Pastebin
API
tools
faq
paste
Login
Sign up
Please fix the following errors:
New Paste
Syntax Highlighting
27c8.36b8: Log file opened: 6.1.30r148432 g_hStartupLog=000000000000008c g_uNtVerCombined=0xa04a6400 27c8.36b8: \SystemRoot\System32\ntdll.dll: 27c8.36b8: CreationTime: 2021-10-06T13:39:54.967473200Z 27c8.36b8: LastWriteTime: 2021-10-06T13:39:55.014335100Z 27c8.36b8: ChangeTime: 2021-12-17T09:52:47.850888900Z 27c8.36b8: FileAttributes: 0x20 27c8.36b8: Size: 0x1ee520 27c8.36b8: NT Headers: 0xe8 27c8.36b8: Timestamp: 0xa280d1d6 27c8.36b8: Machine: 0x8664 - amd64 27c8.36b8: Timestamp: 0xa280d1d6 27c8.36b8: Image Version: 10.0 27c8.36b8: SizeOfImage: 0x1f5000 (2052096) 27c8.36b8: Resource Dir: 0x184000 LB 0x6fdc8 27c8.36b8: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 27c8.36b8: [Raw version resource data: 0x1840f0 LB 0x380, codepage 0x0 (reserved 0x0)] 27c8.36b8: ProductName: Microsoft® Windows® Operating System 27c8.36b8: ProductVersion: 10.0.19041.1288 27c8.36b8: FileVersion: 10.0.19041.1288 (WinBuild.160101.0800) 27c8.36b8: FileDescription: NT Layer DLL 27c8.36b8: \SystemRoot\System32\kernel32.dll: 27c8.36b8: CreationTime: 2021-12-02T15:03:52.492099300Z 27c8.36b8: LastWriteTime: 2021-12-02T15:03:52.505102200Z 27c8.36b8: ChangeTime: 2021-12-17T09:52:47.655061900Z 27c8.36b8: FileAttributes: 0x20 27c8.36b8: Size: 0xbc058 27c8.36b8: NT Headers: 0xe8 27c8.36b8: Timestamp: 0x38b369c4 27c8.36b8: Machine: 0x8664 - amd64 27c8.36b8: Timestamp: 0x38b369c4 27c8.36b8: Image Version: 10.0 27c8.36b8: SizeOfImage: 0xbe000 (778240) 27c8.36b8: Resource Dir: 0xbc000 LB 0x520 27c8.36b8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 27c8.36b8: [Raw version resource data: 0xbc0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)] 27c8.36b8: ProductName: Microsoft® Windows® Operating System 27c8.36b8: ProductVersion: 10.0.19041.1348 27c8.36b8: FileVersion: 10.0.19041.1348 (WinBuild.160101.0800) 27c8.36b8: FileDescription: Windows NT BASE API Client DLL 27c8.36b8: \SystemRoot\System32\KernelBase.dll: 27c8.36b8: CreationTime: 2021-12-17T09:52:07.022047900Z 27c8.36b8: LastWriteTime: 2021-12-17T09:52:07.089062400Z 27c8.36b8: ChangeTime: 2021-12-18T17:56:07.323012400Z 27c8.36b8: FileAttributes: 0x20 27c8.36b8: Size: 0x2c9168 27c8.36b8: NT Headers: 0xf0 27c8.36b8: Timestamp: 0xb9a844a 27c8.36b8: Machine: 0x8664 - amd64 27c8.36b8: Timestamp: 0xb9a844a 27c8.36b8: Image Version: 10.0 27c8.36b8: SizeOfImage: 0x2c8000 (2916352) 27c8.36b8: Resource Dir: 0x29f000 LB 0x548 27c8.36b8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 27c8.36b8: [Raw version resource data: 0x29f0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)] 27c8.36b8: ProductName: Microsoft® Windows® Operating System 27c8.36b8: ProductVersion: 10.0.19041.1387 27c8.36b8: FileVersion: 10.0.19041.1387 (WinBuild.160101.0800) 27c8.36b8: FileDescription: Windows NT BASE API Client DLL 27c8.36b8: \SystemRoot\System32\apisetschema.dll: 27c8.36b8: CreationTime: 2019-12-07T09:08:13.518339400Z 27c8.36b8: LastWriteTime: 2019-12-07T09:08:13.518339400Z 27c8.36b8: ChangeTime: 2021-12-17T09:52:47.633058800Z 27c8.36b8: FileAttributes: 0x20 27c8.36b8: Size: 0x1f538 27c8.36b8: NT Headers: 0xd0 27c8.36b8: Timestamp: 0x31288ce0 27c8.36b8: Machine: 0x8664 - amd64 27c8.36b8: Timestamp: 0x31288ce0 27c8.36b8: Image Version: 10.0 27c8.36b8: SizeOfImage: 0x20000 (131072) 27c8.36b8: Resource Dir: 0x1f000 LB 0x408 27c8.36b8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 27c8.36b8: [Raw version resource data: 0x1f060 LB 0x3a8, codepage 0x0 (reserved 0x0)] 27c8.36b8: ProductName: Microsoft® Windows® Operating System 27c8.36b8: ProductVersion: 10.0.19041.1 27c8.36b8: FileVersion: 10.0.19041.1 (WinBuild.160101.0800) 27c8.36b8: FileDescription: ApiSet Schema DLL 27c8.36b8: NtOpenDirectoryObject failed on \Driver: 0xc0000022 27c8.36b8: supR3HardenedWinFindAdversaries: 0x0 27c8.36b8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' 27c8.36b8: Calling main() 27c8.36b8: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2 27c8.36b8: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' 27c8.36b8: SUPR3HardenedMain: Respawn #1 27c8.36b8: System32: \Device\HarddiskVolume3\Windows\System32 27c8.36b8: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS 27c8.36b8: KnownDllPath: C:\WINDOWS\System32 27c8.36b8: supR3HardenedWinInit: Performing a limited self purification... 27c8.36b8: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION 27c8.36b8: *0000000000000000-000000000088ffff 0x0001/0x0000 0x0000000 27c8.36b8: *0000000000890000-000000000089ffff 0x0004/0x0004 0x0040000 27c8.36b8: *00000000008a0000-00000000008a0fff 0x0002/0x0002 0x0040000 27c8.36b8: 00000000008a1000-00000000008affff 0x0001/0x0000 0x0000000 27c8.36b8: *00000000008b0000-00000000008ccfff 0x0002/0x0002 0x0040000 27c8.36b8: 00000000008cd000-00000000008cffff 0x0001/0x0000 0x0000000 27c8.36b8: *00000000008d0000-0000000000988fff 0x0000/0x0004 0x0020000 27c8.36b8: 0000000000989000-000000000098bfff 0x0104/0x0004 0x0020000 27c8.36b8: 000000000098c000-00000000009cffff 0x0004/0x0004 0x0020000 27c8.36b8: *00000000009d0000-00000000009d3fff 0x0002/0x0002 0x0040000 27c8.36b8: 00000000009d4000-00000000009dffff 0x0001/0x0000 0x0000000 27c8.36b8: *00000000009e0000-00000000009e1fff 0x0004/0x0004 0x0020000 27c8.36b8: 00000000009e2000-00000000009effff 0x0001/0x0000 0x0000000 27c8.36b8: *00000000009f0000-00000000009f0fff 0x0002/0x0002 0x0040000 27c8.36b8: 00000000009f1000-00000000009fffff 0x0001/0x0000 0x0000000 27c8.36b8: *0000000000a00000-0000000000a9cfff 0x0000/0x0004 0x0020000 27c8.36b8: 0000000000a9d000-0000000000a9ffff 0x0004/0x0004 0x0020000 27c8.36b8: 0000000000aa0000-0000000000bfffff 0x0000/0x0004 0x0020000 27c8.36b8: *0000000000c00000-0000000000cc8fff 0x0002/0x0002 0x0040000 27c8.36b8: 0000000000cc9000-0000000000ccffff 0x0001/0x0000 0x0000000 27c8.36b8: *0000000000cd0000-0000000000cd6fff 0x0004/0x0004 0x0020000 27c8.36b8: 0000000000cd7000-0000000000dcffff 0x0000/0x0004 0x0020000 27c8.36b8: *0000000000dd0000-0000000000dd0fff 0x0004/0x0004 0x0020000 27c8.36b8: 0000000000dd1000-0000000000ddffff 0x0001/0x0000 0x0000000 27c8.36b8: *0000000000de0000-0000000000de0fff 0x0002/0x0004 0x0020000 27c8.36b8: 0000000000de1000-0000000000de1fff 0x0020/0x0004 0x0020000 !! 27c8.36b8: 0000000000de2000-0000000000deffff 0x0001/0x0000 0x0000000 27c8.36b8: *0000000000df0000-0000000000df1fff 0x0004/0x0004 0x0020000 27c8.36b8: 0000000000df2000-0000000000e51fff 0x0000/0x0004 0x0020000 27c8.36b8: 0000000000e52000-0000000000e5ffff 0x0001/0x0000 0x0000000 27c8.36b8: *0000000000e60000-0000000000e60fff 0x0002/0x0004 0x0020000 27c8.36b8: 0000000000e61000-0000000000e61fff 0x0020/0x0004 0x0020000 !! 27c8.36b8: 0000000000e62000-0000000000e6ffff 0x0001/0x0000 0x0000000 27c8.36b8: *0000000000e70000-0000000000e70fff 0x0004/0x0004 0x0020000 27c8.36b8: 0000000000e71000-0000000000e7ffff 0x0001/0x0000 0x0000000 27c8.36b8: *0000000000e80000-0000000000e81fff 0x0004/0x0004 0x0020000 27c8.36b8: 0000000000e82000-0000000000ee1fff 0x0000/0x0004 0x0020000 27c8.36b8: 0000000000ee2000-0000000000eeffff 0x0001/0x0000 0x0000000 27c8.36b8: *0000000000ef0000-0000000000ef1fff 0x0004/0x0004 0x0020000 27c8.36b8: 0000000000ef2000-0000000000f51fff 0x0000/0x0004 0x0020000 27c8.36b8: 0000000000f52000-0000000000f9ffff 0x0001/0x0000 0x0000000 27c8.36b8: *0000000000fa0000-000000000105ffff 0x0004/0x0004 0x0020000 27c8.36b8: 0000000001060000-000000000106ffff 0x0000/0x0004 0x0020000 27c8.36b8: *0000000001070000-0000000001071fff 0x0004/0x0004 0x0020000 27c8.36b8: 0000000001072000-00000000010d1fff 0x0000/0x0004 0x0020000 27c8.36b8: 00000000010d2000-00000000010dffff 0x0001/0x0000 0x0000000 27c8.36b8: *00000000010e0000-00000000010e1fff 0x0004/0x0004 0x0020000 27c8.36b8: 00000000010e2000-0000000001141fff 0x0000/0x0004 0x0020000 27c8.36b8: 0000000001142000-000000000118ffff 0x0001/0x0000 0x0000000 27c8.36b8: *0000000001190000-000000000124ffff 0x0004/0x0004 0x0020000 27c8.36b8: 0000000001250000-000000000125ffff 0x0000/0x0004 0x0020000 27c8.36b8: 0000000001260000-00000000012cffff 0x0001/0x0000 0x0000000 27c8.36b8: *00000000012d0000-00000000012d4fff 0x0004/0x0004 0x0020000 27c8.36b8: 00000000012d5000-00000000016cffff 0x0000/0x0004 0x0020000 27c8.36b8: *00000000016d0000-00000000016f6fff 0x0004/0x0004 0x0020000 27c8.36b8: 00000000016f7000-00000000017cffff 0x0000/0x0004 0x0020000 27c8.36b8: 00000000017d0000-00000000017dffff 0x0001/0x0000 0x0000000 27c8.36b8: *00000000017e0000-000000000180ffff 0x0004/0x0004 0x0020000 27c8.36b8: 0000000001810000-0000000001bdffff 0x0000/0x0004 0x0020000 27c8.36b8: 0000000001be0000-0000000001daffff 0x0001/0x0000 0x0000000 27c8.36b8: *0000000001db0000-0000000001dbefff 0x0004/0x0004 0x0020000 27c8.36b8: 0000000001dbf000-0000000001dbffff 0x0000/0x0004 0x0020000 27c8.36b8: *0000000001dc0000-0000000001dc6fff 0x0000/0x0004 0x0020000 27c8.36b8: 0000000001dc7000-0000000001fbcfff 0x0004/0x0004 0x0020000 27c8.36b8: 0000000001fbd000-0000000001fbdfff 0x0000/0x0004 0x0020000 27c8.36b8: 0000000001fbe000-000000007ffdffff 0x0001/0x0000 0x0000000 27c8.36b8: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 27c8.36b8: 000000007ffe1000-000000007ffeafff 0x0001/0x0000 0x0000000 27c8.36b8: *000000007ffeb000-000000007ffebfff 0x0002/0x0002 0x0020000 27c8.36b8: 000000007ffec000-00007ff4e38cffff 0x0001/0x0000 0x0000000 27c8.36b8: *00007ff4e38d0000-00007ff4e38d0fff 0x0004/0x0004 0x0020000 27c8.36b8: 00007ff4e38d1000-00007ff4e38dffff 0x0001/0x0000 0x0000000 27c8.36b8: *00007ff4e38e0000-00007ff4e38effff 0x0002/0x0002 0x0020000 27c8.36b8: *00007ff4e38f0000-00007ff4e38f0fff 0x0002/0x0002 0x0020000 27c8.36b8: 00007ff4e38f1000-00007ff4e38f2fff 0x0020/0x0002 0x0020000 !! 