa9cec7ea1 / 0x0057ea1: 53 != 5b 4010.dc8: 00007ffa9cec7ea2 / 0x0057ea2: 56 != 88 4010.dc8: 00007ffa9cec7ea3 / 0x0057ea3: 57 != f5 4010.dc8: 00007ffa9cec7ea4 / 0x0057ea4: 41 != 82 4010.dc8: Restored 0x2000 bytes of original file content at 00007ffa9cec7000 4010.dc8: kernelbase.dll: Differences in section #1 (.text) between file and memory: 4010.dc8: 00007ffa9ced7240 / 0x0067240: 4c != e9 4010.dc8: 00007ffa9ced7241 / 0x0067241: 8b != 3b 4010.dc8: 00007ffa9ced7242 / 0x0067242: dc != 92 4010.dc8: 00007ffa9ced7243 / 0x0067243: 53 != f4 4010.dc8: 00007ffa9ced7244 / 0x0067244: 56 != 82 4010.dc8: Restored 0x2000 bytes of original file content at 00007ffa9ced7000 4010.dc8: kernelbase.dll: Differences in section #1 (.text) between file and memory: 4010.dc8: 00007ffa9cedb090 / 0x006b090: 40 != e9 4010.dc8: 00007ffa9cedb091 / 0x006b091: 53 != 6b 4010.dc8: 00007ffa9cedb092 / 0x006b092: 48 != 50 4010.dc8: 00007ffa9cedb093 / 0x006b093: 83 != f4 4010.dc8: 00007ffa9cedb094 / 0x006b094: ec != 82 4010.dc8: Restored 0x2000 bytes of original file content at 00007ffa9cedb000 4010.dc8: kernelbase.dll: Differences in section #1 (.text) between file and memory: 4010.dc8: 00007ffa9cedf0a0 / 0x006f0a0: 48 != e9 4010.dc8: 00007ffa9cedf0a1 / 0x006f0a1: 89 != db 4010.dc8: 00007ffa9cedf0a2 / 0x006f0a2: 5c != 0f 4010.dc8: 00007ffa9cedf0a3 / 0x006f0a3: 24 != f4 4010.dc8: 00007ffa9cedf0a4 / 0x006f0a4: 08 != 82 4010.dc8: Restored 0x2000 bytes of original file content at 00007ffa9cedf000 4010.dc8: kernelbase.dll: Differences in section #1 (.text) between file and memory: 4010.dc8: 00007ffa9cee8400 / 0x0078400: 48 != e9 4010.dc8: 00007ffa9cee8401 / 0x0078401: 83 != fb 4010.dc8: 00007ffa9cee8402 / 0x0078402: ec != 88 4010.dc8: 00007ffa9cee8403 / 0x0078403: 38 != f3 4010.dc8: 00007ffa9cee8404 / 0x0078404: 48 != 82 4010.dc8: 00007ffa9cee8430 / 0x0078430: 48 != e9 4010.dc8: 00007ffa9cee8431 / 0x0078431: 83 != cb 4010.dc8: 00007ffa9cee8432 / 0x0078432: ec != 87 4010.dc8: 00007ffa9cee8433 / 0x0078433: 38 != f3 4010.dc8: 00007ffa9cee8434 / 0x0078434: 48 != 82 4010.dc8: Restored 0x2000 bytes of original file content at 00007ffa9cee7000 4010.dc8: kernelbase.dll: Differences in section #1 (.text) between file and memory: 4010.dc8: 00007ffa9ceeaba0 / 0x007aba0: 45 != e9 4010.dc8: 00007ffa9ceeaba1 / 0x007aba1: 33 != 5b 4010.dc8: 00007ffa9ceeaba2 / 0x007aba2: c0 != 64 4010.dc8: 00007ffa9ceeaba3 / 0x007aba3: 33 != f3 4010.dc8: 00007ffa9ceeaba4 / 0x007aba4: d2 != 82 4010.dc8: Restored 0x2000 bytes of original file content at 00007ffa9cee9000 4010.dc8: kernelbase.dll: Differences in section #1 (.text) between file and memory: 4010.dc8: 00007ffa9cf630c0 / 0x00f30c0: 48 != e9 4010.dc8: 00007ffa9cf630c1 / 0x00f30c1: 83 != bb 4010.dc8: 00007ffa9cf630c2 / 0x00f30c2: ec != d2 4010.dc8: 00007ffa9cf630c3 / 0x00f30c3: 38 != e7 4010.dc8: 00007ffa9cf630c4 / 0x00f30c4: b8 != 82 4010.dc8: 00007ffa9cf630f0 / 0x00f30f0: 48 != e9 4010.dc8: 00007ffa9cf630f1 / 0x00f30f1: 83 != 8b 4010.dc8: 00007ffa9cf630f2 / 0x00f30f2: ec != d1 4010.dc8: 00007ffa9cf630f3 / 0x00f30f3: 38 != e7 4010.dc8: 00007ffa9cf630f4 / 0x00f30f4: 33 != 82 4010.dc8: 00007ffa9cf63170 / 0x00f3170: 48 != e9 4010.dc8: 00007ffa9cf63171 / 0x00f3171: 83 != 8b 4010.dc8: 00007ffa9cf63172 / 0x00f3172: ec != d1 4010.dc8: 00007ffa9cf63173 / 0x00f3173: 38 != e7 4010.dc8: 00007ffa9cf63174 / 0x00f3174: 33 != 82 4010.dc8: 00007ffa9cf635e0 / 0x00f35e0: 40 != e9 4010.dc8: 00007ffa9cf635e1 / 0x00f35e1: 53 != 1b 4010.dc8: 00007ffa9cf635e2 / 0x00f35e2: 48 != db 4010.dc8: 00007ffa9cf635e3 / 0x00f35e3: 81 != eb 4010.dc8: 00007ffa9cf635e4 / 0x00f35e4: ec != 82 4010.dc8: 00007ffa9cf63f80 / 0x00f3f80: 40 != e9 4010.dc8: 00007ffa9cf63f81 / 0x00f3f81: 53 != fb 4010.dc8: 00007ffa9cf63f82 / 0x00f3f82: 48 != c1 4010.dc8: 00007ffa9cf63f83 / 0x00f3f83: 83 != e7 4010.dc8: 00007ffa9cf63f84 / 0x00f3f84: ec != 82 4010.dc8: 00007ffa9cf641c0 / 0x00f41c0: 40 != e9 4010.dc8: 00007ffa9cf641c1 / 0x00f41c1: 53 != 3b 4010.dc8: 00007ffa9cf641c2 / 0x00f41c2: 48 != c0 4010.dc8: 00007ffa9cf641c3 / 0x00f41c3: 83 != e7 4010.dc8: 00007ffa9cf641c4 / 0x00f41c4: ec != 82 4010.dc8: Restored 0x2000 bytes of original file content at 00007ffa9cf63000 4010.dc8: kernelbase.dll: Differences in section #1 (.text) between file and memory: 4010.dc8: 00007ffa9cf6c200 / 0x00fc200: 4c != e9 4010.dc8: 00007ffa9cf6c201 / 0x00fc201: 8b != fb 4010.dc8: 00007ffa9cf6c202 / 0x00fc202: dc != 41 4010.dc8: 00007ffa9cf6c203 / 0x00fc203: 48 != eb 4010.dc8: 00007ffa9cf6c204 / 0x00fc204: 83 != 82 4010.dc8: Restored 0x2000 bytes of original file content at 00007ffa9cf6b000 4010.dc8: apphelp.dll: Differences in section #2 (.rdata) between file and memory: 4010.dc8: 00007ffa957cfe98 / 0x004fe98: 00 != 30 4010.dc8: 00007ffa957cfe99 / 0x004fe99: e6 != ee 4010.dc8: 00007ffa957cfe9a / 0x004fe9a: ee != 49 4010.dc8: 00007ffa957cfe9b / 0x004fe9b: 9c != 9e 4010.dc8: 00007ffa957cfea0 / 0x004fea0: e0 != a0 4010.dc8: 00007ffa957cfea1 / 0x004fea1: bf != 5e 4010.dc8: 00007ffa957cfea2 / 0x004fea2: e7 != 49 4010.dc8: 00007ffa957cfea3 / 0x004fea3: 9c != 9e 4010.dc8: 00007ffa957cfea8 / 0x004fea8: 30 != 00 4010.dc8: 00007ffa957cfea9 / 0x004fea9: 4f != 1e 4010.dc8: 00007ffa957cfeaa / 0x004feaa: ed != 4a 4010.dc8: 00007ffa957cfeab / 0x004feab: 9c != 9e 4010.dc8: 00007ffa957cfeb0 / 0x004feb0: 80 != a0 4010.dc8: 00007ffa957cfeb1 / 0x004feb1: ae != b7 4010.dc8: 00007ffa957cfeb2 / 0x004feb2: ed != 49 4010.dc8: 00007ffa957cfeb3 / 0x004feb3: 9c != 9e 4010.dc8: 00007ffa957cfeb8 / 0x004feb8: 80 != 10 4010.dc8: 00007ffa957cfeb9 / 0x004feb9: cd != 1e 4010.dc8: 00007ffa957cfeba / 0x004feba: ec != 4a 4010.dc8: 00007ffa957cfebb / 0x004febb: 9c != 9e 4010.dc8: 00007ffa957cfec0 / 0x004fec0: 50 != 90 4010.dc8: 00007ffa957cfec1 / 0x004fec1: 67 != be 4010.dc8: 00007ffa957cfec2 / 0x004fec2: ec != 49 4010.dc8: 00007ffa957cfec3 / 0x004fec3: 9c != 9e 4010.dc8: 00007ffa957cfec8 / 0x004fec8: e0 != b0 4010.dc8: 00007ffa957cfec9 / 0x004fec9: 6d != a1 4010.dc8: 00007ffa957cfeca / 0x004feca: ed != 49 4010.dc8: 00007ffa957cfecb / 0x004fecb: 9c != 9e 4010.dc8: 00007ffa957cfed8 / 0x004fed8: b0 != f0 4010.dc8: 00007ffa957cfed9 / 0x004fed9: 05 != a1 4010.dc8: 00007ffa957cfeda / 0x004feda: ea != 49 4010.dc8: 00007ffa957cfedb / 0x004fedb: 9c != 9e 4010.dc8: Restored 0x2000 bytes of original file content at 00007ffa957ce000 4010.dc8: supR3HardenedWinInit: SUPHARDNTVPKIND_SELF_PURIFICATION_LIMITED -> VINF_SUCCESS, cFixes=22 4010.dc8: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202 4010.dc8: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports 4010.dc8: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe) 4010.dc8: supR3HardNtEnableThreadCreationEx: 4010.dc8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffa9fdb1df0 pvNtTerminateThread=00007ffa9fddd140 4010.dc8: supR3HardenedWinDoReSpawn(1): New child 2e6c.3ab8 [kernel32]. 4010.dc8: supR3HardNtChildGatherData: PebBaseAddress=00000000006ac000 cbPeb=0x388 4010.dc8: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffa9fd40000 uNtDllChildAddr=00007ffa9fd40000 4010.dc8: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffa9fdb1df0 4010.dc8: supR3HardenedWinSetupChildInit: Initial context: rax=0000000000000000 rbx=0000000000000000 rcx=00007ff687aa7900 rdx=00000000006ac000 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000 rip=00007ffa9fdad4b0 rsp=00000000008ffb28 rbp=0000000000000000 ctxflags=0010001b cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000 4010.dc8: supR3HardenedWinSetupChildInit: Start child. 4010.dc8: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms. 4010.dc8: supR3HardNtChildPurify: Startup delay kludge #1/0: 259 ms, 29 sleeps 4010.dc8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 4010.dc8: *0000000000000000-00000000004dffff 0x0001/0x0000 0x0000000 4010.dc8: *00000000004e0000-00000000004fffff 0x0004/0x0004 0x0020000 4010.dc8: *0000000000500000-000000000051afff 0x0002/0x0002 0x0040000 4010.dc8: 000000000051b000-000000000051ffff 0x0001/0x0000 0x0000000 4010.dc8: *0000000000520000-0000000000523fff 0x0002/0x0002 0x0040000 4010.dc8: 0000000000524000-000000000052ffff 0x0001/0x0000 0x0000000 4010.dc8: *0000000000530000-0000000000531fff 0x0004/0x0004 0x0020000 4010.dc8: 0000000000532000-00000000005fffff 0x0001/0x0000 0x0000000 4010.dc8: *0000000000600000-00000000006abfff 0x0000/0x0004 0x0020000 4010.dc8: 00000000006ac000-00000000006aefff 0x0004/0x0004 0x0020000 4010.dc8: 00000000006af000-00000000007fffff 0x0000/0x0004 0x0020000 4010.dc8: *0000000000800000-00000000008fafff 0x0000/0x0004 0x0020000 4010.dc8: 00000000008fb000-00000000008fdfff 0x0104/0x0004 0x0020000 4010.dc8: 00000000008fe000-00000000008fffff 0x0004/0x0004 0x0020000 4010.dc8: 0000000000900000-000000007ffdffff 0x0001/0x0000 0x0000000 4010.dc8: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 4010.dc8: 000000007ffe1000-000000007ffe9fff 0x0001/0x0000 0x0000000 4010.dc8: *000000007ffea000-000000007ffeafff 0x0002/0x0002 0x0020000 4010.dc8: 000000007ffeb000-00007ff577cdffff 0x0001/0x0000 0x0000000 4010.dc8: *00007ff577ce0000-00007ff577ce0fff 0x0020/0x0004 0x0020000 !! 4010.dc8: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 00007ff577ce0000 (LB 0x1000, 00007ff577ce0000 LB 0x1000) 4010.dc8: 0000000001bcef50/0000: 16 00 20 00 00 00 00 00-10 00 ce 77 f5 7f 00 00 .. ........w.... 0000000001bcef60/0010: 61 00 74 00 63 00 75 00-66 00 36 00 34 00 2e 00 a.t.c.u.f.6.4... 0000000001bcef70/0020: 64 00 6c 00 6c 00 00 00-00 00 00 00 00 00 00 00 d.l.l........... 0000000001bcef80/0030: 43 00 3a 00 5c 00 50 00-72 00 6f 00 67 00 72 00 C.:.\.P.r.o.g.r. 0000000001bcef90/0040: 61 00 6d 00 20 00 46 00-69 00 6c 00 65 00 73 00 a.m. .F.i.l.e.s. 0000000001bcefa0/0050: 5c 00 42 00 69 00 74 00-64 00 65 00 66 00 65 00 \.B.i.t.d.e.f.e. 0000000001bcefb0/0060: 6e 00 64 00 65 00 72 00-5c 00 45 00 6e 00 64 00 n.d.e.r.\.E.n.d. 0000000001bcefc0/0070: 70 00 6f 00 69 00 6e 00-74 00 20 00 53 00 65 00 p.o.i.n.t. .S.e. 0000000001bcefd0/0080: 63 00 75 00 72 00 69 00-74 00 79 00 5c 00 61 00 c.u.r.i.t.y.\.a. 0000000001bcefe0/0090: 74 00 63 00 75 00 66 00-5c 00 32 00 36 00 34 00 t.c.u.f.\.2.6.4. 0000000001bceff0/00a0: 39 00 33 00 31 00 30 00-34 00 37 00 37 00 36 00 9.3.1.0.4.7.7.6. 0000000001bcf000/00b0: 30 00 30 00 30 00 30 00-30 00 30 00 30 00 5c 00 0.0.0.0.0.0.0.\. 0000000001bcf010/00c0: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................ **************** **** 0000000001bcf040/00f0: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................ 4010.dc8: 0000000001bcf350/0000: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................ **************** **** 0000000001bcf380/0030: 00 16 d6 9f fa 7f 00 00-e0 d0 dd 9f fa 7f 00 00 ................ 0000000001bcf390/0040: 48 89 5c 24 10 56 57 41-56 48 81 ec d0 00 00 00 H.\$.VWAVH...... 0000000001bcf3a0/0050: 48 83 ec 38 56 57 51 52-41 50 41 51 48 83 ec 40 H..8VWQRAPAQH..@ 0000000001bcf3b0/0060: 48 b9 ff ff ff ff ff ff-ff ff 48 8b 15 bf ff ff H.........H..... 0000000001bcf3c0/0070: ff 48 89 54 24 38 48 8d-54 24 38 48 c7 44 24 28 .H.T$8H.T$8H.D$( 0000000001bcf3d0/0080: 10 00 00 00 4c 8d 44 24-28 49 c7 c1 04 00 00 00 ....L.D$(I...... 0000000001bcf3e0/0090: 48 8d 7c 24 30 48 89 7c-24 20 48 8b 05 97 ff ff H.|$0H.|$ H..... 0000000001bcf3f0/00a0: ff ff d0 85 c0 0f 88 c4-00 00 00 48 8d 35 8e ff ...........H.5.. 0000000001bcf400/00b0: ff ff 48 8b 3d 77 ff ff-ff 48 c7 c1 10 00 00 00 ..H.=w...H...... 0000000001bcf410/00c0: fc f3 a4 48 b9 ff ff ff-ff ff ff ff ff 48 8b 15 ...H.........H.. 0000000001bcf420/00d0: 5c ff ff ff 48 89 54 24-38 48 8d 54 24 38 48 c7 \...H.T$8H.T$8H. 0000000001bcf430/00e0: 44 24 28 10 00 00 00 4c-8d 44 24 28 4c 8b 4c 24 D$(....L.D$(L.L$ 0000000001bcf440/00f0: 30 48 8d 7c 24 30 48 89-7c 24 20 48 8b 05 36 ff 0H.|$0H.|$ H..6. 4010.dc8: 0000000001bcf450/0000: ff ff ff d0 85 c0 78 67-48 83 c4 40 41 59 41 58 ......xgH..@AYAX 0000000001bcf460/0010: 5a 59 5f 5e 48 8b 05 15-ff ff ff 48 83 ec 20 ff ZY_^H......H.. . 0000000001bcf470/0020: d0 48 83 c4 20 85 c0 78-52 65 48 8b 0c 25 60 00 .H.. ..xReH..%`. 0000000001bcf480/0030: 00 00 ba 00 01 00 02 85-91 bc 00 00 00 75 3c 48 .............u 0000000001bcf540/00f0: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................ 4010.dc8: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [00007ff577ce0000/00007ff577ce0000 LB 0/0x1000] 4010.dc8: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/00007ff577ce0000 LB 0x10000 s=0x10000 ap=0x0 rp=0x00000000000001 4010.dc8: 00007ff577ce1000-00007ff577ceffff 0x0001/0x0000 0x0000000 4010.dc8: *00007ff577cf0000-00007ff577cf0fff 0x0002/0x0002 0x0040000 4010.dc8: 00007ff577cf1000-00007ff577cfffff 0x0001/0x0000 0x0000000 4010.dc8: *00007ff577d00000-00007ff577d22fff 0x0002/0x0002 0x0040000 4010.dc8: 00007ff577d23000-00007ff687a9ffff 0x0001/0x0000 0x0000000 4010.dc8: *00007ff687aa0000-00007ff687aa0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 4010.dc8: 00007ff687aa1000-00007ff687b17fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 4010.dc8: 00007ff687b18000-00007ff687b18fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 4010.dc8: 00007ff687b19000-00007ff687b61fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 4010.dc8: 00007ff687b62000-00007ff687b62fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 4010.dc8: 00007ff687b63000-00007ff687b63fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 4010.dc8: 00007ff687b64000-00007ff687b68fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 4010.dc8: 00007ff687b69000-00007ff687b69fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 4010.dc8: 00007ff687b6a000-00007ff687b6afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 4010.dc8: 00007ff687b6b000-00007ff687b6efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 4010.dc8: 00007ff687b6f000-00007ff687bb7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 4010.dc8: 00007ff687bb8000-00007ffa9fd3ffff 0x0001/0x0000 0x0000000 4010.dc8: *00007ffa9fd40000-00007ffa9fd40fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 4010.dc8: 00007ffa9fd41000-00007ffa9fe57fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 4010.dc8: 00007ffa9fe58000-00007ffa9fe9efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 4010.dc8: 00007ffa9fe9f000-00007ffa9feaafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 4010.dc8: 00007ffa9feab000-00007ffa9feb9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 4010.dc8: 00007ffa9feba000-00007ffa9febafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 4010.dc8: 00007ffa9febb000-00007ffa9febdfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 4010.dc8: 00007ffa9febe000-00007ffa9ff2ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 4010.dc8: 00007ffa9ff30000-00007ffffffeffff 0x0001/0x0000 0x0000000 4010.dc8: ntdll.dll: Differences in section #1 (.text) between file and memory: 4010.dc8: 00007ffa9fd61601 / 0x0021601: 89 != b8 4010.dc8: 00007ffa9fd61602 / 0x0021602: 5c != 50 4010.dc8: 00007ffa9fd61603 / 0x0021603: 24 != 04 4010.dc8: 00007ffa9fd61604 / 0x0021604: 10 != ce 4010.dc8: 00007ffa9fd61605 / 0x0021605: 56 != 77 4010.dc8: 00007ffa9fd61606 / 0x0021606: 57 != f5 4010.dc8: 00007ffa9fd61607 / 0x0021607: 41 != 7f 4010.dc8: 00007ffa9fd61608 / 0x0021608: 56 != 00 4010.dc8: 00007ffa9fd61609 / 0x0021609: 48 != 00 4010.dc8: 00007ffa9fd6160a / 0x002160a: 81 != ff 4010.dc8: 00007ffa9fd6160b / 0x002160b: ec != e0 4010.dc8: Restored 0x2000 bytes of original file content at 00007ffa9fd61000 4010.dc8: supR3HardNtChildPurify: cFixes=2 g_fSupAdversaries=0x80000000 4010.dc8: supR3HardNtChildPurify: Startup delay kludge #1/1: 514 ms, 58 sleeps 4010.dc8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 4010.dc8: *0000000000000000-00000000004dffff 0x0001/0x0000 0x0000000 4010.dc8: *00000000004e0000-00000000004fffff 0x0004/0x0004 0x0020000 4010.dc8: *0000000000500000-000000000051afff 0x0002/0x0002 0x0040000 4010.dc8: 000000000051b000-000000000051ffff 0x0001/0x0000 0x0000000 4010.dc8: *0000000000520000-0000000000523fff 0x0002/0x0002 0x0040000 4010.dc8: 0000000000524000-000000000052ffff 0x0001/0x0000 0x0000000 4010.dc8: *0000000000530000-0000000000531fff 0x0004/0x0004 0x0020000 4010.dc8: 0000000000532000-00000000005fffff 0x0001/0x0000 0x0000000 4010.dc8: *0000000000600000-00000000006abfff 0x0000/0x0004 0x0020000 4010.dc8: 00000000006ac000-00000000006aefff 0x0004/0x0004 0x0020000 4010.dc8: 00000000006af000-00000000007fffff 0x0000/0x0004 0x0020000 4010.dc8: *0000000000800000-00000000008fafff 0x0000/0x0004 0x0020000 4010.dc8: 00000000008fb000-00000000008fdfff 0x0104/0x0004 0x0020000 4010.dc8: 00000000008fe000-00000000008fffff 0x0004/0x0004 0x0020000 4010.dc8: 0000000000900000-000000007ffdffff 0x0001/0x0000 0x0000000 4010.dc8: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 4010.dc8: 000000007ffe1000-000000007ffe9fff 0x0001/0x0000 0x0000000 4010.dc8: *000000007ffea000-000000007ffeafff 0x0002/0x0002 0x0020000 4010.dc8: 000000007ffeb000-00007ff577ceffff 0x0001/0x0000 0x0000000 4010.dc8: *00007ff577cf0000-00007ff577cf0fff 0x0002/0x0002 0x0040000 4010.dc8: 00007ff577cf1000-00007ff577cfffff 0x0001/0x0000 0x0000000 4010.dc8: *00007ff577d00000-00007ff577d22fff 0x0002/0x0002 0x0040000 4010.dc8: 00007ff577d23000-00007ff687a9ffff 0x0001/0x0000 0x0000000 4010.dc8: *00007ff687aa0000-00007ff687aa0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 4010.dc8: 00007ff687aa1000-00007ff687b17fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 4010.dc8: 00007ff687b18000-00007ff687b18fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 4010.dc8: 00007ff687b19000-00007ff687b61fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 4010.dc8: 00007ff687b62000-00007ff687b6efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 4010.dc8: 00007ff687b6f000-00007ff687bb7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 4010.dc8: 00007ff687bb8000-00007ffa9fd3ffff 0x0001/0x0000 0x0000000 4010.dc8: *00007ffa9fd40000-00007ffa9fd40fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 4010.dc8: 00007ffa9fd41000-00007ffa9fe57fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 4010.dc8: 00007ffa9fe58000-00007ffa9fe9efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 4010.dc8: 00007ffa9fe9f000-00007ffa9fea2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 4010.dc8: 00007ffa9fea3000-00007ffa9feaafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 4010.dc8: 00007ffa9feab000-00007ffa9feb9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 4010.dc8: 00007ffa9feba000-00007ffa9febafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 4010.dc8: 00007ffa9febb000-00007ffa9febdfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 4010.dc8: 00007ffa9febe000-00007ffa9ff2ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 4010.dc8: 00007ffa9ff30000-00007ffffffeffff 0x0001/0x0000 0x0000000 4010.dc8: supR3HardNtChildPurify: Done after 777 ms and 2 fixes (loop #1). 