27c8.36b8: 00007ff4e38f3000-00007ff4e38fffff 0x0001/0x0000 0x0000000 27c8.36b8: *00007ff4e3900000-00007ff4e3904fff 0x0002/0x0002 0x0040000 27c8.36b8: 00007ff4e3905000-00007ff4e39fffff 0x0000/0x0002 0x0040000 27c8.36b8: *00007ff4e3a00000-00007ff5e3a1ffff 0x0000/0x0004 0x0020000 27c8.36b8: *00007ff5e3a20000-00007ff5e5a1ffff 0x0000/0x0004 0x0020000 27c8.36b8: 00007ff5e5a20000-00007ff5e5a20fff 0x0004/0x0004 0x0020000 27c8.36b8: 00007ff5e5a21000-00007ff5e5a2ffff 0x0001/0x0000 0x0000000 27c8.36b8: *00007ff5e5a30000-00007ff5e5a30fff 0x0020/0x0004 0x0020000 !! 27c8.36b8: 00007ff5e5a31000-00007ff5e5a3ffff 0x0001/0x0000 0x0000000 27c8.36b8: *00007ff5e5a40000-00007ff5e5a40fff 0x0002/0x0002 0x0040000 27c8.36b8: 00007ff5e5a41000-00007ff5e5a4ffff 0x0001/0x0000 0x0000000 27c8.36b8: *00007ff5e5a50000-00007ff5e5a72fff 0x0002/0x0002 0x0040000 27c8.36b8: 00007ff5e5a73000-00007ff7ac75ffff 0x0001/0x0000 0x0000000 27c8.36b8: *00007ff7ac760000-00007ff7ac760fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 27c8.36b8: 00007ff7ac761000-00007ff7ac7d7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 27c8.36b8: 00007ff7ac7d8000-00007ff7ac7d8fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 27c8.36b8: 00007ff7ac7d9000-00007ff7ac821fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 27c8.36b8: 00007ff7ac822000-00007ff7ac824fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 27c8.36b8: 00007ff7ac825000-00007ff7ac827fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 27c8.36b8: 00007ff7ac828000-00007ff7ac82afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 27c8.36b8: 00007ff7ac82b000-00007ff7ac82bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 27c8.36b8: 00007ff7ac82c000-00007ff7ac82dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 27c8.36b8: 00007ff7ac82e000-00007ff7ac82efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 27c8.36b8: 00007ff7ac82f000-00007ff7ac877fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 27c8.36b8: 00007ff7ac878000-00007ffdbf41ffff 0x0001/0x0000 0x0000000 27c8.36b8: *00007ffdbf420000-00007ffdbf420fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\atcuf\dlls_265691267052696454\atcuf64.dll 27c8.36b8: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffdbf420000 LB 0x1000 (base 00007ffdbf420000) - 'atcuf64.dll' 27c8.36b8: 00007ffdbf421000-00007ffdbf480fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\atcuf\dlls_265691267052696454\atcuf64.dll 27c8.36b8: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffdbf421000 LB 0x60000 (base 00007ffdbf420000) - 'atcuf64.dll' 27c8.36b8: 00007ffdbf481000-00007ffdbf50efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\atcuf\dlls_265691267052696454\atcuf64.dll 27c8.36b8: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffdbf481000 LB 0x8e000 (base 00007ffdbf420000) - 'atcuf64.dll' 27c8.36b8: 00007ffdbf50f000-00007ffdbf515fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\atcuf\dlls_265691267052696454\atcuf64.dll 27c8.36b8: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffdbf50f000 LB 0x7000 (base 00007ffdbf420000) - 'atcuf64.dll' 27c8.36b8: 00007ffdbf516000-00007ffdbf516fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\atcuf\dlls_265691267052696454\atcuf64.dll 27c8.36b8: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffdbf516000 LB 0x1000 (base 00007ffdbf420000) - 'atcuf64.dll' 27c8.36b8: 00007ffdbf517000-00007ffdbf51efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\atcuf\dlls_265691267052696454\atcuf64.dll 27c8.36b8: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffdbf517000 LB 0x8000 (base 00007ffdbf420000) - 'atcuf64.dll' 27c8.36b8: 00007ffdbf51f000-00007ffdbf524fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\atcuf\dlls_265691267052696454\atcuf64.dll 27c8.36b8: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffdbf51f000 LB 0x6000 (base 00007ffdbf420000) - 'atcuf64.dll' 27c8.36b8: 00007ffdbf525000-00007ffdbf531fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\atcuf\dlls_265691267052696454\atcuf64.dll 27c8.36b8: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffdbf525000 LB 0xd000 (base 00007ffdbf420000) - 'atcuf64.dll' 27c8.36b8: 00007ffdbf532000-00007ffdbf53ffff 0x0001/0x0000 0x0000000 27c8.36b8: *00007ffdbf540000-00007ffdbf540fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\bdhkm\dlls_265691267062722177\bdhkm64.dll 27c8.36b8: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffdbf540000 LB 0x1000 (base 00007ffdbf540000) - 'bdhkm64.dll' 27c8.36b8: 00007ffdbf541000-00007ffdbf56ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\bdhkm\dlls_265691267062722177\bdhkm64.dll 27c8.36b8: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffdbf541000 LB 0x2f000 (base 00007ffdbf540000) - 'bdhkm64.dll' 27c8.36b8: 00007ffdbf570000-00007ffdbf5fffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\bdhkm\dlls_265691267062722177\bdhkm64.dll 27c8.36b8: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffdbf570000 LB 0x90000 (base 00007ffdbf540000) - 'bdhkm64.dll' 27c8.36b8: 00007ffdbf600000-00007ffdbf600fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\bdhkm\dlls_265691267062722177\bdhkm64.dll 27c8.36b8: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffdbf600000 LB 0x1000 (base 00007ffdbf540000) - 'bdhkm64.dll' 27c8.36b8: 00007ffdbf601000-00007ffdbf608fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\bdhkm\dlls_265691267062722177\bdhkm64.dll 27c8.36b8: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffdbf601000 LB 0x8000 (base 00007ffdbf540000) - 'bdhkm64.dll' 27c8.36b8: 00007ffdbf609000-00007ffdf3fdffff 0x0001/0x0000 0x0000000 27c8.36b8: *00007ffdf3fe0000-00007ffdf3fe0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll 27c8.36b8: 00007ffdf3fe1000-00007ffdf40f1fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll 27c8.36b8: 00007ffdf40f2000-00007ffdf4269fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll 27c8.36b8: 00007ffdf426a000-00007ffdf426dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll 27c8.36b8: 00007ffdf426e000-00007ffdf426efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll 27c8.36b8: 00007ffdf426f000-00007ffdf42a7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll 27c8.36b8: 00007ffdf42a8000-00007ffdf63effff 0x0001/0x0000 0x0000000 27c8.36b8: *00007ffdf63f0000-00007ffdf63f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll 27c8.36b8: 00007ffdf63f1000-00007ffdf646ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll 27c8.36b8: 00007ffdf6470000-00007ffdf64a2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll 27c8.36b8: 00007ffdf64a3000-00007ffdf64a3fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll 27c8.36b8: 00007ffdf64a4000-00007ffdf64a4fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll 27c8.36b8: 00007ffdf64a5000-00007ffdf64adfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll 27c8.36b8: 00007ffdf64ae000-00007ffdf676ffff 0x0001/0x0000 0x0000000 27c8.36b8: *00007ffdf6770000-00007ffdf6770fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 27c8.36b8: 00007ffdf6771000-00007ffdf688bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 27c8.36b8: 00007ffdf688c000-00007ffdf68d3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 27c8.36b8: 00007ffdf68d4000-00007ffdf68d4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 27c8.36b8: 00007ffdf68d5000-00007ffdf68d6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 27c8.36b8: 00007ffdf68d7000-00007ffdf68dffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 27c8.36b8: 00007ffdf68e0000-00007ffdf6964fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 27c8.36b8: 00007ffdf6965000-00007ffdf696ffff 0x0001/0x0000 0x0000000 27c8.36b8: *00007ffdf6970000-00007ffdf6970fff 0x0020/0x0002 0x0020000 !! 27c8.36b8: 00007ffdf6971000-00007ffdf697ffff 0x0002/0x0002 0x0020000 27c8.36b8: *00007ffdf6980000-00007ffdf6980fff 0x0020/0x0002 0x0020000 !! 