2e6c.3ab8: Log file opened: 6.1.18r142142 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa047bb00 2e6c.3ab8: supR3HardenedVmProcessInit: uNtDllAddr=00007ffa9fd40000 g_uNtVerCombined=0xa047bb00 (stack ~00000000008ff5b8) 2e6c.3ab8: ntdll.dll: timestamp 0x45a49e53 (rc=VINF_SUCCESS) 2e6c.3ab8: New simple heap: #1 0000000000a00000 LB 0x400000 (for 2031616 allocation) 4010.dc8: supR3HardNtEnableThreadCreationEx: 2e6c.3ab8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' 2e6c.3ab8: System32: \Device\HarddiskVolume3\Windows\System32 2e6c.3ab8: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS 2e6c.3ab8: KnownDllPath: C:\WINDOWS\System32 2e6c.3ab8: supR3HardenedVmProcessInit: Opening vboxdrv stub... 2e6c.3ab8: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 2e6c.3ab8: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 2e6c.3ab8: Registered Dll notification callback with NTDLL. 2e6c.3ab8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll) 2e6c.3ab8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll 2e6c.3ab8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001: [calling] 2e6c.3ab8: supR3HardenedDllNotificationCallback: load 00007ffa9ce70000 LB 0x002a5000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0] 2e6c.3ab8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll) 2e6c.3ab8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll 2e6c.3ab8: supR3HardenedDllNotificationCallback: load 00007ffa9e480000 LB 0x000b2000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0] 2e6c.3ab8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 2e6c.3ab8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9e480000 'C:\WINDOWS\System32\KERNEL32.DLL' 2e6c.3ab8: supR3HardenedDllNotificationCallback: load 00007ff687aa0000 LB 0x00118000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0] 2e6c.3ab8: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202 2e6c.3ab8: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports 2e6c.3ab8: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe) 2e6c.3ab8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2e6c.3ab8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffa9fdb1df0 pvNtTerminateThread=00007ffa9fddd140 4010.dc8: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 82 ms. 2e6c.3ab8: \SystemRoot\System32\ntdll.dll: 2e6c.3ab8: CreationTime: 2021-01-26T08:52:18.292488700Z 2e6c.3ab8: LastWriteTime: 2021-01-26T08:52:18.384536500Z 2e6c.3ab8: ChangeTime: 2021-01-26T09:44:42.500475500Z 2e6c.3ab8: FileAttributes: 0x20 2e6c.3ab8: Size: 0x1e8060 2e6c.3ab8: NT Headers: 0xd8 2e6c.3ab8: Timestamp: 0x45a49e53 2e6c.3ab8: Machine: 0x8664 - amd64 2e6c.3ab8: Timestamp: 0x45a49e53 2e6c.3ab8: Image Version: 10.0 2e6c.3ab8: SizeOfImage: 0x1f0000 (2031616) 2e6c.3ab8: Resource Dir: 0x17f000 LB 0x6f310 2e6c.3ab8: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 2e6c.3ab8: [Raw version resource data: 0x17f0f0 LB 0x380, codepage 0x0 (reserved 0x0)] 2e6c.3ab8: ProductName: Microsoft® Windows® Operating System 2e6c.3ab8: ProductVersion: 10.0.18362.1316 2e6c.3ab8: FileVersion: 10.0.18362.1316 (WinBuild.160101.0800) 2e6c.3ab8: FileDescription: NT Layer DLL 2e6c.3ab8: \SystemRoot\System32\kernel32.dll: 2e6c.3ab8: CreationTime: 2021-01-26T08:50:39.183677200Z 2e6c.3ab8: LastWriteTime: 2021-01-26T08:50:39.228843100Z 2e6c.3ab8: ChangeTime: 2021-01-26T09:44:41.554974500Z 2e6c.3ab8: FileAttributes: 0x20 2e6c.3ab8: Size: 0xb0498 2e6c.3ab8: NT Headers: 0xf8 2e6c.3ab8: Timestamp: 0x39c32a9b 2e6c.3ab8: Machine: 0x8664 - amd64 2e6c.3ab8: Timestamp: 0x39c32a9b 2e6c.3ab8: Image Version: 10.0 2e6c.3ab8: SizeOfImage: 0xb2000 (729088) 2e6c.3ab8: Resource Dir: 0xb0000 LB 0x520 2e6c.3ab8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 2e6c.3ab8: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)] 2e6c.3ab8: ProductName: Microsoft® Windows® Operating System 2e6c.3ab8: ProductVersion: 10.0.18362.1316 2e6c.3ab8: FileVersion: 10.0.18362.1316 (WinBuild.160101.0800) 2e6c.3ab8: FileDescription: Windows NT BASE API Client DLL 2e6c.3ab8: \SystemRoot\System32\KernelBase.dll: 2e6c.3ab8: CreationTime: 2021-01-26T08:52:20.103079300Z 2e6c.3ab8: LastWriteTime: 2021-01-26T08:52:20.251514900Z 2e6c.3ab8: ChangeTime: 2021-01-26T09:44:30.680602600Z 2e6c.3ab8: FileAttributes: 0x20 2e6c.3ab8: Size: 0x2a5c90 2e6c.3ab8: NT Headers: 0x100 2e6c.3ab8: Timestamp: 0xf9127b9c 2e6c.3ab8: Machine: 0x8664 - amd64 2e6c.3ab8: Timestamp: 0xf9127b9c 2e6c.3ab8: Image Version: 10.0 2e6c.3ab8: SizeOfImage: 0x2a5000 (2772992) 2e6c.3ab8: Resource Dir: 0x27f000 LB 0x548 2e6c.3ab8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 2e6c.3ab8: [Raw version resource data: 0x27f0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)] 2e6c.3ab8: ProductName: Microsoft® Windows® Operating System 2e6c.3ab8: ProductVersion: 10.0.18362.1316 2e6c.3ab8: FileVersion: 10.0.18362.1316 (WinBuild.160101.0800) 2e6c.3ab8: FileDescription: Windows NT BASE API Client DLL 2e6c.3ab8: \SystemRoot\System32\apisetschema.dll: 2e6c.3ab8: CreationTime: 2019-03-19T04:43:54.837151500Z 2e6c.3ab8: LastWriteTime: 2019-03-19T04:43:54.837151500Z 2e6c.3ab8: ChangeTime: 2021-01-26T08:56:21.294159100Z 2e6c.3ab8: FileAttributes: 0x20 2e6c.3ab8: Size: 0x1d028 2e6c.3ab8: NT Headers: 0xc8 2e6c.3ab8: Timestamp: 0xd6ced080 2e6c.3ab8: Machine: 0x8664 - amd64 2e6c.3ab8: Timestamp: 0xd6ced080 2e6c.3ab8: Image Version: 10.0 2e6c.3ab8: SizeOfImage: 0x1e000 (122880) 2e6c.3ab8: Resource Dir: 0x1d000 LB 0x408 2e6c.3ab8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 2e6c.3ab8: [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)] 2e6c.3ab8: ProductName: Microsoft® Windows® Operating System 2e6c.3ab8: ProductVersion: 10.0.18362.1 2e6c.3ab8: FileVersion: 10.0.18362.1 (WinBuild.160101.0800) 2e6c.3ab8: FileDescription: ApiSet Schema DLL 2e6c.3ab8: NtOpenDirectoryObject failed on \Driver: 0xc0000022 2e6c.3ab8: supR3HardenedWinFindAdversaries: 0x0 2e6c.3ab8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' 2e6c.3ab8: Calling main() 2e6c.3ab8: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2 2e6c.3ab8: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' 2e6c.3ab8: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202 2e6c.3ab8: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports 2e6c.3ab8: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe) 2e6c.3ab8: SUPR3HardenedMain: Respawn #2 2e6c.3ab8: supR3HardNtEnableThreadCreationEx: 2e6c.3ab8: supR3HardenedDllNotificationCallback: load 00007ffa9e360000 LB 0x0011f000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0] 2e6c.3ab8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll) 2e6c.3ab8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll 2e6c.3ab8: supR3HardenedDllNotificationCallback: load 00007ffa9f140000 LB 0x00097000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0] 2e6c.3ab8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'. 2e6c.3ab8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\sechost.dll) 2e6c.3ab8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sechost.dll 2e6c.3ab8: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports 2e6c.3ab8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntdll.dll) 2e6c.3ab8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntdll.dll 2e6c.3ab8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 2e6c.3ab8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 2e6c.3ab8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 2e6c.3ab8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 2e6c.3ab8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9fd40000 'C:\WINDOWS\System32\ntdll.dll' 2e6c.3ab8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\apphelp.dll) 2e6c.3ab8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\apphelp.dll 2e6c.3ab8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000: [calling] 2e6c.3ab8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\apphelp.dll [lacks WinVerifyTrust] 2e6c.3ab8: supR3HardenedDllNotificationCallback: load 00007ffa95780000 LB 0x0008f000 C:\WINDOWS\system32\apphelp.dll [fFlags=0x0] 2e6c.3ab8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\apphelp.dll [lacks WinVerifyTrust] 2e6c.3ab8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntdll.dll [lacks WinVerifyTrust] 2e6c.3ab8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 2e6c.3ab8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9fd40000 'C:\WINDOWS\System32\ntdll.dll' 2e6c.3ab8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa95780000 'C:\WINDOWS\system32\apphelp.dll' 2e6c.3ab8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffa9fdb1df0 pvNtTerminateThread=00007ffa9fddd140 2e6c.3ab8: supR3HardenedWinDoReSpawn(2): New child dac.2854 [kernel32]. 2e6c.3ab8: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless) 2e6c.3ab8: supR3HardNtChildGatherData: PebBaseAddress=00000000008d7000 cbPeb=0x388 2e6c.3ab8: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffa9fd40000 uNtDllChildAddr=00007ffa9fd40000 2e6c.3ab8: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffa9fdb1df0 2e6c.3ab8: supR3HardenedWinSetupChildInit: Initial context: rax=0000000000000000 rbx=0000000000000000 rcx=00007ff687aa7900 rdx=00000000008d7000 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000 rip=00007ffa9fdad4b0 rsp=000000000078fe98 rbp=0000000000000000 ctxflags=0010001b cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000 2e6c.3ab8: kernel32.dll: timestamp 0x39c32a9b (rc=VINF_SUCCESS) 2e6c.3ab8: supR3HardenedWinSetupChildInit: Start child. 2e6c.3ab8: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. 2e6c.3ab8: supR3HardNtChildPurify: Startup delay kludge #1/0: 259 ms, 29 sleeps 2e6c.3ab8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 2e6c.3ab8: *0000000000000000-000000000064ffff 0x0001/0x0000 0x0000000 2e6c.3ab8: *0000000000650000-000000000066ffff 0x0004/0x0004 0x0020000 2e6c.3ab8: *0000000000670000-000000000068afff 0x0002/0x0002 0x0040000 2e6c.3ab8: 000000000068b000-000000000068ffff 0x0001/0x0000 0x0000000 2e6c.3ab8: *0000000000690000-000000000078afff 0x0000/0x0004 0x0020000 2e6c.3ab8: 000000000078b000-000000000078dfff 0x0104/0x0004 0x0020000 2e6c.3ab8: 000000000078e000-000000000078ffff 0x0004/0x0004 0x0020000 2e6c.3ab8: *0000000000790000-0000000000793fff 0x0002/0x0002 0x0040000 2e6c.3ab8: 0000000000794000-000000000079ffff 0x0001/0x0000 0x0000000 2e6c.3ab8: *00000000007a0000-00000000007a1fff 0x0004/0x0004 0x0020000 2e6c.3ab8: 00000000007a2000-00000000007fffff 0x0001/0x0000 0x0000000 2e6c.3ab8: *0000000000800000-00000000008d6fff 0x0000/0x0004 0x0020000 2e6c.3ab8: 00000000008d7000-00000000008d9fff 0x0004/0x0004 0x0020000 2e6c.3ab8: 00000000008da000-00000000009fffff 0x0000/0x0004 0x0020000 2e6c.3ab8: 0000000000a00000-000000007ffdffff 0x0001/0x0000 0x0000000 2e6c.3ab8: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 2e6c.3ab8: 000000007ffe1000-000000007ffe9fff 0x0001/0x0000 0x0000000 2e6c.3ab8: *000000007ffea000-000000007ffeafff 0x0002/0x0002 0x0020000 2e6c.3ab8: 000000007ffeb000-00007ff5ba56ffff 0x0001/0x0000 0x0000000 2e6c.3ab8: *00007ff5ba570000-00007ff5ba570fff 0x0020/0x0004 0x0020000 !! 2e6c.3ab8: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 00007ff5ba570000 (LB 0x1000, 00007ff5ba570000 LB 0x1000) 2e6c.3ab8: 0000000001058d60/0000: 16 00 20 00 00 00 00 00-10 00 57 ba f5 7f 00 00 .. .......W..... 0000000001058d70/0010: 61 00 74 00 63 00 75 00-66 00 36 00 34 00 2e 00 a.t.c.u.f.6.4... 0000000001058d80/0020: 64 00 6c 00 6c 00 00 00-00 00 00 00 00 00 00 00 d.l.l........... 0000000001058d90/0030: 43 00 3a 00 5c 00 50 00-72 00 6f 00 67 00 72 00 C.:.\.P.r.o.g.r. 0000000001058da0/0040: 61 00 6d 00 20 00 46 00-69 00 6c 00 65 00 73 00 a.m. .F.i.l.e.s. 0000000001058db0/0050: 5c 00 42 00 69 00 74 00-64 00 65 00 66 00 65 00 \.B.i.t.d.e.f.e. 0000000001058dc0/0060: 6e 00 64 00 65 00 72 00-5c 00 45 00 6e 00 64 00 n.d.e.r.\.E.n.d. 0000000001058dd0/0070: 70 00 6f 00 69 00 6e 00-74 00 20 00 53 00 65 00 p.o.i.n.t. .S.e. 0000000001058de0/0080: 63 00 75 00 72 00 69 00-74 00 79 00 5c 00 61 00 c.u.r.i.t.y.\.a. 0000000001058df0/0090: 74 00 63 00 75 00 66 00-5c 00 32 00 36 00 34 00 t.c.u.f.\.2.6.4. 0000000001058e00/00a0: 39 00 33 00 31 00 30 00-34 00 37 00 37 00 36 00 9.3.1.0.4.7.7.6. 0000000001058e10/00b0: 30 00 30 00 30 00 30 00-30 00 30 00 30 00 5c 00 0.0.0.0.0.0.0.\. 0000000001058e20/00c0: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................ **************** **** 0000000001058e50/00f0: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................ 2e6c.3ab8: 0000000001059160/0000: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................ **************** **** 0000000001059190/0030: 00 16 d6 9f fa 7f 00 00-e0 d0 dd 9f fa 7f 00 00 ................ 00000000010591a0/0040: 48 89 5c 24 10 56 57 41-56 48 81 ec d0 00 00 00 H.\$.VWAVH...... 00000000010591b0/0050: 48 83 ec 38 56 57 51 52-41 50 41 51 48 83 ec 40 H..8VWQRAPAQH..@ 00000000010591c0/0060: 48 b9 ff ff ff ff ff ff-ff ff 48 8b 15 bf ff ff H.........H..... 00000000010591d0/0070: ff 48 89 54 24 38 48 8d-54 24 38 48 c7 44 24 28 .H.T$8H.T$8H.D$( 00000000010591e0/0080: 10 00 00 00 4c 8d 44 24-28 49 c7 c1 04 00 00 00 ....L.D$(I...... 00000000010591f0/0090: 48 8d 7c 24 30 48 89 7c-24 20 48 8b 05 97 ff ff H.|$0H.|$ H..... 0000000001059200/00a0: ff ff d0 85 c0 0f 88 c4-00 00 00 48 8d 35 8e ff ...........H.5.. 0000000001059210/00b0: ff ff 48 8b 3d 77 ff ff-ff 48 c7 c1 10 00 00 00 ..H.=w...H...... 0000000001059220/00c0: fc f3 a4 48 b9 ff ff ff-ff ff ff ff ff 48 8b 15 ...H.........H.. 0000000001059230/00d0: 5c ff ff ff 48 89 54 24-38 48 8d 54 24 38 48 c7 \...H.T$8H.T$8H. 0000000001059240/00e0: 44 24 28 10 00 00 00 4c-8d 44 24 28 4c 8b 4c 24 D$(....L.D$(L.L$ 0000000001059250/00f0: 30 48 8d 7c 24 30 48 89-7c 24 20 48 8b 05 36 ff 0H.|$0H.|$ H..6. 2e6c.3ab8: 0000000001059260/0000: ff ff ff d0 85 c0 78 67-48 83 c4 40 41 59 41 58 ......xgH..@AYAX 0000000001059270/0010: 5a 59 5f 5e 48 8b 05 15-ff ff ff 48 83 ec 20 ff ZY_^H......H.. . 0000000001059280/0020: d0 48 83 c4 20 85 c0 78-52 65 48 8b 0c 25 60 00 .H.. ..xReH..%`. 0000000001059290/0030: 00 00 ba 00 01 00 02 85-91 bc 00 00 00 75 3c 48 .............u 0000000001059350/00f0: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................ 2e6c.3ab8: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [00007ff5ba570000/00007ff5ba570000 LB 0/0x1000] 2e6c.3ab8: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/00007ff5ba570000 LB 0x10000 s=0x10000 ap=0x0 rp=0x00000000000001 2e6c.3ab8: 00007ff5ba571000-00007ff5ba57ffff 0x0001/0x0000 0x0000000 2e6c.3ab8: *00007ff5ba580000-00007ff5ba580fff 0x0002/0x0002 0x0040000 2e6c.3ab8: 00007ff5ba581000-00007ff5ba58ffff 0x0001/0x0000 0x0000000 2e6c.3ab8: *00007ff5ba590000-00007ff5ba5b2fff 0x0002/0x0002 0x0040000 2e6c.3ab8: 00007ff5ba5b3000-00007ff687a9ffff 0x0001/0x0000 0x0000000 2e6c.3ab8: *00007ff687aa0000-00007ff687aa0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2e6c.3ab8: 00007ff687aa1000-00007ff687b17fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2e6c.3ab8: 00007ff687b18000-00007ff687b18fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2e6c.3ab8: 00007ff687b19000-00007ff687b61fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2e6c.3ab8: 00007ff687b62000-00007ff687b62fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2e6c.3ab8: 00007ff687b63000-00007ff687b63fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2e6c.3ab8: 00007ff687b64000-00007ff687b68fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2e6c.3ab8: 00007ff687b69000-00007ff687b69fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2e6c.3ab8: 00007ff687b6a000-00007ff687b6afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2e6c.3ab8: 00007ff687b6b000-00007ff687b6efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2e6c.3ab8: 00007ff687b6f000-00007ff687bb7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2e6c.3ab8: 00007ff687bb8000-00007ffa9fd3ffff 0x0001/0x0000 0x0000000 2e6c.3ab8: *00007ffa9fd40000-00007ffa9fd40fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 2e6c.3ab8: 00007ffa9fd41000-00007ffa9fe57fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 2e6c.3ab8: 00007ffa9fe58000-00007ffa9fe9efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 2e6c.3ab8: 00007ffa9fe9f000-00007ffa9feaafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 2e6c.3ab8: 00007ffa9feab000-00007ffa9feb9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 2e6c.3ab8: 00007ffa9feba000-00007ffa9febafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 2e6c.3ab8: 00007ffa9febb000-00007ffa9febdfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 2e6c.3ab8: 00007ffa9febe000-00007ffa9ff2ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 2e6c.3ab8: 00007ffa9ff30000-00007ffffffeffff 0x0001/0x0000 0x0000000 2e6c.3ab8: VirtualBoxVM.exe: timestamp 0x5ff72a09 (rc=VINF_SUCCESS) 2e6c.3ab8: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202 2e6c.3ab8: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports 2e6c.3ab8: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports 2e6c.3ab8: ntdll.dll: Differences in section #1 (.text) between file and memory: 2e6c.3ab8: 00007ffa9fd61601 / 0x0021601: 89 != b8 2e6c.3ab8: 00007ffa9fd61602 / 0x0021602: 5c != 50 2e6c.3ab8: 00007ffa9fd61603 / 0x0021603: 24 != 04 2e6c.3ab8: 00007ffa9fd61604 / 0x0021604: 10 != 57 2e6c.3ab8: 00007ffa9fd61605 / 0x0021605: 56 != ba 2e6c.3ab8: 00007ffa9fd61606 / 0x0021606: 57 != f5 2e6c.3ab8: 00007ffa9fd61607 / 0x0021607: 41 != 7f 2e6c.3ab8: 00007ffa9fd61608 / 0x0021608: 56 != 00 2e6c.3ab8: 00007ffa9fd61609 / 0x0021609: 48 != 00 2e6c.3ab8: 00007ffa9fd6160a / 0x002160a: 81 != ff 2e6c.3ab8: 00007ffa9fd6160b / 0x002160b: ec != e0 2e6c.3ab8: Restored 0x2000 bytes of original file content at 00007ffa9fd61000 2e6c.3ab8: supR3HardNtChildPurify: cFixes=2 g_fSupAdversaries=0x80000000 2e6c.3ab8: supR3HardNtChildPurify: Startup delay kludge #1/1: 516 ms, 58 sleeps 2e6c.3ab8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 2e6c.3ab8: *0000000000000000-000000000064ffff 0x0001/0x0000 0x0000000 2e6c.3ab8: *0000000000650000-000000000066ffff 0x0004/0x0004 0x0020000 2e6c.3ab8: *0000000000670000-000000000068afff 0x0002/0x0002 0x0040000 2e6c.3ab8: 000000000068b000-000000000068ffff 0x0001/0x0000 0x0000000 2e6c.3ab8: *0000000000690000-000000000078afff 0x0000/0x0004 0x0020000 2e6c.3ab8: 000000000078b000-000000000078dfff 0x0104/0x0004 0x0020000 2e6c.3ab8: 000000000078e000-000000000078ffff 0x0004/0x0004 0x0020000 2e6c.3ab8: *0000000000790000-0000000000793fff 0x0002/0x0002 0x0040000 2e6c.3ab8: 0000000000794000-000000000079ffff 0x0001/0x0000 0x0000000 2e6c.3ab8: *00000000007a0000-00000000007a1fff 0x0004/0x0004 0x0020000 2e6c.3ab8: 00000000007a2000-00000000007fffff 0x0001/0x0000 0x0000000 2e6c.3ab8: *0000000000800000-00000000008d6fff 0x0000/0x0004 0x0020000 2e6c.3ab8: 00000000008d7000-00000000008d9fff 0x0004/0x0004 0x0020000 2e6c.3ab8: 00000000008da000-00000000009fffff 0x0000/0x0004 0x0020000 2e6c.3ab8: 0000000000a00000-000000007ffdffff 0x0001/0x0000 0x0000000 2e6c.3ab8: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 2e6c.3ab8: 000000007ffe1000-000000007ffe9fff 0x0001/0x0000 0x0000000 2e6c.3ab8: *000000007ffea000-000000007ffeafff 0x0002/0x0002 0x0020000 2e6c.3ab8: 000000007ffeb000-00007ff5ba57ffff 0x0001/0x0000 0x0000000 2e6c.3ab8: *00007ff5ba580000-00007ff5ba580fff 0x0002/0x0002 0x0040000 2e6c.3ab8: 00007ff5ba581000-00007ff5ba58ffff 0x0001/0x0000 0x0000000 2e6c.3ab8: *00007ff5ba590000-00007ff5ba5b2fff 0x0002/0x0002 0x0040000 2e6c.3ab8: 00007ff5ba5b3000-00007ff687a9ffff 0x0001/0x0000 0x0000000 2e6c.3ab8: *00007ff687aa0000-00007ff687aa0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2e6c.3ab8: 00007ff687aa1000-00007ff687b17fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2e6c.3ab8: 00007ff687b18000-00007ff687b18fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2e6c.3ab8: 00007ff687b19000-00007ff687b61fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2e6c.3ab8: 00007ff687b62000-00007ff687b6efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2e6c.3ab8: 00007ff687b6f000-00007ff687bb7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 2e6c.3ab8: 00007ff687bb8000-00007ffa9fd3ffff 0x0001/0x0000 0x0000000 2e6c.3ab8: *00007ffa9fd40000-00007ffa9fd40fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 2e6c.3ab8: 00007ffa9fd41000-00007ffa9fe57fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 2e6c.3ab8: 00007ffa9fe58000-00007ffa9fe9efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 2e6c.3ab8: 00007ffa9fe9f000-00007ffa9fea2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 2e6c.3ab8: 00007ffa9fea3000-00007ffa9feaafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 2e6c.3ab8: 00007ffa9feab000-00007ffa9feb9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 2e6c.3ab8: 00007ffa9feba000-00007ffa9febafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 2e6c.3ab8: 00007ffa9febb000-00007ffa9febdfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 2e6c.3ab8: 00007ffa9febe000-00007ffa9ff2ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 2e6c.3ab8: 00007ffa9ff30000-00007ffffffeffff 0x0001/0x0000 0x0000000 2e6c.3ab8: supR3HardNtChildPurify: Done after 809 ms and 2 fixes (loop #1). dac.2854: Log file opened: 6.1.18r142142 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa047bb00 dac.2854: supR3HardenedVmProcessInit: uNtDllAddr=00007ffa9fd40000 g_uNtVerCombined=0xa047bb00 (stack ~000000000078f928) dac.2854: ntdll.dll: timestamp 0x45a49e53 (rc=VINF_SUCCESS) dac.2854: New simple heap: #1 0000000000b00000 LB 0x400000 (for 2031616 allocation) 2e6c.3ab8: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000a00000 LB 0x400000) 2e6c.3ab8: supR3HardNtEnableThreadCreationEx: dac.2854: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' dac.2854: System32: \Device\HarddiskVolume3\Windows\System32 dac.2854: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS dac.2854: KnownDllPath: C:\WINDOWS\System32 dac.2854: supR3HardenedVmProcessInit: Opening vboxdrv... dac.2854: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... dac.2854: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... dac.2854: Registered Dll notification callback with NTDLL. dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll) dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001: [calling] dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9ce70000 LB 0x002a5000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0] dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll) dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9e480000 LB 0x000b2000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0] dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9e480000 'C:\WINDOWS\System32\KERNEL32.DLL' dac.2854: supR3HardenedDllNotificationCallback: load 00007ff687aa0000 LB 0x00118000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0] dac.2854: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202 dac.2854: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports dac.2854: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe) dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe dac.2854: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffa9fdb1df0 pvNtTerminateThread=00007ffa9fddd140 2e6c.3ab8: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 90 ms. dac.2854: \SystemRoot\System32\ntdll.dll: dac.2854: CreationTime: 2021-01-26T08:52:18.292488700Z dac.2854: LastWriteTime: 2021-01-26T08:52:18.384536500Z dac.2854: ChangeTime: 2021-01-26T09:44:42.500475500Z dac.2854: FileAttributes: 0x20 dac.2854: Size: 0x1e8060 dac.2854: NT Headers: 0xd8 dac.2854: Timestamp: 0x45a49e53 dac.2854: Machine: 0x8664 - amd64 dac.2854: Timestamp: 0x45a49e53 dac.2854: Image Version: 10.0 dac.2854: SizeOfImage: 0x1f0000 (2031616) dac.2854: Resource Dir: 0x17f000 LB 0x6f310 dac.2854: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] dac.2854: [Raw version resource data: 0x17f0f0 LB 0x380, codepage 0x0 (reserved 0x0)] dac.2854: ProductName: Microsoft® Windows® Operating System dac.2854: ProductVersion: 10.0.18362.1316 dac.2854: FileVersion: 10.0.18362.1316 (WinBuild.160101.0800) dac.2854: FileDescription: NT Layer DLL dac.2854: \SystemRoot\System32\kernel32.dll: dac.2854: CreationTime: 2021-01-26T08:50:39.183677200Z dac.2854: LastWriteTime: 2021-01-26T08:50:39.228843100Z dac.2854: ChangeTime: 2021-01-26T09:44:41.554974500Z dac.2854: FileAttributes: 0x20 dac.2854: Size: 0xb0498 dac.2854: NT Headers: 0xf8 dac.2854: Timestamp: 0x39c32a9b dac.2854: Machine: 0x8664 - amd64 dac.2854: Timestamp: 0x39c32a9b dac.2854: Image Version: 10.0 dac.2854: SizeOfImage: 0xb2000 (729088) dac.2854: Resource Dir: 0xb0000 LB 0x520 dac.2854: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] dac.2854: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)] dac.2854: ProductName: Microsoft® Windows® Operating System dac.2854: ProductVersion: 10.0.18362.1316 dac.2854: FileVersion: 10.0.18362.1316 (WinBuild.160101.0800) dac.2854: FileDescription: Windows NT BASE API Client DLL dac.2854: \SystemRoot\System32\KernelBase.dll: dac.2854: CreationTime: 2021-01-26T08:52:20.103079300Z dac.2854: LastWriteTime: 2021-01-26T08:52:20.251514900Z dac.2854: ChangeTime: 2021-01-26T09:44:30.680602600Z dac.2854: FileAttributes: 0x20 dac.2854: Size: 0x2a5c90 dac.2854: NT Headers: 0x100 dac.2854: Timestamp: 0xf9127b9c dac.2854: Machine: 0x8664 - amd64 dac.2854: Timestamp: 0xf9127b9c dac.2854: Image Version: 10.0 dac.2854: SizeOfImage: 0x2a5000 (2772992) dac.2854: Resource Dir: 0x27f000 LB 0x548 dac.2854: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] dac.2854: [Raw version resource data: 0x27f0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)] dac.2854: ProductName: Microsoft® Windows® Operating System dac.2854: ProductVersion: 10.0.18362.1316 dac.2854: FileVersion: 10.0.18362.1316 (WinBuild.160101.0800) dac.2854: FileDescription: Windows NT BASE API Client DLL dac.2854: \SystemRoot\System32\apisetschema.dll: dac.2854: CreationTime: 2019-03-19T04:43:54.837151500Z dac.2854: LastWriteTime: 2019-03-19T04:43:54.837151500Z dac.2854: ChangeTime: 2021-01-26T08:56:21.294159100Z dac.2854: FileAttributes: 0x20 dac.2854: Size: 0x1d028 dac.2854: NT Headers: 0xc8 dac.2854: Timestamp: 0xd6ced080 dac.2854: Machine: 0x8664 - amd64 dac.2854: Timestamp: 0xd6ced080 dac.2854: Image Version: 10.0 dac.2854: SizeOfImage: 0x1e000 (122880) dac.2854: Resource Dir: 0x1d000 LB 0x408 dac.2854: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] dac.2854: [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)] dac.2854: ProductName: Microsoft® Windows® Operating System dac.2854: ProductVersion: 10.0.18362.1 dac.2854: FileVersion: 10.0.18362.1 (WinBuild.160101.0800) dac.2854: FileDescription: ApiSet Schema DLL dac.2854: NtOpenDirectoryObject failed on \Driver: 0xc0000022 dac.2854: supR3HardenedWinFindAdversaries: 0x0 dac.2854: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' dac.2854: Calling main() dac.2854: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2 dac.2854: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' dac.2854: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202 dac.2854: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports dac.2854: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe) dac.2854: SUPR3HardenedMain: Final process, opening VBoxDrv... dac.2854: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000b00000 LB 0x400000) dac.2854: supR3HardNtEnableThreadCreationEx: dac.2854: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll: Signature #1/2: info status: 24202 dac.2854: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll) dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] dac.2854: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa930b0000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0] dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa930b0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa930b0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa930b0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'rpcrt4.dll'. dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wintrust.dll) dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wintrust.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll) dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'msasn1.dll'. dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\crypt32.dll) dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\crypt32.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008] dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msasn1.dll) dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msasn1.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcrt.dll) dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcrt.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9eca0000 LB 0x0009e000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0] dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9cc00000 LB 0x00012000 C:\WINDOWS\System32\MSASN1.dll [fFlags=0x0] dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9cd70000 LB 0x000fa000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0] dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ucrtbase.dll) dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ucrtbase.dll dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9da50000 LB 0x0014a000 C:\WINDOWS\System32\CRYPT32.dll [fFlags=0x0] dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9e360000 LB 0x0011f000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0] dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9ccc0000 LB 0x0005c000 C:\WINDOWS\System32\Wintrust.dll [fFlags=0x0] dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1 dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9ce70000 'api-ms-win-core-synch-l1-2-0' dac.2854: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1 dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9ce70000 'api-ms-win-core-fibers-l1-1-1' dac.2854: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1 dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9ce70000 'api-ms-win-core-fibers-l1-1-1' dac.2854: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1 dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9ce70000 'api-ms-win-core-synch-l1-2-0' dac.2854: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1 dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9ce70000 'api-ms-win-core-localization-l1-2-1' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9ccc0000 'C:\WINDOWS\system32\Wintrust.dll' dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcrypt.dll) dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcrypt.dll dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9d2a0000 LB 0x00026000 C:\WINDOWS\System32\bcrypt.dll [fFlags=0x0] dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9d2a0000 'C:\WINDOWS\system32\bcrypt.dll' dac.2854: bcrypt.dll loaded at 00007ffa9d2a0000, BCryptOpenAlgorithmProvider at 00007ffa9d2a4c70, preloading providers: dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll) dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9d170000 LB 0x00081000 C:\WINDOWS\System32\bcryptprimitives.dll [fFlags=0x0] dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9d170000 'C:\WINDOWS\system32\bcryptprimitives.dll' dac.2854: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=000000000106a090) dac.2854: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=000000000106f3d0) dac.2854: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=000000000106f6d0) dac.2854: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=000000000106f9d0) dac.2854: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=000000000106fcd0) dac.2854: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=000000000106ffd0) dac.2854: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=00000000010702d0) dac.2854: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=00000000010705d0) dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9cd50000 LB 0x00017000 C:\WINDOWS\System32\CRYPTSP.dll [fFlags=0x0] dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptsp.dll) dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptsp.dll dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'bcrypt.dll'. dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rsaenh.dll) dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rsaenh.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] dac.2854: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9bfb0000 LB 0x00033000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0] dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'. dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptbase.dll) dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptbase.dll dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9c600000 LB 0x0000c000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0] dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptbase.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9e480000 'C:\WINDOWS\System32\kernel32.dll' dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9ccc0000 'C:\WINDOWS\System32\WINTRUST.DLL' dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\CRYPT32.dll' dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9f410000 LB 0x0001d000 C:\WINDOWS\System32\imagehlp.dll [fFlags=0x0] dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'rpcrt4.dll'. dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\imagehlp.dll) dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imagehlp.dll dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9f140000 LB 0x00097000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0] dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'. dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\sechost.dll) dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sechost.dll dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'. dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gpapi.dll) dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gpapi.dll dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9b7e0000 LB 0x00022000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0] dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gpapi.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9cc70000 LB 0x00023000 C:\WINDOWS\System32\profapi.dll [fFlags=0x0] dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\profapi.dll) dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\profapi.dll dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'. dac.2854: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\cryptnet.dll) dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptnet.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] dac.2854: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa87e50000 LB 0x0002f000 C:\WINDOWS\System32\cryptnet.dll [fFlags=0x0] dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa87e50000 'C:\WINDOWS\System32\cryptnet.dll' dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa87e50000 'C:\WINDOWS\System32\cryptnet.dll' dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa87e50000 'C:\WINDOWS\System32\cryptnet.dll' dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa87e50000 'C:\WINDOWS\System32\cryptnet.dll' dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa87e50000 'C:\WINDOWS\System32\cryptnet.dll' dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa87e50000 'C:\WINDOWS\System32\cryptnet.dll' dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa87e50000 'C:\WINDOWS\System32\cryptnet.dll' dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa87e50000 'C:\WINDOWS\System32\cryptnet.dll' dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa87e50000 'C:\WINDOWS\System32\cryptnet.dll' dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa87e50000 'C:\WINDOWS\System32\cryptnet.dll' dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa87e50000 'C:\WINDOWS\System32\cryptnet.