27c8.36b8: 00007ffdf6981000-00007ffdf698ffff 0x0002/0x0002 0x0020000 27c8.36b8: 00007ffdf6990000-00007ffffffeffff 0x0001/0x0000 0x0000000 27c8.36b8: kernel32.dll: timestamp 0x38b369c4 (rc=VINF_SUCCESS) 27c8.36b8: kernelbase.dll: timestamp 0xb9a844a (rc=VINF_SUCCESS) 27c8.36b8: VirtualBoxVM.exe: timestamp 0x619bb44c (rc=VINF_SUCCESS) 27c8.36b8: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202 27c8.36b8: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports 27c8.36b8: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports 27c8.36b8: ntdll.dll: Differences in section #1 (.text) between file and memory: 27c8.36b8: 00007ffdf67a2ad0 / 0x0032ad0: 4c != e9 27c8.36b8: 00007ffdf67a2ad1 / 0x0032ad1: 89 != 5e 27c8.36b8: 00007ffdf67a2ad2 / 0x0032ad2: 4c != d5 27c8.36b8: 00007ffdf67a2ad3 / 0x0032ad3: 24 != 1c 27c8.36b8: 00007ffdf67a2ad4 / 0x0032ad4: 20 != 00 27c8.36b8: Restored 0x2000 bytes of original file content at 00007ffdf67a1000 27c8.36b8: ntdll.dll: Differences in section #1 (.text) between file and memory: 27c8.36b8: 00007ffdf680ce60 / 0x009ce60: 4c != e9 27c8.36b8: 00007ffdf680ce61 / 0x009ce61: 8b != f4 27c8.36b8: 00007ffdf680ce62 / 0x009ce62: d1 != 3e 27c8.36b8: 00007ffdf680ce63 / 0x009ce63: b8 != 16 27c8.36b8: 00007ffdf680ce64 / 0x009ce64: 08 != 00 27c8.36b8: 00007ffdf680ce65 / 0x009ce65: 00 != cc 27c8.36b8: 00007ffdf680ce66 / 0x009ce66: 00 != cc 27c8.36b8: 00007ffdf680ce67 / 0x009ce67: 00 != cc 27c8.36b8: 00007ffdf680cf00 / 0x009cf00: 4c != e9 27c8.36b8: 00007ffdf680cf02 / 0x009cf02: d1 != 3a 27c8.36b8: 00007ffdf680cf03 / 0x009cf03: b8 != 16 27c8.36b8: 00007ffdf680cf04 / 0x009cf04: 0d != 00 27c8.36b8: 00007ffdf680cf05 / 0x009cf05: 00 != cc 27c8.36b8: 00007ffdf680cf06 / 0x009cf06: 00 != cc 27c8.36b8: 00007ffdf680cf07 / 0x009cf07: 00 != cc 27c8.36b8: 00007ffdf680cf40 / 0x009cf40: 4c != e9 27c8.36b8: 00007ffdf680cf41 / 0x009cf41: 8b != 85 27c8.36b8: 00007ffdf680cf42 / 0x009cf42: d1 != 33 27c8.36b8: 00007ffdf680cf43 / 0x009cf43: b8 != 16 27c8.36b8: 00007ffdf680cf44 / 0x009cf44: 0f != 00 27c8.36b8: 00007ffdf680cf45 / 0x009cf45: 00 != cc 27c8.36b8: 00007ffdf680cf46 / 0x009cf46: 00 != cc 27c8.36b8: 00007ffdf680cf47 / 0x009cf47: 00 != cc 27c8.36b8: 00007ffdf680d080 / 0x009d080: 4c != e9 27c8.36b8: 00007ffdf680d081 / 0x009d081: 8b != 3b 27c8.36b8: 00007ffdf680d082 / 0x009d082: d1 != 3c 27c8.36b8: 00007ffdf680d083 / 0x009d083: b8 != 16 27c8.36b8: 00007ffdf680d084 / 0x009d084: 19 != 00 27c8.36b8: 00007ffdf680d085 / 0x009d085: 00 != cc 27c8.36b8: 00007ffdf680d086 / 0x009d086: 00 != cc 27c8.36b8: 00007ffdf680d087 / 0x009d087: 00 != cc 27c8.36b8: 00007ffdf680d220 / 0x009d220: 4c != e9 27c8.36b8: 00007ffdf680d221 / 0x009d221: 8b != d6 27c8.36b8: 00007ffdf680d222 / 0x009d222: d1 != 32 27c8.36b8: 00007ffdf680d223 / 0x009d223: b8 != 16 27c8.36b8: 00007ffdf680d224 / 0x009d224: 26 != 00 27c8.36b8: 00007ffdf680d225 / 0x009d225: 00 != cc 27c8.36b8: 00007ffdf680d226 / 0x009d226: 00 != cc 27c8.36b8: 00007ffdf680d227 / 0x009d227: 00 != cc 27c8.36b8: 00007ffdf680d260 / 0x009d260: 4c != e9 27c8.36b8: 00007ffdf680d261 / 0x009d261: 8b != fb 27c8.36b8: 00007ffdf680d262 / 0x009d262: d1 != 33 27c8.36b8: 00007ffdf680d263 / 0x009d263: b8 != 16 27c8.36b8: 00007ffdf680d264 / 0x009d264: 28 != 00 27c8.36b8: 00007ffdf680d265 / 0x009d265: 00 != cc 27c8.36b8: 00007ffdf680d266 / 0x009d266: 00 != cc 27c8.36b8: 00007ffdf680d267 / 0x009d267: 00 != cc 27c8.36b8: 00007ffdf680d2a0 / 0x009d2a0: 4c != e9 27c8.36b8: 00007ffdf680d2a1 / 0x009d2a1: 8b != 1d 27c8.36b8: 00007ffdf680d2a2 / 0x009d2a2: d1 != 38 27c8.36b8: 00007ffdf680d2a3 / 0x009d2a3: b8 != 16 27c8.36b8: 00007ffdf680d2a4 / 0x009d2a4: 2a != 00 27c8.36b8: 00007ffdf680d2a5 / 0x009d2a5: 00 != cc 27c8.36b8: 00007ffdf680d2a6 / 0x009d2a6: 00 != cc 27c8.36b8: 00007ffdf680d2a7 / 0x009d2a7: 00 != cc 27c8.36b8: 00007ffdf680d2e0 / 0x009d2e0: 4c != e9 27c8.36b8: 00007ffdf680d2e1 / 0x009d2e1: 8b != 1b 27c8.36b8: 00007ffdf680d2e2 / 0x009d2e2: d1 != 2d 27c8.36b8: 00007ffdf680d2e3 / 0x009d2e3: b8 != 16 27c8.36b8: 00007ffdf680d2e4 / 0x009d2e4: 2c != 00 27c8.36b8: 00007ffdf680d2e5 / 0x009d2e5: 00 != cc 27c8.36b8: 00007ffdf680d2e6 / 0x009d2e6: 00 != cc 27c8.36b8: 00007ffdf680d2e7 / 0x009d2e7: 00 != cc 27c8.36b8: 00007ffdf680d4a0 / 0x009d4a0: 4c != e9 27c8.36b8: 00007ffdf680d4a1 / 0x009d4a1: 8b != bd 27c8.36b8: 00007ffdf680d4a2 / 0x009d4a2: d1 != 2f 27c8.36b8: 00007ffdf680d4a3 / 0x009d4a3: b8 != 16 27c8.36b8: 00007ffdf680d4a4 / 0x009d4a4: 3a != 00 27c8.36b8: 00007ffdf680d4a5 / 0x009d4a5: 00 != cc 27c8.36b8: 00007ffdf680d4a6 / 0x009d4a6: 00 != cc 27c8.36b8: 00007ffdf680d4a7 / 0x009d4a7: 00 != cc 27c8.36b8: 00007ffdf680d4e0 / 0x009d4e0: 4c != e9 27c8.36b8: 00007ffdf680d4e1 / 0x009d4e1: 8b != 7c 27c8.36b8: 00007ffdf680d4e2 / 0x009d4e2: d1 != 30 27c8.36b8: 00007ffdf680d4e3 / 0x009d4e3: b8 != 16 27c8.36b8: 00007ffdf680d4e4 / 0x009d4e4: 3c != 00 27c8.36b8: 00007ffdf680d4e5 / 0x009d4e5: 00 != cc 27c8.36b8: 00007ffdf680d4e6 / 0x009d4e6: 00 != cc 27c8.36b8: 00007ffdf680d4e7 / 0x009d4e7: 00 != cc 27c8.36b8: 00007ffdf680d540 / 0x009d540: 4c != e9 27c8.36b8: 00007ffdf680d541 / 0x009d541: 8b != ac 27c8.36b8: 00007ffdf680d542 / 0x009d542: d1 != 39 27c8.36b8: 00007ffdf680d543 / 0x009d543: b8 != 16 27c8.36b8: 00007ffdf680d544 / 0x009d544: 3f != 00 27c8.36b8: 00007ffdf680d545 / 0x009d545: 00 != cc 27c8.36b8: 00007ffdf680d546 / 0x009d546: 00 != cc 27c8.36b8: 00007ffdf680d547 / 0x009d547: 00 != cc 27c8.36b8: 00007ffdf680d580 / 0x009d580: 4c != e9 27c8.36b8: 00007ffdf680d581 / 0x009d581: 8b != e1 27c8.36b8: 00007ffdf680d582 / 0x009d582: d1 != 2a 27c8.36b8: 00007ffdf680d583 / 0x009d583: b8 != 16 27c8.36b8: 00007ffdf680d584 / 0x009d584: 41 != 00 27c8.36b8: 00007ffdf680d585 / 0x009d585: 00 != cc 27c8.36b8: 00007ffdf680d586 / 0x009d586: 00 != cc 27c8.36b8: 00007ffdf680d587 / 0x009d587: 00 != cc 27c8.36b8: 00007ffdf680d600 / 0x009d600: 4c != e9 27c8.36b8: 00007ffdf680d601 / 0x009d601: 8b != c2 27c8.36b8: 00007ffdf680d602 / 0x009d602: d1 != 2f 27c8.36b8: 00007ffdf680d603 / 0x009d603: b8 != 16 27c8.36b8: 00007ffdf680d604 / 0x009d604: 45 != 00 27c8.36b8: 00007ffdf680d605 / 0x009d605: 00 != cc 27c8.36b8: 00007ffdf680d606 / 0x009d606: 00 != cc 27c8.36b8: 00007ffdf680d607 / 0x009d607: 00 != cc 27c8.36b8: 00007ffdf680d6a0 / 0x009d6a0: 4c != e9 27c8.36b8: 00007ffdf680d6a1 / 0x009d6a1: 8b != e7 27c8.36b8: 00007ffdf680d6a2 / 0x009d6a2: d1 != 36 27c8.36b8: 00007ffdf680d6a3 / 0x009d6a3: b8 != 16 27c8.36b8: 00007ffdf680d6a4 / 0x009d6a4: 4a != 00 27c8.36b8: 00007ffdf680d6a5 / 0x009d6a5: 00 != cc 27c8.36b8: 00007ffdf680d6a6 / 0x009d6a6: 00 != cc 27c8.36b8: 00007ffdf680d6a7 / 0x009d6a7: 00 != cc 27c8.36b8: 00007ffdf680d700 / 0x009d700: 4c != e9 27c8.36b8: 00007ffdf680d701 / 0x009d701: 8b != 2b 27c8.36b8: 00007ffdf680d702 / 0x009d702: d1 != 2c 27c8.36b8: 00007ffdf680d703 / 0x009d703: b8 != 16 27c8.36b8: 00007ffdf680d704 / 0x009d704: 4d != 00 27c8.36b8: 00007ffdf680d705 / 0x009d705: 00 != cc 27c8.36b8: 00007ffdf680d706 / 0x009d706: 00 != cc 27c8.36b8: 00007ffdf680d707 / 0x009d707: 00 != cc 27c8.36b8: 00007ffdf680d720 / 0x009d720: 4c != e9 27c8.36b8: 00007ffdf680d721 / 0x009d721: 8b != d7 27c8.36b8: 00007ffdf680d722 / 0x009d722: d1 != 2c 27c8.36b8: 00007ffdf680d723 / 0x009d723: b8 != 16 27c8.36b8: 00007ffdf680d724 / 0x009d724: 4e != 00 27c8.36b8: 00007ffdf680d725 / 0x009d725: 00 != cc 27c8.36b8: 00007ffdf680d726 / 0x009d726: 00 != cc 27c8.36b8: 00007ffdf680d727 / 0x009d727: 00 != cc 27c8.36b8: 00007ffdf680d7a0 / 0x009d7a0: 4c != e9 27c8.36b8: 00007ffdf680d7a1 / 0x009d7a1: 8b != 83 27c8.36b8: 00007ffdf680d7a2 / 0x009d7a2: d1 != 33 27c8.36b8: 00007ffdf680d7a3 / 0x009d7a3: b8 != 16 27c8.36b8: 00007ffdf680d7a4 / 0x009d7a4: 52 != 00 27c8.36b8: 00007ffdf680d7a5 / 0x009d7a5: 00 != cc 27c8.36b8: 00007ffdf680d7a6 / 0x009d7a6: 00 != cc 27c8.36b8: 00007ffdf680d7a7 / 0x009d7a7: 00 != cc 27c8.36b8: 00007ffdf680dc70 / 0x009dc70: 4c != e9 27c8.36b8: 00007ffdf680dc71 / 0x009dc71: 8b != 4e 27c8.36b8: 00007ffdf680dc72 / 0x009dc72: d1 != 2d 27c8.36b8: 00007ffdf680dc73 / 0x009dc73: b8 != 16 27c8.36b8: 00007ffdf680dc74 / 0x009dc74: 79 != 00 27c8.36b8: 00007ffdf680dc75 / 0x009dc75: 00 != cc 27c8.36b8: 00007ffdf680dc76 / 0x009dc76: 00 != cc 27c8.36b8: 00007ffdf680dc77 / 0x009dc77: 00 != cc 27c8.36b8: 00007ffdf680dcb0 / 0x009dcb0: 4c != e9 27c8.36b8: 00007ffdf680dcb1 / 0x009dcb1: 8b != 41 27c8.36b8: 00007ffdf680dcb2 / 0x009dcb2: d1 != 2d 27c8.36b8: 00007ffdf680dcb3 / 0x009dcb3: b8 != 16 27c8.36b8: 00007ffdf680dcb4 / 0x009dcb4: 7b != 00 27c8.36b8: 00007ffdf680dcb5 / 0x009dcb5: 00 != cc 27c8.36b8: 00007ffdf680dcb6 / 0x009dcb6: 00 != cc 27c8.36b8: 00007ffdf680dcb7 / 0x009dcb7: 00 != cc 27c8.36b8: 00007ffdf680ded0 / 0x009ded0: 4c != e9 27c8.36b8: 00007ffdf680ded1 / 0x009ded1: 8b != 54 27c8.36b8: 00007ffdf680ded2 / 0x009ded2: d1 != 2b 27c8.36b8: 00007ffdf680ded3 / 0x009ded3: b8 != 16 27c8.36b8: 00007ffdf680ded4 / 0x009ded4: 8c != 00 27c8.36b8: 00007ffdf680ded5 / 0x009ded5: 00 != cc 27c8.36b8: 00007ffdf680ded6 / 0x009ded6: 00 != cc 27c8.36b8: 00007ffdf680ded7 / 0x009ded7: 00 != cc 27c8.36b8: 00007ffdf680e070 / 0x009e070: 4c != e9 27c8.36b8: 00007ffdf680e071 / 0x009e071: 8b != b0 27c8.36b8: 00007ffdf680e072 / 0x009e072: d1 != 2d 27c8.36b8: 00007ffdf680e073 / 0x009e073: b8 != 16 27c8.36b8: 00007ffdf680e074 / 0x009e074: 99 != 00 27c8.36b8: 00007ffdf680e075 / 0x009e075: 00 != cc 27c8.36b8: 00007ffdf680e076 / 0x009e076: 00 != cc 27c8.36b8: 00007ffdf680e077 / 0x009e077: 00 != cc 27c8.36b8: 00007ffdf680e3b0 / 0x009e3b0: 4c != e9 27c8.36b8: 00007ffdf680e3b1 / 0x009e3b1: 8b != d6 27c8.36b8: 00007ffdf680e3b2 / 0x009e3b2: d1 != 2a 27c8.36b8: 00007ffdf680e3b3 / 0x009e3b3: b8 != 16 27c8.36b8: 00007ffdf680e3b4 / 0x009e3b4: b3 != 00 27c8.36b8: 00007ffdf680e3b5 / 0x009e3b5: 00 != cc 27c8.36b8: 00007ffdf680e3b6 / 0x009e3b6: 00 != cc 27c8.36b8: 00007ffdf680e3b7 / 0x009e3b7: 00 != cc 27c8.36b8: 00007ffdf680e470 / 0x009e470: 4c != e9 27c8.36b8: 00007ffdf680e471 / 0x009e471: 8b != 88 27c8.36b8: 00007ffdf680e472 / 0x009e472: d1 != 1e 27c8.36b8: 00007ffdf680e473 / 0x009e473: b8 != 16 27c8.36b8: 00007ffdf680e474 / 0x009e474: b9 != 00 27c8.36b8: 00007ffdf680e475 / 0x009e475: 00 != cc 27c8.36b8: 00007ffdf680e476 / 0x009e476: 00 != cc 27c8.36b8: 00007ffdf680e477 / 0x009e477: 00 != cc 27c8.36b8: 00007ffdf680e510 / 0x009e510: 4c != e9 27c8.36b8: 00007ffdf680e511 / 0x009e511: 8b != aa 27c8.36b8: 00007ffdf680e512 / 0x009e512: d1 != 28 27c8.36b8: 00007ffdf680e513 / 0x009e513: b8 != 16 27c8.36b8: 00007ffdf680e514 / 0x009e514: be != 00 27c8.36b8: 00007ffdf680e515 / 0x009e515: 00 != cc 27c8.36b8: 00007ffdf680e516 / 0x009e516: 00 != cc 27c8.36b8: 00007ffdf680e517 / 0x009e517: 00 != cc 27c8.36b8: 00007ffdf680e550 / 0x009e550: 4c != e9 27c8.36b8: 00007ffdf680e551 / 0x009e551: 8b != cf 27c8.36b8: 00007ffdf680e552 / 0x009e552: d1 != 29 27c8.36b8: 00007ffdf680e553 / 0x009e553: b8 != 16 27c8.36b8: 00007ffdf680e554 / 0x009e554: c0 != 00 27c8.36b8: 00007ffdf680e555 / 0x009e555: 00 != cc 27c8.36b8: 00007ffdf680e556 / 0x009e556: 00 != cc 27c8.36b8: 00007ffdf680e557 / 0x009e557: 00 != cc 27c8.36b8: 00007ffdf680e570 / 0x009e570: 4c != e9 27c8.36b8: 00007ffdf680e571 / 0x009e571: 8b != ba 27c8.36b8: 00007ffdf680e572 / 0x009e572: d1 != 1e 27c8.36b8: 00007ffdf680e573 / 0x009e573: b8 != 16 27c8.36b8: 00007ffdf680e574 / 0x009e574: c1 != 00 27c8.36b8: 00007ffdf680e575 / 0x009e575: 00 != cc 27c8.36b8: 00007ffdf680e576 / 0x009e576: 00 != cc 27c8.36b8: 00007ffdf680e577 / 0x009e577: 00 != cc 27c8.36b8: 00007ffdf680e610 / 0x009e610: 4c != e9 27c8.36b8: 00007ffdf680e611 / 0x009e611: 8b != de 27c8.36b8: 00007ffdf680e612 / 0x009e612: d1 != 26 27c8.36b8: 00007ffdf680e613 / 0x009e613: b8 != 16 27c8.36b8: 00007ffdf680e614 / 0x009e614: c6 != 00 27c8.36b8: 00007ffdf680e615 / 0x009e615: 00 != cc 27c8.36b8: 00007ffdf680e616 / 0x009e616: 00 != cc 27c8.36b8: 00007ffdf680e617 / 0x009e617: 00 != cc 27c8.36b8: 00007ffdf680e650 / 0x009e650: 4c != e9 27c8.36b8: 00007ffdf680e651 / 0x009e651: 8b != 0e 27c8.36b8: 00007ffdf680e652 / 0x009e652: d1 != 1d 27c8.36b8: 00007ffdf680e653 / 0x009e653: b8 != 16 27c8.36b8: 00007ffdf680e654 / 0x009e654: c8 != 00 27c8.36b8: 00007ffdf680e655 / 0x009e655: 00 != cc 27c8.36b8: 00007ffdf680e656 / 0x009e656: 00 != cc 27c8.36b8: 00007ffdf680e657 / 0x009e657: 00 != cc 27c8.36b8: Restored 0x2000 bytes of original file content at 00007ffdf680cb0e 27c8.36b8: ntdll.dll: Differences in section #1 (.text) between file and memory: 27c8.36b8: 00007ffdf680edf0 / 0x009edf0: 4c != e9 27c8.36b8: 00007ffdf680edf1 / 0x009edf1: 8b != c9 27c8.36b8: 00007ffdf680edf2 / 0x009edf2: d1 != 20 27c8.36b8: 00007ffdf680edf3 / 0x009edf3: b8 != 16 27c8.36b8: 00007ffdf680edf4 / 0x009edf4: 05 != 00 27c8.36b8: 00007ffdf680edf5 / 0x009edf5: 01 != cc 27c8.36b8: 00007ffdf680edf6 / 0x009edf6: 00 != cc 27c8.36b8: 00007ffdf680edf7 / 0x009edf7: 00 != cc 27c8.36b8: 00007ffdf680f950 / 0x009f950: 4c != e9 27c8.36b8: 00007ffdf680f951 / 0x009f951: 8b != 3a 27c8.36b8: 00007ffdf680f952 / 0x009f952: d1 != 11 27c8.36b8: 00007ffdf680f953 / 0x009f953: b8 != 16 27c8.36b8: 00007ffdf680f954 / 0x009f954: 60 != 00 27c8.36b8: 00007ffdf680f955 / 0x009f955: 01 != cc 27c8.36b8: 00007ffdf680f956 / 0x009f956: 00 != cc 27c8.36b8: 00007ffdf680f957 / 0x009f957: 00 != cc 27c8.36b8: 00007ffdf680fa30 / 0x009fa30: 4c != e9 27c8.36b8: 00007ffdf680fa31 / 0x009fa31: 8b != 96 27c8.36b8: 00007ffdf680fa32 / 0x009fa32: d1 != 07 27c8.36b8: 00007ffdf680fa33 / 0x009fa33: b8 != 16 27c8.36b8: 00007ffdf680fa34 / 0x009fa34: 67 != 00 27c8.36b8: 00007ffdf680fa35 / 0x009fa35: 01 != cc 27c8.36b8: 00007ffdf680fa36 / 0x009fa36: 00 != cc 27c8.36b8: 00007ffdf680fa37 / 0x009fa37: 00 != cc 27c8.36b8: 00007ffdf680fd50 / 0x009fd50: 4c != e9 27c8.36b8: 00007ffdf680fd51 / 0x009fd51: 8b != 9d 27c8.36b8: 00007ffdf680fd52 / 0x009fd52: d1 != 10 27c8.36b8: 00007ffdf680fd53 / 0x009fd53: b8 != 16 27c8.36b8: 00007ffdf680fd54 / 0x009fd54: 80 != 00 27c8.36b8: 00007ffdf680fd55 / 0x009fd55: 01 != cc 27c8.36b8: 00007ffdf680fd56 / 0x009fd56: 00 != cc 27c8.36b8: 00007ffdf680fd57 / 0x009fd57: 00 != cc 27c8.36b8: 00007ffdf680feb0 / 0x009feb0: 4c != e9 27c8.36b8: 00007ffdf680feb1 / 0x009feb1: 8b != 45 27c8.36b8: 00007ffdf680feb2 / 0x009feb2: d1 != 07 27c8.36b8: 00007ffdf680feb3 / 0x009feb3: b8 != 16 27c8.36b8: 00007ffdf680feb4 / 0x009feb4: 8b != 00 27c8.36b8: 00007ffdf680feb5 / 0x009feb5: 01 != cc 27c8.36b8: 00007ffdf680feb6 / 0x009feb6: 00 != cc 27c8.36b8: 00007ffdf680feb7 / 0x009feb7: 00 != cc 27c8.36b8: 00007ffdf68100d0 / 0x00a00d0: 4c != e9 27c8.36b8: 00007ffdf68100d1 / 0x00a00d1: 8b != 83 27c8.36b8: 00007ffdf68100d2 / 0x00a00d2: d1 != 0d 27c8.36b8: 00007ffdf68100d3 / 0x00a00d3: b8 != 16 27c8.36b8: 00007ffdf68100d4 / 0x00a00d4: 9c != 00 27c8.36b8: 00007ffdf68100d5 / 0x00a00d5: 01 != cc 27c8.36b8: 00007ffdf68100d6 / 0x00a00d6: 00 != cc 27c8.36b8: 00007ffdf68100d7 / 0x00a00d7: 00 != cc 27c8.36b8: 00007ffdf6810270 / 0x00a0270: 4c != e9 27c8.36b8: 00007ffdf6810271 / 0x00a0271: 8b != e7 27c8.36b8: 00007ffdf6810272 / 0x00a0272: d1 != 07 27c8.36b8: 00007ffdf6810273 / 0x00a0273: b8 != 16 27c8.36b8: 00007ffdf6810274 / 0x00a0274: a9 != 00 27c8.36b8: 00007ffdf6810275 / 0x00a0275: 01 != cc 27c8.36b8: 00007ffdf6810276 / 0x00a0276: 00 != cc 27c8.36b8: 00007ffdf6810277 / 0x00a0277: 00 != cc 27c8.36b8: Restored 0x1f62 bytes of original file content at 00007ffdf680eb0e 27c8.36b8: ntdll.dll: Differences in section #1 (.text) between file and memory: 27c8.36b8: 00007ffdf684c140 / 0x00dc140: 4c != e9 27c8.36b8: 00007ffdf684c141 / 0x00dc141: 8b != b0 27c8.36b8: 00007ffdf684c142 / 0x00dc142: c2 != 49 27c8.36b8: 00007ffdf684c143 / 0x00dc143: 41 != 12 27c8.36b8: 00007ffdf684c144 / 0x00dc144: b9 != 00 27c8.36b8: 00007ffdf684c146 / 0x00dc146: 02 != cc 27c8.36b8: 00007ffdf684c147 / 0x00dc147: 00 != cc 27c8.36b8: 00007ffdf684c148 / 0x00dc148: 00 != cc 27c8.36b8: 00007ffdf684c890 / 0x00dc890: 48 != e9 27c8.36b8: 00007ffdf684c891 / 0x00dc891: 8b != 69 27c8.36b8: 00007ffdf684c892 / 0x00dc892: c4 != 39 27c8.36b8: 00007ffdf684c893 / 0x00dc893: 48 != 12 27c8.36b8: 00007ffdf684c894 / 0x00dc894: 89 != 00 27c8.36b8: 00007ffdf684c895 / 0x00dc895: 58 != cc 27c8.36b8: 00007ffdf684c896 / 0x00dc896: 08 != cc 27c8.36b8: Restored 0x2000 bytes of original file content at 00007ffdf684abde 27c8.36b8: kernel32.dll: Differences in section #1 (.text) between file and memory: 27c8.36b8: 00007ffdf6412430 / 0x0022430: 4c != e9 27c8.36b8: 00007ffdf6412431 / 0x0022431: 8b != 62 27c8.36b8: 00007ffdf6412432 / 0x0022432: dc != de 27c8.36b8: 00007ffdf6412433 / 0x0022433: 53 != 55 27c8.36b8: 00007ffdf6412434 / 0x0022434: 56 != 00 27c8.36b8: Restored 0x2000 bytes of original file content at 00007ffdf6411000 27c8.36b8: kernel32.dll: Differences in section #1 (.text) between file and memory: 27c8.36b8: 00007ffdf6417420 / 0x0027420: 89 != e9 27c8.36b8: 00007ffdf6417421 / 0x0027421: 54 != 08 27c8.36b8: 00007ffdf6417422 / 0x0027422: 24 != 92 27c8.36b8: 00007ffdf6417423 / 0x0027423: 10 != 55 27c8.36b8: 00007ffdf6417424 / 0x0027424: 89 != 00 27c8.36b8: 00007ffdf6417425 / 0x0027425: 4c != cc 27c8.36b8: 00007ffdf6417426 / 0x0027426: 24 != cc 27c8.36b8: 00007ffdf6417427 / 0x0027427: 08 != cc 27c8.36b8: Restored 0x2000 bytes of original file content at 00007ffdf6417000 27c8.36b8: kernel32.dll: Differences in section #1 (.text) between file and memory: 27c8.36b8: 00007ffdf64523d0 / 0x00623d0: 48 != e9 27c8.36b8: 00007ffdf64523d1 / 0x00623d1: 8b != 51 27c8.36b8: 00007ffdf64523d2 / 0x00623d2: c4 != e9 27c8.36b8: 00007ffdf64523d3 / 0x00623d3: 48 != 51 27c8.36b8: 00007ffdf64523d4 / 0x00623d4: 89 != 00 27c8.36b8: 00007ffdf64523d5 / 0x00623d5: 58 != cc 27c8.36b8: 00007ffdf64523d6 / 0x00623d6: 08 != cc 27c8.36b8: Restored 0x2000 bytes of original file content at 00007ffdf6451000 27c8.36b8: kernel32.dll: Differences in section #1 (.text) between file and memory: 27c8.36b8: 00007ffdf6453a80 / 0x0063a80: 48 != e9 27c8.36b8: 00007ffdf6453a81 / 0x0063a81: 83 != a7 27c8.36b8: 00007ffdf6453a82 / 0x0063a82: ec != cc 27c8.36b8: 00007ffdf6453a83 / 0x0063a83: 38 != 51 27c8.36b8: 00007ffdf6453a84 / 0x0063a84: 48 != 00 27c8.36b8: 00007ffdf6453a85 / 0x0063a85: 83 != cc 27c8.36b8: 00007ffdf6453a86 / 0x0063a86: 64 != cc 27c8.36b8: 00007ffdf6453a87 / 0x0063a87: 24 != cc 27c8.36b8: 00007ffdf6453a88 / 0x0063a88: 28 != cc 27c8.36b8: 00007ffdf6453a89 / 0x0063a89: 00 != cc 27c8.36b8: 00007ffdf6453b90 / 0x0063b90: 48 != e9 27c8.36b8: 00007ffdf6453b91 / 0x0063b91: 83 != fd 27c8.36b8: 00007ffdf6453b92 / 0x0063b92: ec != cb 27c8.36b8: 00007ffdf6453b93 / 0x0063b93: 38 != 51 27c8.36b8: 00007ffdf6453b94 / 0x0063b94: 48 != 00 27c8.36b8: 00007ffdf6453b95 / 0x0063b95: 83 != cc 27c8.36b8: 00007ffdf6453b96 / 0x0063b96: 64 != cc 27c8.36b8: 00007ffdf6453b97 / 0x0063b97: 24 != cc 27c8.36b8: 00007ffdf6453b98 / 0x0063b98: 28 != cc 27c8.36b8: 00007ffdf6453b99 / 0x0063b99: 00 != cc 27c8.36b8: 00007ffdf6454e50 / 0x0064e50: 48 != e9 27c8.36b8: 00007ffdf6454e51 / 0x0064e51: 89 != 71 27c8.36b8: 00007ffdf6454e52 / 0x0064e52: 5c != b8 27c8.36b8: 00007ffdf6454e53 / 0x0064e53: 24 != 51 27c8.36b8: 00007ffdf6454e54 / 0x0064e54: 08 != 00 27c8.36b8: Restored 0x2000 bytes of original file content at 00007ffdf6453000 27c8.36b8: kernelbase.dll: Differences in section #1 (.text) between file and memory: 27c8.36b8: 00007ffdf3fe3cb0 / 0x0003cb0: 40 != e9 27c8.36b8: 00007ffdf3fe3cb1 / 0x0003cb1: 55 != 44 27c8.36b8: 00007ffdf3fe3cb2 / 0x0003cb2: 53 != ca 27c8.36b8: 00007ffdf3fe3cb3 / 0x0003cb3: 56 != 98 27c8.36b8: 00007ffdf3fe3cb4 / 0x0003cb4: 57 != 02 27c8.36b8: Restored 0x2000 bytes of original file content at 00007ffdf3fe3000 27c8.36b8: kernelbase.dll: Differences in section #1 (.text) between file and memory: 27c8.36b8: 00007ffdf3fe7140 / 0x0007140: 4c != e9 27c8.36b8: 00007ffdf3fe7141 / 0x0007141: 8b != 19 27c8.36b8: 00007ffdf3fe7142 / 0x0007142: dc != 97 27c8.36b8: 00007ffdf3fe7143 / 0x0007143: 48 != 98 27c8.36b8: 00007ffdf3fe7144 / 0x0007144: 83 != 02 27c8.36b8: 00007ffdf3fe7145 / 0x0007145: ec != cc 27c8.36b8: 00007ffdf3fe7146 / 0x0007146: 68 != cc 27c8.36b8: 00007ffdf3fe71c0 / 0x00071c0: 4c != e9 27c8.36b8: 00007ffdf3fe71c1 / 0x00071c1: 8b != 66 27c8.36b8: 00007ffdf3fe71c2 / 0x00071c2: dc != 96 27c8.36b8: 00007ffdf3fe71c3 / 0x00071c3: 48 != 98 27c8.36b8: 00007ffdf3fe71c4 / 0x00071c4: 83 != 02 27c8.36b8: 00007ffdf3fe71c5 / 0x00071c5: ec != cc 27c8.36b8: 00007ffdf3fe71c6 / 0x00071c6: 68 != cc 27c8.36b8: 00007ffdf3fe7240 / 0x0007240: 4c != e9 27c8.36b8: 00007ffdf3fe7241 / 0x0007241: 