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa87e50000 'C:\WINDOWS\System32\cryptnet.dll' dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa87e50000 'C:\Windows\System32\cryptnet.dll' dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9f090000 LB 0x000a3000 C:\WINDOWS\System32\advapi32.dll [fFlags=0x0] dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'. dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\advapi32.dll) dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\advapi32.dll dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume3\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\sechost.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000010ecc10 dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010ecc10 dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6E85BD85EF0093C05EBC0419D731FD2EA8FA7761 dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9e360000 'C:\WINDOWS\System32\rpcrt4.dll' dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.18362.1316.cat'; file='\SystemRoot\System32\ntdll.dll' dac.2854: g_pfnWinVerifyTrust=00007ffa9ccc1d30 dac.2854: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [redoing WinVerifyTrust] dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.2854: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' dac.2854: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [redoing WinVerifyTrust] dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.2854: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\wintrust.dll' dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000390 pwszName=\Device\HarddiskVolume3\Windows\System32\cryptnet.dll dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010ecc10 dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010ecc10 dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=09032EBC3D9D9BDDC0EE4A6463C043296B79FF20 dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.18362.1316.cat'; file='\Device\HarddiskVolume3\Windows\System32\cryptnet.dll' dac.2854: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptnet.dll' dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\profapi.dll' dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gpapi.dll' dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\sechost.dll' dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imagehlp.dll' dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptbase.dll' dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rsaenh.dll' dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptsp.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ucrtbase.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\KernelBase.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\kernel32.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\system32\crypt32.dll' dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011 dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010 dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0xf3bb4d7e894b420 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC TS Root Certificate Authority 2018 dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp. dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0xc01b396d66edd519 CN=Bitdefender Personal CA.Endpoint0000, OU=IDS, O=Bitdefender, C=US dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc. dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018 dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0xca58a05dd401ae00 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Time Stamp Root Certificate Authority 2014 dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2 dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3 dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0xeae16ef49d40be00 C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2 dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2 dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0xb352b1523915d000 C=JP, O=SECOM Trust Systems CO.,LTD., OU=Security Communication RootCA2 dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03 dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5 dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2 dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0xa321f027ebbec200 O=TeliaSonera, CN=TeliaSonera Root CA v1 dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0xb16dd37ffeb3b300 C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1 dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA dac.2854: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root dac.2854: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=45 dac.2854: SUPR3HardenedMain: Load Runtime... dac.2854: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll: Signature #1/2: info status: 24202 dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'. dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'. dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ws2_32.dll) WinVerifyTrust dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ws2_32.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] dac.2854: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll: Signature #1/2: info status: 24202 dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] dac.2854: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll: Signature #1/2: info status: 24202 dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] dac.2854: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll: Signature #1/2: info status: 24202 dac.2854: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. dac.2854: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll) dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01: [calling] dac.2854: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll dac.2854: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust] dac.2854: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll dac.2854: supR3HardenedDllNotificationCallback: load 0000000076a40000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0] dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust] dac.2854: supR3HardenedDllNotificationCallback: load 0000000075ec0000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0] dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9eb80000 LB 0x0006f000 C:\WINDOWS\System32\WS2_32.dll [fFlags=0x0] dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa2fd60000 LB 0x005e1000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0] dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa2fd60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa2fd60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa2fd60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa2fd60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa2fd60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa2fd60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa2fd60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa2fd60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa2fd60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa2fd60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa2fd60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa2fd60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa2fd60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa2fd60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa2fd60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa2fd60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa2fd60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa2fd60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa2fd60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa2fd60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa2fd60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa2fd60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa2fd60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa2fd60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa2fd60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa2fd60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa2fd60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa2fd60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa2fd60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa2fd60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa2fd60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa2fd60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa2fd60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9ccc0000 'C:\WINDOWS\system32\Wintrust.dll' dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\system32\crypt32.dll' dac.2854: SUPR3HardenedMain: Load TrustedMain... dac.2854: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll: Signature #1/2: info status: 24202 dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'uicommon.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcp100.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcr100.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5corevbox.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5guivbox.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5widgetsvbox.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'ole32.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'oleaut32.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'winmm.dll'. dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll) WinVerifyTrust dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'. dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winmm.dll) WinVerifyTrust dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winmm.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008] dac.2854: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winmmbase.dll) dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winmmbase.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'. dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\oleaut32.dll) WinVerifyTrust dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\oleaut32.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] dac.2854: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #47 'bcryptprimitives.dll'. dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\combase.dll) dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\combase.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] dac.2854: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'. dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll) dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #56 'gdi32.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #57 'user32.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #58 'combase.dll'. dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ole32.dll) WinVerifyTrust dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ole32.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] dac.2854: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'. dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\user32.dll) dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\user32.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] dac.2854: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'win32u.dll'. dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32.dll) dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] dac.2854: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'. dac.2854: '\Device\HarddiskVolume3\Windows\System32\win32u.dll' has no imports dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\win32u.dll) dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\win32u.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'. dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\user32.dll) WinVerifyTrust dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008] dac.2854: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll: Signature #1/2: info status: 24202 dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'. dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008] dac.2854: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll: Signature #1/2: info status: 24202 dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] dac.2854: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll: Signature #1/2: info status: 24202 dac.2854: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'. dac.2854: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll) dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] dac.2854: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll: Signature #1/2: info status: 24202 dac.2854: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'. dac.2854: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll) dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008] dac.2854: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll: Signature #1/2: info status: 24202 dac.2854: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'. dac.2854: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] dac.2854: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #77 'user32.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #79 'gdi32.dll'. dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shell32.dll) dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shell32.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008] dac.2854: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\opengl32.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'glu32.dll'. dac.2854: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\opengl32.dll) dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\opengl32.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008] dac.2854: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'. dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\mpr.dll) dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\mpr.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008] dac.2854: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'opengl32.dll'. dac.2854: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\glu32.dll) dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\glu32.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'. dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust] dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll' dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll' dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uicommon.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'uicommon.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\uicommon.dll' [rcNtRedir=0xc0150008] dac.2854: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\UICommon.dll: Signature #1/2: info status: 24202 dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcr100.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5widgetsvbox.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'. dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\UICommon.dll) WinVerifyTrust dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\UICommon.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll [redoing WinVerifyTrust] dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004c8 pwszName=\Device\HarddiskVolume3\Windows\System32\opengl32.dll dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010ecc10 dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010ecc10 dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0837440FAE05EB650168FFA2D15E73182F6A3A26 dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0212~31bf3856ad364e35~amd64~~10.0.18362.1316.cat'; file='\Device\HarddiskVolume3\Windows\System32\opengl32.dll' dac.2854: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) dac.2854: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01: [calling] dac.2854: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll dac.2854: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll dac.2854: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\UICommon.dll dac.2854: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll dac.2854: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll dac.2854: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [avoiding WinVerifyTrust] dac.2854: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll dac.2854: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll dac.2854: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\glu32.dll [avoiding WinVerifyTrust] dac.2854: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mpr.dll [avoiding WinVerifyTrust] dac.2854: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust] dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'win32u.dll'. dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\DXCore.dll) dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\DXCore.dll dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9cd20000 LB 0x00021000 C:\WINDOWS\System32\win32u.dll [fFlags=0x0] dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [avoiding WinVerifyTrust] dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9d200000 LB 0x0009e000 C:\WINDOWS\System32\msvcp_win.dll [fFlags=0x0] dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [avoiding WinVerifyTrust] dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9dba0000 LB 0x00198000 C:\WINDOWS\System32\gdi32full.dll [fFlags=0x0] dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'user32.