89 != 50 27c8.36b8: 00007ffdf3fe7242 / 0x0007242: 4c != 92 27c8.36b8: 00007ffdf3fe7243 / 0x0007243: 24 != 98 27c8.36b8: 00007ffdf3fe7244 / 0x0007244: 20 != 02 27c8.36b8: 00007ffdf3fe7e90 / 0x0007e90: 40 != e9 27c8.36b8: 00007ffdf3fe7e91 / 0x0007e91: 53 != 33 27c8.36b8: 00007ffdf3fe7e92 / 0x0007e92: 56 != 86 27c8.36b8: 00007ffdf3fe7e93 / 0x0007e93: 57 != 98 27c8.36b8: 00007ffdf3fe7e94 / 0x0007e94: 41 != 02 27c8.36b8: 00007ffdf3fe7e95 / 0x0007e95: 54 != cc 27c8.36b8: Restored 0x2000 bytes of original file content at 00007ffdf3fe7000 27c8.36b8: kernelbase.dll: Differences in section #1 (.text) between file and memory: 27c8.36b8: 00007ffdf3ff10c0 / 0x00110c0: 48 != e9 27c8.36b8: 00007ffdf3ff10c1 / 0x00110c1: 83 != d3 27c8.36b8: 00007ffdf3ff10c2 / 0x00110c2: ec != f0 27c8.36b8: 00007ffdf3ff10c3 / 0x00110c3: 38 != 97 27c8.36b8: 00007ffdf3ff10c4 / 0x00110c4: b8 != 02 27c8.36b8: 00007ffdf3ff10c5 / 0x00110c5: 03 != cc 27c8.36b8: 00007ffdf3ff10c6 / 0x00110c6: 00 != cc 27c8.36b8: 00007ffdf3ff10c7 / 0x00110c7: 00 != cc 27c8.36b8: 00007ffdf3ff10c8 / 0x00110c8: 00 != cc 27c8.36b8: Restored 0x2000 bytes of original file content at 00007ffdf3ff1000 27c8.36b8: kernelbase.dll: Differences in section #1 (.text) between file and memory: 27c8.36b8: 00007ffdf400a350 / 0x002a350: 40 != e9 27c8.36b8: 00007ffdf400a351 / 0x002a351: 53 != 3e 27c8.36b8: 00007ffdf400a352 / 0x002a352: 48 != 63 27c8.36b8: 00007ffdf400a353 / 0x002a353: 83 != 96 27c8.36b8: 00007ffdf400a354 / 0x002a354: ec != 02 27c8.36b8: 00007ffdf400a355 / 0x002a355: 20 != cc 27c8.36b8: Restored 0x2000 bytes of original file content at 00007ffdf4009000 27c8.36b8: kernelbase.dll: Differences in section #1 (.text) between file and memory: 27c8.36b8: 00007ffdf4011a00 / 0x0031a00: 40 != e9 27c8.36b8: 00007ffdf4011a01 / 0x0031a01: 55 != f3 27c8.36b8: 00007ffdf4011a02 / 0x0031a02: 53 != ed 27c8.36b8: 00007ffdf4011a03 / 0x0031a03: 56 != 95 27c8.36b8: 00007ffdf4011a04 / 0x0031a04: 57 != 02 27c8.36b8: 00007ffdf4011ef0 / 0x0031ef0: 4c != e9 27c8.36b8: 00007ffdf4011ef1 / 0x0031ef1: 8b != 39 27c8.36b8: 00007ffdf4011ef2 / 0x0031ef2: dc != e6 27c8.36b8: 00007ffdf4011ef3 / 0x0031ef3: 48 != 95 27c8.36b8: 00007ffdf4011ef4 / 0x0031ef4: 83 != 02 27c8.36b8: 00007ffdf4011ef5 / 0x0031ef5: ec != cc 27c8.36b8: 00007ffdf4011ef6 / 0x0031ef6: 68 != cc 27c8.36b8: Restored 0x2000 bytes of original file content at 00007ffdf4011000 27c8.36b8: kernelbase.dll: Differences in section #1 (.text) between file and memory: 27c8.36b8: 00007ffdf4014ce0 / 0x0034ce0: 40 != e9 27c8.36b8: 00007ffdf4014ce1 / 0x0034ce1: 53 != 76 27c8.36b8: 00007ffdf4014ce2 / 0x0034ce2: 48 != be 27c8.36b8: 00007ffdf4014ce3 / 0x0034ce3: 81 != 95 27c8.36b8: 00007ffdf4014ce4 / 0x0034ce4: ec != 02 27c8.36b8: 00007ffdf4014ce5 / 0x0034ce5: 80 != cc 27c8.36b8: 00007ffdf4014ce6 / 0x0034ce6: 00 != cc 27c8.36b8: 00007ffdf4014ce7 / 0x0034ce7: 00 != cc 27c8.36b8: 00007ffdf4014ce8 / 0x0034ce8: 00 != cc 27c8.36b8: 00007ffdf4014d70 / 0x0034d70: 40 != e9 27c8.36b8: 00007ffdf4014d71 / 0x0034d71: 53 != 19 27c8.36b8: 00007ffdf4014d72 / 0x0034d72: 48 != be 27c8.36b8: 00007ffdf4014d73 / 0x0034d73: 81 != 95 27c8.36b8: 00007ffdf4014d74 / 0x0034d74: ec != 02 27c8.36b8: 00007ffdf4014d75 / 0x0034d75: 80 != cc 27c8.36b8: 00007ffdf4014d76 / 0x0034d76: 00 != cc 27c8.36b8: 00007ffdf4014d77 / 0x0034d77: 00 != cc 27c8.36b8: 00007ffdf4014d78 / 0x0034d78: 00 != cc 27c8.36b8: Restored 0x2000 bytes of original file content at 00007ffdf4013000 27c8.36b8: kernelbase.dll: Differences in section #1 (.text) between file and memory: 27c8.36b8: 00007ffdf40152e0 / 0x00352e0: 4c != e9 27c8.36b8: 00007ffdf40152e1 / 0x00352e1: 8b != e4 27c8.36b8: 00007ffdf40152e2 / 0x00352e2: dc != b0 27c8.36b8: 00007ffdf40152e3 / 0x00352e3: 53 != 95 27c8.36b8: 00007ffdf40152e4 / 0x00352e4: 56 != 02 27c8.36b8: Restored 0x2000 bytes of original file content at 00007ffdf4015000 27c8.36b8: kernelbase.dll: Differences in section #1 (.text) between file and memory: 27c8.36b8: 00007ffdf40206a0 / 0x00406a0: 48 != e9 27c8.36b8: 00007ffdf40206a1 / 0x00406a1: 89 != ec 27c8.36b8: 00007ffdf40206a2 / 0x00406a2: 5c != 01 27c8.36b8: 00007ffdf40206a3 / 0x00406a3: 24 != 95 27c8.36b8: 00007ffdf40206a4 / 0x00406a4: 18 != 02 27c8.36b8: Restored 0x2000 bytes of original file content at 00007ffdf401f000 27c8.36b8: kernelbase.dll: Differences in section #1 (.text) between file and memory: 27c8.36b8: 00007ffdf402dcb0 / 0x004dcb0: 48 != e9 27c8.36b8: 00007ffdf402dcb1 / 0x004dcb1: 83 != 10 27c8.36b8: 00007ffdf402dcb2 / 0x004dcb2: ec != 2b 27c8.36b8: 00007ffdf402dcb3 / 0x004dcb3: 38 != 94 27c8.36b8: 00007ffdf402dcb4 / 0x004dcb4: 48 != 02 27c8.36b8: 00007ffdf402dcb5 / 0x004dcb5: 83 != cc 27c8.36b8: 00007ffdf402dcb6 / 0x004dcb6: 64 != cc 27c8.36b8: 00007ffdf402dcb7 / 0x004dcb7: 24 != cc 27c8.36b8: 00007ffdf402dcb8 / 0x004dcb8: 28 != cc 27c8.36b8: 00007ffdf402dcb9 / 0x004dcb9: 00 != cc 27c8.36b8: 00007ffdf402dce0 / 0x004dce0: 48 != e9 27c8.36b8: 00007ffdf402dce1 / 0x004dce1: 83 != 7a 27c8.36b8: 00007ffdf402dce2 / 0x004dce2: ec != 2a 27c8.36b8: 00007ffdf402dce3 / 0x004dce3: 38 != 94 27c8.36b8: 00007ffdf402dce4 / 0x004dce4: 48 != 02 27c8.36b8: 00007ffdf402dce5 / 0x004dce5: 83 != cc 27c8.36b8: 00007ffdf402dce6 / 0x004dce6: 64 != cc 27c8.36b8: 00007ffdf402dce7 / 0x004dce7: 24 != cc 27c8.36b8: 00007ffdf402dce8 / 0x004dce8: 28 != cc 27c8.36b8: 00007ffdf402dce9 / 0x004dce9: 00 != cc 27c8.36b8: Restored 0x2000 bytes of original file content at 00007ffdf402d000 27c8.36b8: kernelbase.dll: Differences in section #1 (.text) between file and memory: 27c8.36b8: 00007ffdf403e860 / 0x005e860: 48 != e9 27c8.36b8: 00007ffdf403e861 / 0x005e861: 8b != 28 27c8.36b8: 00007ffdf403e862 / 0x005e862: c4 != 24 27c8.36b8: 00007ffdf403e863 / 0x005e863: 48 != 93 27c8.36b8: 00007ffdf403e864 / 0x005e864: 89 != 02 27c8.36b8: 00007ffdf403e865 / 0x005e865: 58 != cc 27c8.36b8: 00007ffdf403e866 / 0x005e866: 08 != cc 27c8.36b8: Restored 0x2000 bytes of original file content at 00007ffdf403d000 27c8.36b8: kernelbase.dll: Differences in section #1 (.text) between file and memory: 27c8.36b8: 00007ffdf404c370 / 0x006c370: 40 != e9 27c8.36b8: 00007ffdf404c371 / 0x006c371: 53 != ef 27c8.36b8: 00007ffdf404c372 / 0x006c372: 48 != 3e 27c8.36b8: 00007ffdf404c373 / 0x006c373: 83 != 92 27c8.36b8: 00007ffdf404c374 / 0x006c374: ec != 02 27c8.36b8: 00007ffdf404c375 / 0x006c375: 30 != cc 27c8.36b8: Restored 0x2000 bytes of original file content at 00007ffdf404b000 27c8.36b8: kernelbase.dll: Differences in section #1 (.text) between file and memory: 27c8.36b8: 00007ffdf404d250 / 0x006d250: 48 != e9 27c8.36b8: 00007ffdf404d251 / 0x006d251: 89 != d2 27c8.36b8: 00007ffdf404d252 / 0x006d252: 5c != 39 27c8.36b8: 00007ffdf404d253 / 0x006d253: 24 != 92 27c8.36b8: 00007ffdf404d254 / 0x006d254: 10 != 02 27c8.36b8: Restored 0x2000 bytes of original file content at 00007ffdf404d000 27c8.36b8: kernelbase.dll: Differences in section #1 (.text) between file and memory: 27c8.36b8: 00007ffdf404fc80 / 0x006fc80: 48 != e9 27c8.36b8: 00007ffdf404fc81 / 0x006fc81: 89 != ac 27c8.36b8: 00007ffdf404fc82 / 0x006fc82: 5c != 05 27c8.36b8: 00007ffdf404fc83 / 0x006fc83: 24 != 92 27c8.36b8: 00007ffdf404fc84 / 0x006fc84: 08 != 02 27c8.36b8: Restored 0x2000 bytes of original file content at 00007ffdf404f000 27c8.36b8: kernelbase.dll: Differences in section #1 (.text) between file and memory: 27c8.36b8: 00007ffdf4053c80 / 0x0073c80: 48 != e9 27c8.36b8: 00007ffdf4053c81 / 0x0073c81: 8b != 0f 27c8.36b8: 00007ffdf4053c82 / 0x0073c82: c4 != c9 27c8.36b8: 00007ffdf4053c83 / 0x0073c83: 48 != 91 27c8.36b8: 00007ffdf4053c84 / 0x0073c84: 89 != 02 27c8.36b8: 00007ffdf4053c85 / 0x0073c85: 58 != cc 27c8.36b8: 00007ffdf4053c86 / 0x0073c86: 08 != cc 27c8.36b8: 00007ffdf4054e60 / 0x0074e60: 89 != e9 27c8.36b8: 00007ffdf4054e61 / 0x0074e61: 4c != 8f 27c8.36b8: 00007ffdf4054e62 / 0x0074e62: 24 != bd 27c8.36b8: 00007ffdf4054e63 / 0x0074e63: 08 != 91 27c8.36b8: 00007ffdf4054e64 / 0x0074e64: 48 != 02 27c8.36b8: 00007ffdf4054e65 / 0x0074e65: 83 != cc 27c8.36b8: 00007ffdf4054e66 / 0x0074e66: ec != cc 27c8.36b8: 00007ffdf4054e67 / 0x0074e67: 38 != cc 27c8.36b8: Restored 0x2000 bytes of original file content at 00007ffdf4053000 27c8.36b8: kernelbase.dll: Differences in section #1 (.text) between file and memory: 27c8.36b8: 00007ffdf4058c30 / 0x0078c30: 48 != e9 27c8.36b8: 00007ffdf4058c31 / 0x0078c31: 89 != 8f 27c8.36b8: 00007ffdf4058c32 / 0x0078c32: 5c != 7c 27c8.36b8: 00007ffdf4058c33 / 0x0078c33: 24 != 91 27c8.36b8: 00007ffdf4058c34 / 0x0078c34: 08 != 02 27c8.36b8: Restored 0x2000 bytes of original file content at 00007ffdf4057000 27c8.36b8: kernelbase.dll: Differences in section #1 (.text) between file and memory: 27c8.36b8: 00007ffdf4059c10 / 0x0079c10: 45 != e9 27c8.36b8: 00007ffdf4059c11 / 0x0079c11: 33 != e2 27c8.36b8: 00007ffdf4059c12 / 0x0079c12: c0 != 6c 27c8.36b8: 00007ffdf4059c13 / 0x0079c13: 33 != 91 27c8.36b8: 00007ffdf4059c14 / 0x0079c14: d2 != 02 27c8.36b8: Restored 0x2000 bytes of original file content at 00007ffdf4059000 27c8.36b8: kernelbase.dll: Differences in section #1 (.text) between file and memory: 27c8.36b8: 00007ffdf405c800 / 0x007c800: 48 != e9 27c8.36b8: 00007ffdf405c801 / 0x007c801: 89 != bc 27c8.36b8: 00007ffdf405c802 / 0x007c802: 5c != 43 27c8.36b8: 00007ffdf405c803 / 0x007c803: 24 != 91 27c8.36b8: 00007ffdf405c804 / 0x007c804: 08 != 02 27c8.36b8: 00007ffdf405cd50 / 0x007cd50: 48 != e9 27c8.36b8: 00007ffdf405cd51 / 0x007cd51: 89 != d5 27c8.36b8: 00007ffdf405cd52 / 0x007cd52: 5c != 3b 27c8.36b8: 00007ffdf405cd53 / 0x007cd53: 24 != 91 27c8.36b8: 00007ffdf405cd54 / 0x007cd54: 08 != 02 27c8.36b8: Restored 0x2000 bytes of original file content at 00007ffdf405b000 27c8.36b8: kernelbase.dll: Differences in section #1 (.text) between file and memory: 27c8.36b8: 00007ffdf40dd390 / 0x00fd390: 48 != e9 27c8.36b8: 00007ffdf40dd391 / 0x00fd391: 83 != d0 27c8.36b8: 00007ffdf40dd392 / 0x00fd392: ec != 2d 27c8.36b8: 00007ffdf40dd393 / 0x00fd393: 38 != 89 27c8.36b8: 00007ffdf40dd394 / 0x00fd394: b8 != 02 27c8.36b8: 00007ffdf40dd395 / 0x00fd395: 03 != cc 27c8.36b8: 00007ffdf40dd396 / 0x00fd396: 00 != cc 27c8.36b8: 00007ffdf40dd397 / 0x00fd397: 00 != cc 27c8.36b8: 00007ffdf40dd398 / 0x00fd398: 00 != cc 27c8.36b8: 00007ffdf40dd3c0 / 0x00fd3c0: 48 != e9 27c8.36b8: 00007ffdf40dd3c1 / 0x00fd3c1: 83 != 3a 27c8.36b8: 00007ffdf40dd3c2 / 0x00fd3c2: ec != 2d 27c8.36b8: 00007ffdf40dd3c3 / 0x00fd3c3: 38 != 89 27c8.36b8: 00007ffdf40dd3c4 / 0x00fd3c4: 33 != 02 27c8.36b8: 00007ffdf40dd3c5 / 0x00fd3c5: c0 != cc 27c8.36b8: 00007ffdf40dd440 / 0x00fd440: 48 != e9 27c8.36b8: 00007ffdf40dd441 / 0x00fd441: 83 != ed 27c8.36b8: 00007ffdf40dd442 / 0x00fd442: ec != 2c 27c8.36b8: 00007ffdf40dd443 / 0x00fd443: 38 != 89 27c8.36b8: 00007ffdf40dd444 / 0x00fd444: 33 != 02 27c8.36b8: 00007ffdf40dd445 / 0x00fd445: c0 != cc 27c8.36b8: 00007ffdf40dd8c0 / 0x00fd8c0: 40 != e9 27c8.36b8: 00007ffdf40dd8c1 / 0x00fd8c1: 53 != 98 27c8.36b8: 00007ffdf40dd8c2 / 0x00fd8c2: 48 != 30 27c8.36b8: 00007ffdf40dd8c3 / 0x00fd8c3: 81 != 89 27c8.36b8: 00007ffdf40dd8c4 / 0x00fd8c4: ec != 02 27c8.36b8: 00007ffdf40dd8c5 / 0x00fd8c5: 90 != cc 27c8.36b8: 00007ffdf40dd8c6 / 0x00fd8c6: 00 != cc 27c8.36b8: 00007ffdf40dd8c7 / 0x00fd8c7: 00 != cc 27c8.36b8: 00007ffdf40dd8c8 / 0x00fd8c8: 00 != cc 27c8.36b8: 00007ffdf40de270 / 0x00fe270: 40 != e9 27c8.36b8: 00007ffdf40de271 / 0x00fe271: 53 != 24 27c8.36b8: 00007ffdf40de272 / 0x00fe272: 48 != 1e 27c8.36b8: 00007ffdf40de273 / 0x00fe273: 83 != 89 27c8.36b8: 00007ffdf40de274 / 0x00fe274: ec != 02 27c8.36b8: 00007ffdf40de275 / 0x00fe275: 30 != cc 27c8.36b8: 00007ffdf40de4b0 / 0x00fe4b0: 40 != e9 27c8.36b8: 00007ffdf40de4b1 / 0x00fe4b1: 53 != 17 27c8.36b8: 00007ffdf40de4b2 / 0x00fe4b2: 48 != 1c 27c8.36b8: 00007ffdf40de4b3 / 0x00fe4b3: 83 != 89 27c8.36b8: 00007ffdf40de4b4 / 0x00fe4b4: ec != 02 27c8.36b8: 00007ffdf40de4b5 / 0x00fe4b5: 30 != cc 27c8.36b8: Restored 0x2000 bytes of original file content at 00007ffdf40dd000 27c8.36b8: kernelbase.dll: Differences in section #1 (.text) between file and memory: 27c8.36b8: 00007ffdf40e65a0 / 0x01065a0: 4c != e9 27c8.36b8: 00007ffdf40e65a1 / 0x01065a1: 8b != f1 27c8.36b8: 00007ffdf40e65a2 / 0x01065a2: dc != 9d 27c8.36b8: 00007ffdf40e65a3 / 0x01065a3: 48 != 88 27c8.36b8: 00007ffdf40e65a4 / 0x01065a4: 83 != 02 27c8.36b8: 00007ffdf40e65a5 / 0x01065a5: ec != cc 27c8.36b8: 00007ffdf40e65a6 / 0x01065a6: 48 != cc 27c8.36b8: Restored 0x2000 bytes of original file content at 00007ffdf40e5000 27c8.36b8: kernelbase.dll: Differences in section #1 (.text) between file and memory: 27c8.36b8: 00007ffdf40ea490 / 0x010a490: 48 != e9 27c8.36b8: 00007ffdf40ea491 / 0x010a491: 8b != c5 27c8.36b8: 00007ffdf40ea492 / 0x010a492: c4 != 67 27c8.36b8: 00007ffdf40ea493 / 0x010a493: 48 != 88 27c8.36b8: 00007ffdf40ea494 / 0x010a494: 89 != 02 27c8.36b8: 00007ffdf40ea495 / 0x010a495: 58 != cc 27c8.36b8: 00007ffdf40ea496 / 0x010a496: 08 != cc 27c8.36b8: Restored 0x2000 bytes of original file content at 00007ffdf40e9000 27c8.36b8: supR3HardenedWinInit: SUPHARDNTVPKIND_SELF_PURIFICATION_LIMITED -> VINF_SUCCESS, cFixes=28 27c8.36b8: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202 27c8.36b8: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports 27c8.36b8: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe) 27c8.36b8: supR3HardNtEnableThreadCreationEx: 27c8.36b8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffdf67e4b00 pvNtTerminateThread=00007ffdf680d7c0 27c8.36b8: supR3HardenedWinDoReSpawn(1): New child 6558.2ef4 [kernel32]. 27c8.36b8: supR3HardNtChildGatherData: PebBaseAddress=0000000000501000 cbPeb=0x388 27c8.36b8: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffdf6770000 uNtDllChildAddr=00007ffdf6770000 27c8.36b8: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffdf67e4b00 27c8.36b8: supR3HardenedWinSetupChildInit: Initial context: rax=0000000000000000 rbx=0000000000000000 rcx=00007ff7ac767900 rdx=0000000000501000 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000 rip=00007ffdf67c2630 rsp=00000000003afaf8 rbp=0000000000000000 ctxflags=0010001b cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000 27c8.36b8: supR3HardenedWinSetupChildInit: Start child. 27c8.36b8: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. 27c8.36b8: supR3HardNtChildPurify: Startup delay kludge #1/0: 266 ms, 17 sleeps 27c8.36b8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 27c8.36b8: *0000000000000000-000000000026ffff 0x0001/0x0000 0x0000000 27c8.36b8: *0000000000270000-000000000028ffff 0x0004/0x0004 0x0020000 27c8.36b8: *0000000000290000-00000000002acfff 0x0002/0x0002 0x0040000 27c8.36b8: 00000000002ad000-00000000002affff 0x0001/0x0000 0x0000000 27c8.36b8: *00000000002b0000-00000000003aafff 0x0000/0x0004 0x0020000 27c8.36b8: 00000000003ab000-00000000003adfff 0x0104/0x0004 0x0020000 27c8.36b8: 00000000003ae000-00000000003affff 0x0004/0x0004 0x0020000 27c8.36b8: *00000000003b0000-00000000003b3fff 0x0002/0x0002 0x0040000 27c8.36b8: 00000000003b4000-00000000003bffff 0x0001/0x0000 0x0000000 27c8.36b8: *00000000003c0000-00000000003c1fff 0x0004/0x0004 0x0020000 27c8.36b8: 00000000003c2000-00000000003fffff 0x0001/0x0000 0x0000000 27c8.36b8: *0000000000400000-0000000000500fff 0x0000/0x0004 0x0020000 27c8.36b8: 0000000000501000-0000000000503fff 0x0004/0x0004 0x0020000 27c8.36b8: 0000000000504000-00000000005fffff 0x0000/0x0004 0x0020000 27c8.36b8: 0000000000600000-000000007ffdffff 0x0001/0x0000 0x0000000 27c8.36b8: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 27c8.36b8: 000000007ffe1000-000000007ffeafff 0x0001/0x0000 0x0000000 27c8.36b8: *000000007ffeb000-000000007ffebfff 0x0002/0x0002 0x0020000 27c8.36b8: 000000007ffec000-00007ff54788ffff 0x0001/0x0000 0x0000000 27c8.36b8: *00007ff547890000-00007ff547890fff 0x0020/0x0004 0x0020000 !! 27c8.36b8: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 00007ff547890000 (LB 0x1000, 00007ff547890000 LB 0x1000) 27c8.36b8: 0000000001719570/0000: 16 00 20 00 00 00 00 00-10 00 89 47 f5 7f 00 00 .. ........G.... 0000000001719580/0010: 61 00 74 00 63 00 75 00-66 00 36 00 34 00 2e 00 a.t.c.u.f.6.4... 0000000001719590/0020: 64 00 6c 00 6c 00 00 00-00 00 00 00 00 00 00 00 d.l.l........... 00000000017195a0/0030: 43 00 3a 00 5c 00 50 00-72 00 6f 00 67 00 72 00 C.:.\.P.r.o.g.r. 00000000017195b0/0040: 61 00 6d 00 20 00 46 00-69 00 6c 00 65 00 73 00 a.m. .F.i.l.e.s. 00000000017195c0/0050: 5c 00 42 00 69 00 74 00-64 00 65 00 66 00 65 00 \.B.i.t.d.e.f.e. 00000000017195d0/0060: 6e 00 64 00 65 00 72 00-20 00 41 00 6e 00 74 00 n.d.e.r. .A.n.t. 00000000017195e0/0070: 69 00 76 00 69 00 72 00-75 00 73 00 20 00 46 00 i.v.i.r.u.s. .F. 00000000017195f0/0080: 72 00 65 00 65 00 5c 00-61 00 74 00 63 00 75 00 r.e.e.\.a.t.c.u. 0000000001719600/0090: 66 00 5c 00 64 00 6c 00-6c 00 73 00 5f 00 32 00 f.\.d.l.l.s._.2. 0000000001719610/00a0: 36 00 35 00 36 00 39 00-31 00 32 00 36 00 37 00 6.5.6.9.1.2.6.7. 0000000001719620/00b0: 30 00 35 00 32 00 36 00-39 00 36 00 34 00 35 00 0.5.2.6.9.6.4.5. 0000000001719630/00c0: 34 00 5c 00 00 00 00 00-00 00 00 00 00 00 00 00 4.\............. 0000000001719640/00d0: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................ 0000000001719650/00e0: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................ 0000000001719660/00f0: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................ 27c8.36b8: 0000000001719970/0000: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................ **************** **** <ditto x 2> 00000000017199a0/0030: 16 00 20 00 00 00 00 00-40 04 89 47 f5 7f 00 00 .. .....@..G.... 00000000017199b0/0040: 62 00 64 00 68 00 6b 00-6d 00 36 00 34 00 2e 00 b.d.h.k.m.6.4... 00000000017199c0/0050: 64 00 6c 00 6c 00 00 00-00 00 00 00 00 00 00 00 d.l.l........... 00000000017199d0/0060: 43 00 3a 00 5c 00 50 00-72 00 6f 00 67 00 72 00 C.:.\.P.r.o.g.r. 00000000017199e0/0070: 61 00 6d 00 20 00 46 00-69 00 6c 00 65 00 73 00 a.m. .F.i.l.e.s. 00000000017199f0/0080: 5c 00 42 00 69 00 74 00-64 00 65 00 66 00 65 00 \.B.i.t.d.e.f.e. 0000000001719a00/0090: 6e 00 64 00 65 00 72 00-20 00 41 00 6e 00 74 00 n.d.e.r. .A.n.t. 0000000001719a10/00a0: 69 00 76 00 69 00 72 00-75 00 73 00 20 00 46 00 i.v.i.r.u.s. .F. 0000000001719a20/00b0: 72 00 65 00 65 00 5c 00-62 00 64 00 68 00 6b 00 r.e.e.\.b.d.h.k. 0000000001719a30/00c0: 6d 00 5c 00 64 00 6c 00-6c 00 73 00 5f 00 32 00 m.\.d.l.l.s._.2. 0000000001719a40/00d0: 36 00 35 00 36 00 39 00-31 00 32 00 36 00 37 00 6.5.6.9.1.2.6.7. 0000000001719a50/00e0: 30 00 36 00 32 00 37 00-32 00 32 00 31 00 37 00 0.6.2.7.2.2.1.7. 0000000001719a60/00f0: 37 00 5c 00 00 00 00 00-00 00 00 00 00 00 00 00 7.\............. 27c8.36b8: 0000000001719d70/0000: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................ **************** **** <ditto x 5> 0000000001719dd0/0060: 10 6a 78 f6 fd 7f 00 00-60 d7 80 f6 fd 7f 00 00 .jx.....`....... 0000000001719de0/0070: 48 89 5c 24 10 56 57 41-56 48 81 ec d0 00 00 00 H.\$.VWAVH...... 