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'win32u.dll'. dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32full.dll) dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32full.dll dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9e330000 LB 0x00026000 C:\WINDOWS\System32\GDI32.dll [fFlags=0x0] dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [avoiding WinVerifyTrust] dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9ed40000 LB 0x00194000 C:\WINDOWS\System32\USER32.dll [fFlags=0x0] dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [avoiding WinVerifyTrust] dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9e7e0000 LB 0x00337000 C:\WINDOWS\System32\combase.dll [fFlags=0x0] dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [avoiding WinVerifyTrust] dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9d120000 LB 0x0004a000 C:\WINDOWS\System32\cfgmgr32.dll [fFlags=0x0] dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll) dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9b830000 LB 0x00020000 C:\WINDOWS\SYSTEM32\dxcore.dll [fFlags=0x0] dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DXCore.dll [avoiding WinVerifyTrust] dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa6b3c0000 LB 0x0002c000 C:\WINDOWS\SYSTEM32\GLU32.dll [fFlags=0x0] dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\glu32.dll [avoiding WinVerifyTrust] dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa6b170000 LB 0x00156000 C:\WINDOWS\SYSTEM32\OPENGL32.dll [fFlags=0x0] dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9efe0000 LB 0x000a7000 C:\WINDOWS\System32\shcore.dll [fFlags=0x0] dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'rpcrt4.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'combase.dll'. dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\SHCore.dll) dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\SHCore.dll dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9cbf0000 LB 0x00010000 C:\WINDOWS\System32\UMPDC.dll [fFlags=0x0] dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\umpdc.dll) dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\umpdc.dll dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9cc20000 LB 0x0004a000 C:\WINDOWS\System32\powrprof.dll [fFlags=0x0] dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'umpdc.dll'. dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\powrprof.dll) dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\powrprof.dll dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9ef70000 LB 0x00052000 C:\WINDOWS\System32\shlwapi.dll [fFlags=0x0] dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'gdi32.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'user32.dll'. dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shlwapi.dll) dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shlwapi.dll dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9cca0000 LB 0x00011000 C:\WINDOWS\System32\kernel.appcore.dll [fFlags=0x0] dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'. dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll) dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9d2d0000 LB 0x0077b000 C:\WINDOWS\System32\windows.storage.dll [fFlags=0x0] dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'combase.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'msvcp_win.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'rpcrt4.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #56 'profapi.dll'. dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\windows.storage.dll) dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\windows.storage.dll dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9f4b0000 LB 0x006e8000 C:\WINDOWS\System32\SHELL32.dll [fFlags=0x0] dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [avoiding WinVerifyTrust] dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9fba0000 LB 0x00157000 C:\WINDOWS\System32\ole32.dll [fFlags=0x0] dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa8b2a0000 LB 0x0001b000 C:\WINDOWS\SYSTEM32\MPR.dll [fFlags=0x0] dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mpr.dll [avoiding WinVerifyTrust] dac.2854: supR3HardenedDllNotificationCallback: load 00000000764d0000 LB 0x00565000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0] dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa2e680000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0] dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll dac.2854: supR3HardenedDllNotificationCallback: load 0000000075f60000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0] dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [avoiding WinVerifyTrust] dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9ddf0000 LB 0x000c5000 C:\WINDOWS\System32\OLEAUT32.dll [fFlags=0x0] dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa30350000 LB 0x02317000 C:\Program Files\Oracle\VirtualBox\UICommon.dll [fFlags=0x0] dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\UICommon.dll dac.2854: supR3HardenedDllNotificationCallback: load 0000000075e60000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0] dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa93ac0000 LB 0x0002d000 C:\WINDOWS\SYSTEM32\WINMMBASE.dll [fFlags=0x0] dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust] dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa93b00000 LB 0x00024000 C:\WINDOWS\SYSTEM32\WINMM.dll [fFlags=0x0] dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa355c0000 LB 0x001c8000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll [fFlags=0x0] dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\umpdc.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\DXCore.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\DXCore.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled] dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\profapi.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'. dac.2854: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [redoing WinVerifyTrust] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'. dac.2854: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\combase.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [redoing WinVerifyTrust] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'. dac.2854: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\user32.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [redoing WinVerifyTrust] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'. dac.2854: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\gdi32.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'umpdc.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'umpdc.dll' -> '\Device\HarddiskVolume3\Windows\System32\umpdc.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\umpdc.dll [redoing WinVerifyTrust] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'. dac.2854: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\umpdc.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [redoing WinVerifyTrust] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'. dac.2854: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\combase.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [redoing WinVerifyTrust] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'. dac.2854: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\win32u.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [redoing WinVerifyTrust] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'. dac.2854: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\user32.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [redoing WinVerifyTrust] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'. dac.2854: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\gdi32.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'. dac.2854: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [redoing WinVerifyTrust] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'. dac.2854: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\win32u.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'. dac.2854: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9e480000 'C:\WINDOWS\System32\kernel32.dll' dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\umpdc.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\DXCore.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\DXCore.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\umpdc.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\DXCore.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\DXCore.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled] dac.2854: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1 dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9ce70000 'api-ms-win-core-string-l1-1-0' dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\umpdc.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\DXCore.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\DXCore.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\umpdc.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\DXCore.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\DXCore.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled] dac.2854: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1 dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9ce70000 'api-ms-win-core-datetime-l1-1-1' dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\umpdc.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\DXCore.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\DXCore.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\umpdc.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\DXCore.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\DXCore.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled] dac.2854: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1 dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9ce70000 'api-ms-win-core-localization-obsolete-l1-2-0' dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\umpdc.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\DXCore.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\DXCore.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\umpdc.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\DXCore.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\DXCore.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'win32u.dll'. dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\imm32.dll) dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imm32.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [redoing WinVerifyTrust] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'. dac.2854: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\win32u.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [redoing WinVerifyTrust] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'. dac.2854: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\user32.dll dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9e610000 LB 0x0002e000 C:\WINDOWS\System32\IMM32.DLL [fFlags=0x0] dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [avoiding WinVerifyTrust] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9e610000 'C:\WINDOWS\system32\IMM32.DLL' dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\umpdc.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\DXCore.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\DXCore.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\umpdc.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\DXCore.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\DXCore.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled] dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9f090000 'C:\WINDOWS\System32\ADVAPI32.DLL' dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\umpdc.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\DXCore.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\DXCore.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled] dac.2854: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'. dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa355c0000 'C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\umpdc.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\DXCore.dll' dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004d0 pwszName=\Device\HarddiskVolume3\Windows\System32\glu32.dll dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010ecc10 dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010ecc10 dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F356C86D0A2DBA0570D09B39D4AF818DFCB17010 dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0212~31bf3856ad364e35~amd64~~10.0.18362.1316.cat'; file='\Device\HarddiskVolume3\Windows\System32\glu32.dll' dac.2854: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' dac.2854: SUPR3HardenedMain: Calling TrustedMain (00007ffa355c16c0)... dac.2854: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll: Signature #1/2: info status: 24202 dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'. dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] dac.2854: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa5a3a0000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0] dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5a3a0000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll' dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000640 pwszName=\Device\HarddiskVolume3\Windows\System32\uxtheme.dll dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010ecc10 dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010ecc10 dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FC4075B94E896B3CAA9912F5E86E9C45EF536E1D dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0415~31bf3856ad364e35~amd64~~10.0.18362.1316.cat'; file='\Device\HarddiskVolume3\Windows\System32\uxtheme.dll' dac.2854: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'user32.dll'. dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\uxtheme.dll) WinVerifyTrust dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\uxtheme.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] dac.2854: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa958c0000 LB 0x00099000 C:\WINDOWS\system32\uxtheme.dll [fFlags=0x0] dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa958c0000 'C:\WINDOWS\system32\uxtheme.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9ed40000 'C:\WINDOWS\system32\user32.dll' dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9f4b0000 'C:\WINDOWS\system32\shell32.dll' dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\SHCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9efe0000 'C:\WINDOWS\system32\SHCore.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll; rcNtGetDll=0x0 dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\system32\wintab32.dll' dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa93b00000 'C:\WINDOWS\system32\winmm.dll' dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa93b00000 'C:\WINDOWS\system32\winmm.dll' dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9f4b0000 'C:\WINDOWS\system32\shell32.dll' dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa958c0000 'C:\WINDOWS\system32\uxtheme.dll' dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9f090000 'C:\WINDOWS\system32\advapi32.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'profapi.dll'. dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\userenv.dll) WinVerifyTrust dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\userenv.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\profapi.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] dac.2854: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9cad0000 LB 0x00025000 C:\WINDOWS\system32\userenv.dll [fFlags=0x0] dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9cad0000 'C:\WINDOWS\system32\userenv.dll' dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9e480000 'C:\WINDOWS\System32\kernel32.dll' dac.44cc: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll: Signature #1/2: info status: 24202 dac.44cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.44cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. dac.44cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. dac.44cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. dac.44cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'. dac.44cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'. dac.44cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'. dac.44cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust dac.44cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll dac.44cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... dac.44cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] dac.44cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll dac.44cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... dac.44cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] dac.44cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll dac.44cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... dac.44cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] dac.44cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll dac.44cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... dac.44cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] dac.44cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... dac.44cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] dac.44cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll dac.44cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... dac.44cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] dac.44cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] dac.44cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll dac.44cc: supR3HardenedDllNotificationCallback: load 00007ffa594b0000 LB 0x003c0000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0] dac.44cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll dac.44cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa594b0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll' dac.44cc: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll: Signature #1/2: info status: 24202 dac.44cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.44cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. dac.44cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. dac.44cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. dac.44cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'. dac.44cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'. dac.44cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'. dac.44cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'. dac.44cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust dac.44cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll dac.44cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... dac.44cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] dac.44cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... dac.44cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] dac.44cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll dac.44cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... dac.44cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] dac.44cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll dac.44cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... dac.44cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008] dac.44cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll dac.44cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... dac.44cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] dac.44cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll dac.44cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... dac.44cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] dac.44cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... dac.44cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] dac.44cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] dac.44cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll dac.44cc: supR3HardenedDllNotificationCallback: load 00007ffa59c20000 LB 0x000ef000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0] dac.44cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll dac.44cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa59c20000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll' dac.44cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll dac.44cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] dac.44cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9ddf0000 'C:\Windows\System32\oleaut32.dll' dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000007c0 pwszName=\Device\HarddiskVolume3\Windows\System32\DWrite.dll dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010ecc10 dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010ecc10 dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D995AFF35A36FA902E82FCA08B076242F963574F dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0417~31bf3856ad364e35~amd64~~10.0.18362.1316.cat'; file='\Device\HarddiskVolume3\Windows\System32\DWrite.dll' dac.2854: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'. dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\DWrite.dll) WinVerifyTrust dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\DWrite.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dwrite.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] dac.2854: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DWrite.dll dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa7a5e0000 LB 0x002fe000 C:\WINDOWS\system32\dwrite.dll [fFlags=0x0] dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DWrite.dll dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa7a5e0000 'C:\WINDOWS\system32\dwrite.dll' dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9e6a0000 LB 0x00135000 C:\WINDOWS\System32\MSCTF.dll [fFlags=0x0] dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'oleaut32.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'user32.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'gdi32.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'imm32.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #41 'advapi32.dll'. dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msctf.dll) dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msctf.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msctf.dll' dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000968 pwszName=\Device\HarddiskVolume3\Windows\System32\DataExchange.dll dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010ecc10 dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010ecc10 dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C9B0BE701CDD3934C4537BC9090BB23A9DABB80B dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0410~31bf3856ad364e35~amd64~~10.0.18362.1316.cat'; file='\Device\HarddiskVolume3\Windows\System32\DataExchange.dll' dac.2854: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shcore.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'combase.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'd3d11.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'dcomp.dll'. dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\DataExchange.dll) WinVerifyTrust dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\DataExchange.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume3\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp_win.dll'. dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dcomp.dll) WinVerifyTrust dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dcomp.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume3\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'dxgi.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'win32u.dll'. dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\d3d11.dll) WinVerifyTrust dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\d3d11.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume3\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume3\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'win32u.dll'. dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dxgi.dll) WinVerifyTrust dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dxgi.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] dac.2854: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DataExchange.dll dac.2854: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d11.dll dac.2854: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dcomp.dll dac.2854: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dxgi.dll dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9b8c0000 LB 0x000eb000 C:\WINDOWS\system32\dxgi.dll [fFlags=0x0] dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dxgi.dll dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa94960000 LB 0x0025b000 C:\WINDOWS\system32\d3d11.dll [fFlags=0x0] dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d11.dll dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa95020000 LB 0x001dd000 C:\WINDOWS\system32\dcomp.dll [fFlags=0x0] dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dcomp.dll dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa66dd0000 LB 0x0003b000 C:\WINDOWS\system32\dataexchange.dll [fFlags=0x0] dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DataExchange.dll dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9e330000 'C:\WINDOWS\System32\gdi32.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa66dd0000 'C:\WINDOWS\system32\dataexchange.dll' dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rmclient.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'rpcrt4.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #47 'combase.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #50 'msvcp_win.dll'. dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll) dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'. dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rmclient.dll) dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rmclient.dll dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9b0d0000 LB 0x00029000 C:\WINDOWS\system32\RMCLIENT.dll [fFlags=0x0] dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rmclient.dll [avoiding WinVerifyTrust] dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9abc0000 LB 0x0025a000 C:\WINDOWS\system32\twinapi.appcore.dll [fFlags=0x0] dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust] dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rmclient.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'rmclient.dll' -> '\Device\HarddiskVolume3\Windows\System32\rmclient.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rmclient.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rmclient.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll' dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Shcore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9efe0000 'C:\WINDOWS\system32\Shcore.dll' dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'rpcrt4.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'coreuicomponents.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'coremessaging.dll'. dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll) dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'coremessaging.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #47 'shcore.dll'. dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll) dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll) dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntmarta.dll) dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntmarta.dll dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'combase.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'bcryptprimitives.dll'. dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\WinTypes.dll) dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\WinTypes.dll dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa9bc30000 LB 0x00031000 C:\WINDOWS\SYSTEM32\ntmarta.dll [fFlags=0x0] dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntmarta.dll [avoiding WinVerifyTrust] dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa95570000 LB 0x000d4000 C:\WINDOWS\System32\CoreMessaging.dll [fFlags=0x0] dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [avoiding WinVerifyTrust] dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa99900000 LB 0x00152000 C:\WINDOWS\SYSTEM32\wintypes.dll [fFlags=0x0] dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust] dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa926c0000 LB 0x0032a000 C:\WINDOWS\System32\CoreUIComponents.dll [fFlags=0x0] dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll [avoiding WinVerifyTrust] dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa7d450000 LB 0x0009d000 C:\WINDOWS\System32\TextInputFramework.dll [fFlags=0x0] dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll [avoiding WinVerifyTrust] dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume3\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume3\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume3\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coreuicomponents.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'coreuicomponents.dll' -> '\Device\HarddiskVolume3\Windows\System32\coreuicomponents.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll [lacks WinVerifyTrust] dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\WinTypes.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ntmarta.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll' dac.2854: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll) -> 0x0, fPresent=1 dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9ed40000 'ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll' dac.2854: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll) -> 0x0, fPresent=1 dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9ed40000 'ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll' dac.2854: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-com-l1-1-0.dll) -> 0x0, fPresent=1 dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-com-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9e7e0000 'api-ms-win-core-com-l1-1-0.dll' dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\iertutil.dll) dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\iertutil.dll dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa8c3e0000 LB 0x002a7000 C:\WINDOWS\System32\iertutil.dll [fFlags=0x0] dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\iertutil.dll [avoiding WinVerifyTrust] dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.2854: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\iertutil.dll' dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msctf.dll dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9e6a0000 'C:\WINDOWS\System32\MSCTF.dll' dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9f4b0000 'C:\WINDOWS\system32\shell32.dll' dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9f4b0000 'C:\WINDOWS\system32\shell32.dll' dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9fba0000 'C:\WINDOWS\System32\ole32.dll' dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9ddf0000 'C:\WINDOWS\System32\OLEAUT32.dll' dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a8c pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010ecc10 dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010ecc10 dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9079CDC5ACC547B11552509AC18E33929F812DB5 dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.18362.1316.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll' dac.2854: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'. dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a7c pwszName=\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010ecc10 dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010ecc10 dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=22EAF38FA276D7A374D3945ACD556FA0953D3440 dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.18362.1316.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' dac.2854: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'bcrypt.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'ws2_32.dll'. dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll) WinVerifyTrust dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] dac.2854: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll dac.2854: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa85a00000 LB 0x00084000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [fFlags=0x0] dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa7da10000 LB 0x00011000 C:\WINDOWS\system32\wbem\wbemprox.dll [fFlags=0x0] dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll dac.2854: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(API-MS-Win-Core-LocalRegistry-L1-1-0.dll) -> 0x0, fPresent=1 dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9ce70000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa7da10000 'C:\WINDOWS\system32\wbem\wbemprox.dll' dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b18 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010ecc10 dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010ecc10 dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B0BE32F19BEEFF7DE547DC04737D42E56F0E4CCB dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.18362.1316.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll' dac.2854: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'. dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] dac.2854: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa7d2c0000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [fFlags=0x0] dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa7d2c0000 'C:\WINDOWS\system32\wbem\wbemsvc.dll' dac.2854: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-0.dll) -> 0x0, fPresent=1 dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9ce70000 'api-ms-win-core-localization-l1-2-0.dll' dac.2854: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-1-0.dll) -> 0x0, fPresent=1 dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9ce70000 'api-ms-win-core-localization-obsolete-l1-1-0.dll' dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a84 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010ecc10 dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010ecc10 dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0708A64F48237CD4D5092546CE9C373F20B30CA1 dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.18362.1316.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll' dac.2854: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'wbemcomn.dll'. dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll) WinVerifyTrust dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] dac.2854: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa7cec0000 LB 0x00101000 C:\WINDOWS\system32\wbem\fastprox.dll [fFlags=0x0] dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa7cec0000 'C:\WINDOWS\system32\wbem\fastprox.dll' dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a90 pwszName=\Device\HarddiskVolume3\Windows\System32\amsi.dll dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010ecc10 dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010ecc10 dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AFE35A9A23BBFDF3E59A314D0CDCF1D4BAE34DC4 dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.2854: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.18362.1316.cat'; file='\Device\HarddiskVolume3\Windows\System32\amsi.dll' dac.2854: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'. dac.2854: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'userenv.dll'. dac.2854: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\amsi.dll) WinVerifyTrust dac.2854: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\amsi.