0000000001719df0/0080: 48 83 ec 38 56 57 51 52-41 50 41 51 48 83 ec 40 H..8VWQRAPAQH..@ 0000000001719e00/0090: 48 b9 ff ff ff ff ff ff-ff ff 48 8b 15 bf ff ff H.........H..... 0000000001719e10/00a0: ff 48 89 54 24 38 48 8d-54 24 38 48 c7 44 24 28 .H.T$8H.T$8H.D$( 0000000001719e20/00b0: 10 00 00 00 4c 8d 44 24-28 49 c7 c1 04 00 00 00 ....L.D$(I...... 0000000001719e30/00c0: 48 8d 7c 24 30 48 89 7c-24 20 48 8b 05 97 ff ff H.|$0H.|$ H..... 0000000001719e40/00d0: ff ff d0 85 c0 0f 88 00-01 00 00 48 8d 35 8e ff ...........H.5.. 0000000001719e50/00e0: ff ff 48 8b 3d 77 ff ff-ff 48 c7 c1 10 00 00 00 ..H.=w...H...... 0000000001719e60/00f0: fc f3 a4 48 b9 ff ff ff-ff ff ff ff ff 48 8b 15 ...H.........H.. 27c8.36b8: 0000000001719e70/0000: 5c ff ff ff 48 89 54 24-38 48 8d 54 24 38 48 c7 \...H.T$8H.T$8H. 0000000001719e80/0010: 44 24 28 10 00 00 00 4c-8d 44 24 28 4c 8b 4c 24 D$(....L.D$(L.L$ 0000000001719e90/0020: 30 48 8d 7c 24 30 48 89-7c 24 20 48 8b 05 36 ff 0H.|$0H.|$ H..6. 0000000001719ea0/0030: ff ff ff d0 85 c0 0f 88-9f 00 00 00 48 83 c4 40 ............H..@ 0000000001719eb0/0040: 41 59 41 58 5a 59 5f 5e-48 8b 05 11 ff ff ff 48 AYAXZY_^H......H 0000000001719ec0/0050: 83 ec 20 ff d0 48 83 c4-20 85 c0 0f 88 86 00 00 .. ..H.. ....... 0000000001719ed0/0060: 00 65 48 8b 0c 25 60 00-00 00 ba 00 01 00 02 85 .eH..%`......... 0000000001719ee0/0070: 91 bc 00 00 00 75 70 48-8d 0d e2 fa ff ff 48 c7 .....upH......H. 0000000001719ef0/0080: c2 00 00 00 00 4c 8d 05-a4 fa ff ff 4c 8d 4c 24 .....L......L.L$ 0000000001719f00/0090: 20 48 8b 05 c8 fe ff ff-48 83 ec 20 ff d0 48 83 H......H.. ..H. 0000000001719f10/00a0: c4 20 85 c0 74 05 48 31-c0 eb 3c 48 8d 0d 7e f6 . ..t.H1..<H..~. 0000000001719f20/00b0: ff ff 48 c7 c2 00 00 00-00 4c 8d 05 40 f6 ff ff ..H......L..@... 0000000001719f30/00c0: 4c 8d 4c 24 20 48 8b 05-94 fe ff ff 48 83 ec 20 L.L$ H......H.. 0000000001719f40/00d0: ff d0 48 83 c4 20 48 31-c0 eb 0c 48 83 c4 40 41 ..H.. H1...H..@A 0000000001719f50/00e0: 59 41 58 5a 59 5f 5e 48-83 c4 38 c3 00 00 00 00 YAXZY_^H..8..... 0000000001719f60/00f0: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................ 27c8.36b8: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [00007ff547890000/00007ff547890000 LB 0/0x1000] 27c8.36b8: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/00007ff547890000 LB 0x10000 s=0x10000 ap=0x0 rp=0x00000000000001 27c8.36b8: 00007ff547891000-00007ff54789ffff 0x0001/0x0000 0x0000000 27c8.36b8: *00007ff5478a0000-00007ff5478a0fff 0x0002/0x0002 0x0040000 27c8.36b8: 00007ff5478a1000-00007ff5478affff 0x0001/0x0000 0x0000000 27c8.36b8: *00007ff5478b0000-00007ff5478d2fff 0x0002/0x0002 0x0040000 27c8.36b8: 00007ff5478d3000-00007ff7ac75ffff 0x0001/0x0000 0x0000000 27c8.36b8: *00007ff7ac760000-00007ff7ac760fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 27c8.36b8: 00007ff7ac761000-00007ff7ac7d7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 27c8.36b8: 00007ff7ac7d8000-00007ff7ac7d8fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 27c8.36b8: 00007ff7ac7d9000-00007ff7ac821fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 27c8.36b8: 00007ff7ac822000-00007ff7ac822fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 27c8.36b8: 00007ff7ac823000-00007ff7ac823fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 27c8.36b8: 00007ff7ac824000-00007ff7ac828fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 27c8.36b8: 00007ff7ac829000-00007ff7ac829fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 27c8.36b8: 00007ff7ac82a000-00007ff7ac82afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 27c8.36b8: 00007ff7ac82b000-00007ff7ac82efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 27c8.36b8: 00007ff7ac82f000-00007ff7ac877fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 27c8.36b8: 00007ff7ac878000-00007ffdf676ffff 0x0001/0x0000 0x0000000 27c8.36b8: *00007ffdf6770000-00007ffdf6770fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 27c8.36b8: 00007ffdf6771000-00007ffdf688bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 27c8.36b8: 00007ffdf688c000-00007ffdf68d3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 27c8.36b8: 00007ffdf68d4000-00007ffdf68dffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 27c8.36b8: 00007ffdf68e0000-00007ffdf68eefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 27c8.36b8: 00007ffdf68ef000-00007ffdf68effff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 27c8.36b8: 00007ffdf68f0000-00007ffdf68f2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 27c8.36b8: 00007ffdf68f3000-00007ffdf6964fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 27c8.36b8: 00007ffdf6965000-00007ffffffeffff 0x0001/0x0000 0x0000000 27c8.36b8: ntdll.dll: Differences in section #1 (.text) between file and memory: 27c8.36b8: 00007ffdf6786a11 / 0x0016a11: 89 != b8 27c8.36b8: 00007ffdf6786a12 / 0x0016a12: 5c != 80 27c8.36b8: 00007ffdf6786a13 / 0x0016a13: 24 != 08 27c8.36b8: 00007ffdf6786a14 / 0x0016a14: 10 != 89 27c8.36b8: 00007ffdf6786a15 / 0x0016a15: 56 != 47 27c8.36b8: 00007ffdf6786a16 / 0x0016a16: 57 != f5 27c8.36b8: 00007ffdf6786a17 / 0x0016a17: 41 != 7f 27c8.36b8: 00007ffdf6786a18 / 0x0016a18: 56 != 00 27c8.36b8: 00007ffdf6786a19 / 0x0016a19: 48 != 00 27c8.36b8: 00007ffdf6786a1a / 0x0016a1a: 81 != ff 27c8.36b8: 00007ffdf6786a1b / 0x0016a1b: ec != e0 27c8.36b8: Restored 0x2000 bytes of original file content at 00007ffdf6785000 27c8.36b8: supR3HardNtChildPurify: cFixes=2 g_fSupAdversaries=0x80000000 27c8.36b8: supR3HardNtChildPurify: Startup delay kludge #1/1: 528 ms, 34 sleeps 27c8.36b8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 27c8.36b8: *0000000000000000-000000000026ffff 0x0001/0x0000 0x0000000 27c8.36b8: *0000000000270000-000000000028ffff 0x0004/0x0004 0x0020000 27c8.36b8: *0000000000290000-00000000002acfff 0x0002/0x0002 0x0040000 27c8.36b8: 00000000002ad000-00000000002affff 0x0001/0x0000 0x0000000 27c8.36b8: *00000000002b0000-00000000003aafff 0x0000/0x0004 0x0020000 27c8.36b8: 00000000003ab000-00000000003adfff 0x0104/0x0004 0x0020000 27c8.36b8: 00000000003ae000-00000000003affff 0x0004/0x0004 0x0020000 27c8.36b8: *00000000003b0000-00000000003b3fff 0x0002/0x0002 0x0040000 27c8.36b8: 00000000003b4000-00000000003bffff 0x0001/0x0000 0x0000000 27c8.36b8: *00000000003c0000-00000000003c1fff 0x0004/0x0004 0x0020000 27c8.36b8: 00000000003c2000-00000000003fffff 0x0001/0x0000 0x0000000 27c8.36b8: *0000000000400000-0000000000500fff 0x0000/0x0004 0x0020000 27c8.36b8: 0000000000501000-0000000000503fff 0x0004/0x0004 0x0020000 27c8.36b8: 0000000000504000-00000000005fffff 0x0000/0x0004 0x0020000 27c8.36b8: 0000000000600000-000000007ffdffff 0x0001/0x0000 0x0000000 27c8.36b8: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 27c8.36b8: 000000007ffe1000-000000007ffeafff 0x0001/0x0000 0x0000000 27c8.36b8: *000000007ffeb000-000000007ffebfff 0x0002/0x0002 0x0020000 27c8.36b8: 000000007ffec000-00007ff54789ffff 0x0001/0x0000 0x0000000 27c8.36b8: *00007ff5478a0000-00007ff5478a0fff 0x0002/0x0002 0x0040000 27c8.36b8: 00007ff5478a1000-00007ff5478affff 0x0001/0x0000 0x0000000 27c8.36b8: *00007ff5478b0000-00007ff5478d2fff 0x0002/0x0002 0x0040000 27c8.36b8: 00007ff5478d3000-00007ff7ac75ffff 0x0001/0x0000 0x0000000 27c8.36b8: *00007ff7ac760000-00007ff7ac760fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 27c8.36b8: 00007ff7ac761000-00007ff7ac7d7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 27c8.36b8: 00007ff7ac7d8000-00007ff7ac7d8fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 27c8.36b8: 00007ff7ac7d9000-00007ff7ac821fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 27c8.36b8: 00007ff7ac822000-00007ff7ac82efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 27c8.36b8: 00007ff7ac82f000-00007ff7ac877fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 27c8.36b8: 00007ff7ac878000-00007ffdf676ffff 0x0001/0x0000 0x0000000 27c8.36b8: *00007ffdf6770000-00007ffdf6770fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 27c8.36b8: 00007ffdf6771000-00007ffdf688bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 27c8.36b8: 00007ffdf688c000-00007ffdf68d3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 27c8.36b8: 00007ffdf68d4000-00007ffdf68d7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 27c8.36b8: 00007ffdf68d8000-00007ffdf68dffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 27c8.36b8: 00007ffdf68e0000-00007ffdf68eefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 27c8.36b8: 00007ffdf68ef000-00007ffdf68effff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 27c8.36b8: 00007ffdf68f0000-00007ffdf68f2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 27c8.36b8: 00007ffdf68f3000-00007ffdf6964fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 27c8.36b8: 00007ffdf6965000-00007ffffffeffff 0x0001/0x0000 0x0000000 27c8.36b8: supR3HardNtChildPurify: Done after 812 ms and 2 fixes (loop #1). 6558.2ef4: Log file opened: 6.1.30r148432 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa04a6400 6558.2ef4: supR3HardenedVmProcessInit: uNtDllAddr=00007ffdf6770000 g_uNtVerCombined=0xa04a6400 (stack ~00000000003af588) 6558.2ef4: ntdll.dll: timestamp 0xa280d1d6 (rc=VINF_SUCCESS) 27c8.36b8: supR3HardNtEnableThreadCreationEx: 6558.2ef4: New simple heap: #1 0000000000700000 LB 0x400000 (for 2052096 allocation) 6558.2ef4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' 6558.2ef4: System32: \Device\HarddiskVolume3\Windows\System32 6558.2ef4: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS 6558.2ef4: KnownDllPath: C:\WINDOWS\System32 6558.2ef4: supR3HardenedVmProcessInit: Opening vboxdrv stub... 6558.2ef4: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 6558.2ef4: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 6558.2ef4: Registered Dll notification callback with NTDLL. 