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume3\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... dac.2854: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] dac.2854: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\amsi.dll (Input=amsi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] dac.2854: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\amsi.dll dac.2854: supR3HardenedDllNotificationCallback: load 00007ffa7b1f0000 LB 0x00017000 C:\WINDOWS\System32\amsi.dll [fFlags=0x0] dac.2854: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\amsi.dll dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa7b1f0000 'C:\WINDOWS\System32\amsi.dll' dac.2854: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9f090000 'C:\WINDOWS\System32\ADVAPI32.dll' dac.31d8: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll: Signature #1/2: info status: 24202 dac.31d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.31d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. dac.31d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. dac.31d8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust dac.31d8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll dac.31d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... dac.31d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] dac.31d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... dac.31d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] dac.31d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] dac.31d8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll dac.31d8: supR3HardenedDllNotificationCallback: load 00007ffa2f9e0000 LB 0x0037e000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0] dac.31d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll dac.31d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa2f9e0000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL' dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.47b8: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll: Signature #1/2: info status: 24202 dac.47b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.47b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. dac.47b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. dac.47b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'. dac.47b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'. dac.47b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'. dac.47b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust dac.47b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll dac.47b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... dac.47b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] dac.47b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... dac.47b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] dac.47b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... dac.47b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008] dac.47b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll dac.47b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... dac.47b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] dac.47b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... dac.47b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] dac.47b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] dac.47b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll dac.47b8: supR3HardenedDllNotificationCallback: load 00007ffa930a0000 LB 0x00010000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0] dac.47b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll dac.47b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa930a0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL' dac.4590: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll: Signature #1/2: info status: 24202 dac.4590: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.4590: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. dac.4590: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. dac.4590: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. dac.4590: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust dac.4590: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll dac.4590: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... dac.4590: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] dac.4590: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... dac.4590: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] dac.4590: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... dac.4590: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] dac.4590: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] dac.4590: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll dac.4590: supR3HardenedDllNotificationCallback: load 00007ffa93090000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0] dac.4590: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll dac.4590: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa93090000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL' dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9f4b0000 'C:\WINDOWS\system32\Shell32.dll' dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.cf8: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll: Signature #1/2: info status: 24202 dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'. dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'. dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'. dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'. dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'. dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'. dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'. dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'. dac.cf8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust dac.cf8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'... dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008] dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.cf8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust dac.cf8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] dac.cf8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'... dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008] dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'rpcrt4.dll'. dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'cfgmgr32.dll'. dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #41 'bcrypt.dll'. dac.cf8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\setupapi.dll) WinVerifyTrust dac.cf8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\setupapi.dll dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'... dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008] dac.cf8: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll: Signature #1/2: info status: 24202 dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'... dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008] dac.cf8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'... dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008] dac.cf8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. dac.cf8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust dac.cf8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'... dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008] dac.cf8: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll: Signature #1/2: info status: 24202 dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] dac.cf8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'. dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'. dac.cf8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust dac.cf8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008] dac.cf8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'... dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008] dac.cf8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] dac.cf8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] dac.cf8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll dac.cf8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll dac.cf8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll dac.cf8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL dac.cf8: supR3HardenedDllNotificationCallback: load 00007ffa9dec0000 LB 0x00470000 C:\WINDOWS\System32\SETUPAPI.dll [fFlags=0x0] dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll dac.cf8: supR3HardenedDllNotificationCallback: load 00007ffa686c0000 LB 0x00067000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0] dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll dac.cf8: supR3HardenedDllNotificationCallback: load 00007ffa2c800000 LB 0x0085c000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0] dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll dac.cf8: supR3HardenedDllNotificationCallback: load 00007ffa9c140000 LB 0x0003a000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0] dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL dac.cf8: supR3HardenedDllNotificationCallback: load 00007ffa2d060000 LB 0x009e8000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0] dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa2d060000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL' dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll dac.cf8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa594b0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL' dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll dac.cf8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa2c800000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL' dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.1d08: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll: Signature #1/2: info status: 24202 dac.1d08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.1d08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. dac.1d08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'. dac.1d08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. dac.1d08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust dac.1d08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll dac.1d08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... dac.1d08: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] dac.1d08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... dac.1d08: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008] dac.1d08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll dac.1d08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... dac.1d08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] dac.1d08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] dac.1d08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll dac.1d08: supR3HardenedDllNotificationCallback: load 00007ffa921f0000 LB 0x00014000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0] dac.1d08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll dac.1d08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa921f0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL' dac.41bc: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll: Signature #1/2: info status: 24202 dac.41bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.41bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. dac.41bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. dac.41bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'. dac.41bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'. dac.41bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust dac.41bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll dac.41bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... dac.41bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] dac.41bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... dac.41bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008] dac.41bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll dac.41bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... dac.41bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] dac.41bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... dac.41bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] dac.41bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] dac.41bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll dac.41bc: supR3HardenedDllNotificationCallback: load 00007ffa8af30000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0] dac.41bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll dac.41bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8af30000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL' dac.25a8: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll: Signature #1/2: info status: 24202 dac.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. dac.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. dac.25a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. dac.25a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust dac.25a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll dac.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... dac.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] dac.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... dac.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] dac.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... dac.25a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] dac.25a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] dac.25a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll dac.25a8: supR3HardenedDllNotificationCallback: load 00007ffa7f730000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0] dac.25a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll dac.25a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa7f730000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL' dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL dac.cf8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9c140000 'C:\WINDOWS\system32\Iphlpapi.dll' dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'. dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'nsi.dll'. dac.cf8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winnsi.dll) dac.cf8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winnsi.dll dac.cf8: supR3HardenedDllNotificationCallback: load 00007ffa9ef60000 LB 0x00008000 C:\WINDOWS\System32\NSI.dll [fFlags=0x0] dac.cf8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\nsi.dll) dac.cf8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\nsi.dll dac.cf8: supR3HardenedDllNotificationCallback: load 00007ffa93290000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\WINNSI.DLL [fFlags=0x0] dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winnsi.dll [avoiding WinVerifyTrust] dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'. dac.cf8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll) dac.cf8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll dac.cf8: supR3HardenedDllNotificationCallback: load 00007ffa90ab0000 LB 0x00016000 C:\WINDOWS\SYSTEM32\dhcpcsvc6.DLL [fFlags=0x0] dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll [avoiding WinVerifyTrust] dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'. dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'. dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'nsi.dll'. dac.cf8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll) dac.cf8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll dac.cf8: supR3HardenedDllNotificationCallback: load 00007ffa90a90000 LB 0x0001c000 C:\WINDOWS\SYSTEM32\dhcpcsvc.DLL [fFlags=0x0] dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll [avoiding WinVerifyTrust] dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'ws2_32.dll'. dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'nsi.dll'. dac.cf8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dnsapi.dll) dac.cf8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dnsapi.dll dac.cf8: supR3HardenedDllNotificationCallback: load 00007ffa9c180000 LB 0x000cb000 C:\WINDOWS\SYSTEM32\DNSAPI.dll [fFlags=0x0] dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dnsapi.dll [avoiding WinVerifyTrust] dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'... dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008] dac.cf8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll [lacks WinVerifyTrust] dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] dac.cf8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'... dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008] dac.cf8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll [lacks WinVerifyTrust] dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] dac.cf8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'... dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008] dac.cf8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll [lacks WinVerifyTrust] dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.cf8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dnsapi.dll' dac.cf8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f8c pwszName=\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll dac.cf8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010ecc10 dac.cf8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010ecc10 dac.cf8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1DCF393E857906A5D8EE3B77BAFBC689F3C62587 dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.cf8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.18362.1316.cat'; file='\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll' dac.cf8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) dac.cf8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll' dac.cf8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f84 pwszName=\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll dac.cf8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010ecc10 dac.cf8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010ecc10 dac.cf8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=660345FF413C91A981DE3625BA8520D06115250B dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.cf8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.18362.1316.cat'; file='\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll' dac.cf8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) dac.cf8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll' dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.cf8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\nsi.dll' dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.cf8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\winnsi.dll' dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'. dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'. dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'devobj.dll'. dac.cf8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll) WinVerifyTrust dac.cf8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'... dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume3\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008] dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'cfgmgr32.dll'. dac.cf8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\devobj.dll) WinVerifyTrust dac.cf8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\devobj.dll dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] dac.cf8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'... dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008] dac.cf8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll dac.cf8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] dac.cf8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll dac.cf8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devobj.dll dac.cf8: supR3HardenedDllNotificationCallback: load 00007ffa9c9d0000 LB 0x0002a000 C:\WINDOWS\System32\DEVOBJ.dll [fFlags=0x0] dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devobj.dll dac.cf8: supR3HardenedDllNotificationCallback: load 00007ffa8db70000 LB 0x00072000 C:\WINDOWS\System32\MMDevApi.dll [fFlags=0x0] dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8db70000 'C:\WINDOWS\System32\MMDevApi.dll' dac.cf8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d9c pwszName=\Device\HarddiskVolume3\Windows\System32\dsound.dll dac.cf8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010ecc10 dac.cf8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010ecc10 dac.cf8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8184043CF3F3DF1E3CF96E74DBBF7D0836417373 dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.cf8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.18362.535.cat'; file='\Device\HarddiskVolume3\Windows\System32\dsound.dll' dac.cf8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'winmm.dll'. dac.cf8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dsound.dll) WinVerifyTrust dac.cf8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dsound.dll dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] dac.cf8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] dac.cf8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009: [calling] dac.cf8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll dac.cf8: supR3HardenedDllNotificationCallback: load 00007ffa59ab0000 LB 0x00099000 C:\WINDOWS\System32\dsound.dll [fFlags=0x0] dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll dac.cf8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa59ab0000 'C:\WINDOWS\System32\dsound.dll' dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa59ab0000 'C:\WINDOWS\System32\dsound.dll' dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll dac.cf8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa59ab0000 'C:\WINDOWS\system32\dsound.dll' dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll dac.cf8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8db70000 'C:\WINDOWS\System32\MMDEVAPI.DLL' dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll dac.cf8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa93b00000 'C:\WINDOWS\System32\winmm.dll' dac.cf8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000dac pwszName=\Device\HarddiskVolume3\Windows\System32\wdmaud.drv dac.cf8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010ecc10 dac.cf8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010ecc10 dac.cf8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=38EA8D6D625C6A0A9075DAE17FD33652FF8FC23A dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.cf8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.18362.535.cat'; file='\Device\HarddiskVolume3\Windows\System32\wdmaud.drv' dac.cf8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'mmdevapi.dll'. dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'ksuser.dll'. dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'avrt.dll'. dac.cf8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wdmaud.drv) WinVerifyTrust dac.cf8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wdmaud.drv dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'... dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008] dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.cf8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\avrt.dll) WinVerifyTrust dac.cf8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\avrt.dll dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'... dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume3\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008] dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. dac.cf8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ksuser.dll) WinVerifyTrust dac.cf8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ksuser.dll dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'... dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008] dac.cf8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] dac.cf8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] dac.cf8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv dac.cf8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ksuser.dll dac.cf8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\avrt.dll dac.cf8: supR3HardenedDllNotificationCallback: load 00007ffa91b90000 LB 0x00009000 C:\WINDOWS\SYSTEM32\ksuser.dll [fFlags=0x0] dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ksuser.dll dac.cf8: supR3HardenedDllNotificationCallback: load 00007ffa92c70000 LB 0x0000a000 C:\WINDOWS\SYSTEM32\AVRT.dll [fFlags=0x0] dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\avrt.dll dac.cf8: supR3HardenedDllNotificationCallback: load 00007ffa7f7a0000 LB 0x00044000 C:\WINDOWS\System32\wdmaud.drv [fFlags=0x0] dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa7f7a0000 'C:\WINDOWS\System32\wdmaud.drv' dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv dac.cf8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa7f7a0000 'C:\WINDOWS\System32\wdmaud.drv' dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv dac.cf8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa7f7a0000 'C:\WINDOWS\System32\wdmaud.drv' dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv dac.cf8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa7f7a0000 'C:\WINDOWS\System32\wdmaud.drv' dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv dac.cf8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa7f7a0000 'C:\WINDOWS\System32\wdmaud.drv' dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'. dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'. dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'. dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'mmdevapi.dll'. dac.cf8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\AudioSes.dll) WinVerifyTrust dac.cf8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\AudioSes.dll dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'... dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008] dac.cf8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] dac.cf8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll dac.cf8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] dac.cf8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\AudioSes.dll dac.cf8: supR3HardenedDllNotificationCallback: load 00007ffa8d720000 LB 0x0015d000 C:\WINDOWS\System32\AUDIOSES.DLL [fFlags=0x0] dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\AudioSes.dll dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8d720000 'C:\WINDOWS\System32\AUDIOSES.DLL' dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv dac.cf8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa7f7a0000 'C:\WINDOWS\System32\wdmaud.drv' dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv dac.cf8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa7f7a0000 'C:\WINDOWS\System32\wdmaud.drv' dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa7f7a0000 'C:\WINDOWS\System32\wdmaud.drv' dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa7f7a0000 'C:\WINDOWS\System32\wdmaud.drv' dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa7f7a0000 'C:\WINDOWS\System32\wdmaud.drv' dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa7f7a0000 'C:\WINDOWS\System32\wdmaud.drv' dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa7f7a0000 'C:\WINDOWS\System32\wdmaud.drv' dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa7f7a0000 'C:\WINDOWS\System32\wdmaud.drv' dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa7f7a0000 'C:\WINDOWS\System32\wdmaud.drv' dac.cf8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f90 pwszName=\Device\HarddiskVolume3\Windows\System32\msacm32.drv dac.cf8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010ecc10 dac.cf8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010ecc10 dac.cf8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=763C5E89A8DA653902990733D245B99CC7C40BEA dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.cf8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.18362.535.cat'; file='\Device\HarddiskVolume3\Windows\System32\msacm32.drv' dac.cf8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'mmdevapi.dll'. dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'msacm32.dll'. dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'winmmbase.dll'. dac.cf8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msacm32.drv) WinVerifyTrust dac.cf8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msacm32.drv dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'... dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008] dac.cf8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmmbase.dll dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'... dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008] dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. dac.cf8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msacm32.dll) WinVerifyTrust dac.cf8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msacm32.dll dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'... dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008] dac.cf8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] dac.cf8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] dac.cf8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] dac.cf8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv dac.cf8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.dll dac.cf8: supR3HardenedDllNotificationCallback: load 00007ffa4a5d0000 LB 0x0001c000 C:\WINDOWS\SYSTEM32\MSACM32.dll [fFlags=0x0] dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.dll dac.cf8: supR3HardenedDllNotificationCallback: load 00007ffa94310000 LB 0x0000d000 C:\WINDOWS\System32\msacm32.drv [fFlags=0x0] dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa94310000 'C:\WINDOWS\System32\msacm32.drv' dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv dac.cf8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa94310000 'C:\WINDOWS\System32\msacm32.drv' dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv dac.cf8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa94310000 'C:\WINDOWS\System32\msacm32.drv' dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv dac.cf8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa94310000 'C:\WINDOWS\System32\msacm32.drv' dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv dac.cf8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa94310000 'C:\WINDOWS\System32\msacm32.drv' dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv dac.cf8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa94310000 'C:\WINDOWS\System32\msacm32.drv' dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv dac.cf8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa94310000 'C:\WINDOWS\System32\msacm32.drv' dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa94310000 'C:\WINDOWS\System32\msacm32.drv' dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa94310000 'C:\WINDOWS\System32\msacm32.drv' dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa94310000 'C:\WINDOWS\System32\msacm32.drv' dac.cf8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001024 pwszName=\Device\HarddiskVolume3\Windows\System32\midimap.dll dac.cf8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010ecc10 dac.cf8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010ecc10 dac.cf8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EB34EC166C3F780657AB67E557E6C2E60C398D10 dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.cf8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.18362.535.cat'; file='\Device\HarddiskVolume3\Windows\System32\midimap.dll' dac.cf8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. dac.cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'winmm.dll'. dac.cf8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\midimap.dll) WinVerifyTrust dac.cf8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\midimap.dll dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] dac.cf8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] dac.cf8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] dac.cf8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll dac.cf8: supR3HardenedDllNotificationCallback: load 00007ffa94300000 LB 0x0000a000 C:\WINDOWS\System32\midimap.dll [fFlags=0x0] dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa94300000 'C:\WINDOWS\System32\midimap.dll' dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll dac.cf8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa94300000 'C:\WINDOWS\System32\midimap.dll' dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll dac.cf8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa94300000 'C:\WINDOWS\System32\midimap.dll' dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll dac.cf8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001: [calling] dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa94300000 'C:\WINDOWS\System32\midimap.dll' dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa93b00000 'C:\WINDOWS\System32\winmm.dll' dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa93b00000 'C:\WINDOWS\System32\winmm.dll' dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa93b00000 'C:\WINDOWS\System32\winmm.dll' dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa93b00000 'C:\WINDOWS\System32\winmm.dll' dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa93b00000 'C:\WINDOWS\System32\winmm.dll' dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa93b00000 'C:\WINDOWS\System32\winmm.dll' dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa93b00000 'C:\WINDOWS\System32\winmm.dll' dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll dac.cf8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa93b00000 'C:\WINDOWS\System32\winmm.dll' dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa93b00000 'C:\WINDOWS\System32\winmm.dll' dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa93b00000 'C:\WINDOWS\System32\winmm.dll' dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa93b00000 'C:\WINDOWS\System32\winmm.dll' dac.322c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. dac.322c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'. dac.322c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ResourcePolicyClient.dll) dac.322c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ResourcePolicyClient.dll dac.322c: supR3HardenedDllNotificationCallback: load 00007ffa9ae20000 LB 0x00014000 C:\WINDOWS\SYSTEM32\resourcepolicyclient.dll [fFlags=0x0] dac.322c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ResourcePolicyClient.dll [avoiding WinVerifyTrust] dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] dac.cf8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... dac.cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9bfb0000 'C:\WINDOWS\system32\rsaenh.dll' dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa9da50000 'C:\WINDOWS\System32\crypt32.dll' dac.cf8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ResourcePolicyClient.dll' dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa93b00000 'C:\WINDOWS\System32\winmm.dll' dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa93b00000 'C:\WINDOWS\System32\winmm.dll' dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa93b00000 'C:\WINDOWS\System32\winmm.dll' dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa93b00000 'C:\WINDOWS\System32\winmm.dll' dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa93b00000 'C:\WINDOWS\System32\winmm.dll' dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa93b00000 'C:\WINDOWS\System32\winmm.dll' dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa93b00000 'C:\WINDOWS\System32\winmm.dll' dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll dac.cf8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa59ab0000 'C:\WINDOWS\system32\dsound.dll' dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa93b00000 'C:\WINDOWS\System32\winmm.dll' dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa93b00000 'C:\WINDOWS\System32\winmm.dll' dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa93b00000 'C:\WINDOWS\System32\winmm.dll' dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa93b00000 'C:\WINDOWS\System32\winmm.dll' dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa93b00000 'C:\WINDOWS\System32\winmm.dll' dac.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll dac.cf8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa93b00000 'C:\WINDOWS\System32\winmm.dll' dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa93b00000 'C:\WINDOWS\System32\winmm.dll' dac.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa93b00000 'C:\WINDOWS\System32\winmm.dll' 2e6c.3ab8: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0xcfffffff (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 102240 ms, the end); 4010.dc8: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xcfffffff (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 103202 ms, the end);