6558.2ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll) 6558.2ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll 6558.2ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling] 6558.2ef4: supR3HardenedDllNotificationCallback: load 00007ffdf3fe0000 LB 0x002c8000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0] 6558.2ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll) 6558.2ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll 6558.2ef4: supR3HardenedDllNotificationCallback: load 00007ffdf63f0000 LB 0x000be000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0] 6558.2ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 6558.2ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf63f0000 'C:\WINDOWS\System32\KERNEL32.DLL' 6558.2ef4: supR3HardenedDllNotificationCallback: load 00007ff7ac760000 LB 0x00118000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0] 6558.2ef4: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202 6558.2ef4: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports 6558.2ef4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe) 6558.2ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 6558.2ef4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffdf67e4b00 pvNtTerminateThread=00007ffdf680d7c0 27c8.36b8: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 83 ms. 6558.2ef4: \SystemRoot\System32\ntdll.dll: 6558.2ef4: CreationTime: 2021-10-06T13:39:54.967473200Z 6558.2ef4: LastWriteTime: 2021-10-06T13:39:55.014335100Z 6558.2ef4: ChangeTime: 2021-12-17T09:52:47.850888900Z 6558.2ef4: FileAttributes: 0x20 6558.2ef4: Size: 0x1ee520 6558.2ef4: NT Headers: 0xe8 6558.2ef4: Timestamp: 0xa280d1d6 6558.2ef4: Machine: 0x8664 - amd64 6558.2ef4: Timestamp: 0xa280d1d6 6558.2ef4: Image Version: 10.0 6558.2ef4: SizeOfImage: 0x1f5000 (2052096) 6558.2ef4: Resource Dir: 0x184000 LB 0x6fdc8 6558.2ef4: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 6558.2ef4: [Raw version resource data: 0x1840f0 LB 0x380, codepage 0x0 (reserved 0x0)] 6558.2ef4: ProductName: Microsoft® Windows® Operating System 6558.2ef4: ProductVersion: 10.0.19041.1288 6558.2ef4: FileVersion: 10.0.19041.1288 (WinBuild.160101.0800) 6558.2ef4: FileDescription: NT Layer DLL 6558.2ef4: \SystemRoot\System32\kernel32.dll: 6558.2ef4: CreationTime: 2021-12-02T15:03:52.492099300Z 6558.2ef4: LastWriteTime: 2021-12-02T15:03:52.505102200Z 6558.2ef4: ChangeTime: 2021-12-17T09:52:47.655061900Z 6558.2ef4: FileAttributes: 0x20 6558.2ef4: Size: 0xbc058 6558.2ef4: NT Headers: 0xe8 6558.2ef4: Timestamp: 0x38b369c4 6558.2ef4: Machine: 0x8664 - amd64 6558.2ef4: Timestamp: 0x38b369c4 6558.2ef4: Image Version: 10.0 6558.2ef4: SizeOfImage: 0xbe000 (778240) 6558.2ef4: Resource Dir: 0xbc000 LB 0x520 6558.2ef4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 6558.2ef4: [Raw version resource data: 0xbc0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)] 6558.2ef4: ProductName: Microsoft® Windows® Operating System 6558.2ef4: ProductVersion: 10.0.19041.1348 6558.2ef4: FileVersion: 10.0.19041.1348 (WinBuild.160101.0800) 6558.2ef4: FileDescription: Windows NT BASE API Client DLL 6558.2ef4: \SystemRoot\System32\KernelBase.dll: 6558.2ef4: CreationTime: 2021-12-17T09:52:07.022047900Z 6558.2ef4: LastWriteTime: 2021-12-17T09:52:07.089062400Z 6558.2ef4: ChangeTime: 2021-12-18T17:56:07.323012400Z 6558.2ef4: FileAttributes: 0x20 6558.2ef4: Size: 0x2c9168 6558.2ef4: NT Headers: 0xf0 6558.2ef4: Timestamp: 0xb9a844a 6558.2ef4: Machine: 0x8664 - amd64 6558.2ef4: Timestamp: 0xb9a844a 6558.2ef4: Image Version: 10.0 6558.2ef4: SizeOfImage: 0x2c8000 (2916352) 6558.2ef4: Resource Dir: 0x29f000 LB 0x548 6558.2ef4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 6558.2ef4: [Raw version resource data: 0x29f0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)] 6558.2ef4: ProductName: Microsoft® Windows® Operating System 6558.2ef4: ProductVersion: 10.0.19041.1387 6558.2ef4: FileVersion: 10.0.19041.1387 (WinBuild.160101.0800) 6558.2ef4: FileDescription: Windows NT BASE API Client DLL 6558.2ef4: \SystemRoot\System32\apisetschema.dll: 6558.2ef4: CreationTime: 2019-12-07T09:08:13.518339400Z 6558.2ef4: LastWriteTime: 2019-12-07T09:08:13.518339400Z 6558.2ef4: ChangeTime: 2021-12-17T09:52:47.633058800Z 6558.2ef4: FileAttributes: 0x20 6558.2ef4: Size: 0x1f538 6558.2ef4: NT Headers: 0xd0 6558.2ef4: Timestamp: 0x31288ce0 6558.2ef4: Machine: 0x8664 - amd64 6558.2ef4: Timestamp: 0x31288ce0 6558.2ef4: Image Version: 10.0 6558.2ef4: SizeOfImage: 0x20000 (131072) 6558.2ef4: Resource Dir: 0x1f000 LB 0x408 6558.2ef4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 6558.2ef4: [Raw version resource data: 0x1f060 LB 0x3a8, codepage 0x0 (reserved 0x0)] 6558.2ef4: ProductName: Microsoft® Windows® Operating System 6558.2ef4: ProductVersion: 10.0.19041.1 6558.2ef4: FileVersion: 10.0.19041.1 (WinBuild.160101.0800) 6558.2ef4: FileDescription: ApiSet Schema DLL 6558.2ef4: NtOpenDirectoryObject failed on \Driver: 0xc0000022 6558.2ef4: supR3HardenedWinFindAdversaries: 0x0 6558.2ef4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' 6558.2ef4: Calling main() 6558.2ef4: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2 6558.2ef4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' 6558.2ef4: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202 6558.2ef4: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports 6558.2ef4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe) 6558.2ef4: SUPR3HardenedMain: Respawn #2 6558.2ef4: supR3HardNtEnableThreadCreationEx: 6558.2ef4: supR3HardenedDllNotificationCallback: load 00007ffdf5080000 LB 0x0012a000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0] 6558.2ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll) 6558.2ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll 6558.2ef4: supR3HardenedDllNotificationCallback: load 00007ffdf4910000 LB 0x0009b000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0] 6558.2ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'. 6558.2ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\sechost.dll) 6558.2ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sechost.dll 6558.2ef4: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports 6558.2ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntdll.dll) 6558.2ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntdll.dll 6558.2ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 6558.2ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 6558.2ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 6558.2ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling] 6558.2ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf6770000 'C:\WINDOWS\System32\ntdll.dll' 6558.2ef4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffdf67e4b00 pvNtTerminateThread=00007ffdf680d7c0 6558.2ef4: supR3HardenedWinDoReSpawn(2): New child 3e68.3760 [kernel32]. 6558.2ef4: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless) 6558.2ef4: supR3HardNtChildGatherData: PebBaseAddress=00000000008ab000 cbPeb=0x388 6558.2ef4: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffdf6770000 uNtDllChildAddr=00007ffdf6770000 6558.2ef4: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffdf67e4b00 6558.2ef4: supR3HardenedWinSetupChildInit: Initial context: rax=0000000000000000 rbx=0000000000000000 rcx=00007ff7ac767900 rdx=00000000008ab000 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000 rip=00007ffdf67c2630 rsp=00000000007efba8 rbp=0000000000000000 ctxflags=0010001b cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000 6558.2ef4: kernel32.dll: timestamp 0x38b369c4 (rc=VINF_SUCCESS) 6558.2ef4: supR3HardenedWinSetupChildInit: Start child. 6558.2ef4: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms. 6558.2ef4: supR3HardNtChildPurify: Startup delay kludge #1/0: 264 ms, 17 sleeps 6558.2ef4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 6558.2ef4: *0000000000000000-00000000006affff 0x0001/0x0000 0x0000000 6558.2ef4: *00000000006b0000-00000000006cffff 0x0004/0x0004 0x0020000 6558.2ef4: *00000000006d0000-00000000006ecfff 0x0002/0x0002 0x0040000 6558.2ef4: 00000000006ed000-00000000006effff 0x0001/0x0000 0x0000000 6558.2ef4: *00000000006f0000-00000000007eafff 0x0000/0x0004 0x0020000 6558.2ef4: 00000000007eb000-00000000007edfff 0x0104/0x0004 0x0020000 6558.2ef4: 00000000007ee000-00000000007effff 0x0004/0x0004 0x0020000 6558.2ef4: *00000000007f0000-00000000007f3fff 0x0002/0x0002 0x0040000 6558.2ef4: 00000000007f4000-00000000007fffff 0x0001/0x0000 0x0000000 6558.2ef4: *0000000000800000-00000000008aafff 0x0000/0x0004 0x0020000 6558.2ef4: 00000000008ab000-00000000008adfff 0x0004/0x0004 0x0020000 6558.2ef4: 00000000008ae000-00000000009fffff 0x0000/0x0004 0x0020000 6558.2ef4: *0000000000a00000-0000000000a01fff 0x0004/0x0004 0x0020000 6558.2ef4: 0000000000a02000-000000007ffdffff 0x0001/0x0000 0x0000000 6558.2ef4: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 6558.2ef4: 000000007ffe1000-000000007ffeafff 0x0001/0x0000 0x0000000 6558.2ef4: *000000007ffeb000-000000007ffebfff 0x0002/0x0002 0x0020000 6558.2ef4: 000000007ffec000-00007ff579b7ffff 0x0001/0x0000 0x0000000 6558.2ef4: *00007ff579b80000-00007ff579b80fff 0x0020/0x0004 0x0020000 !! 6558.2ef4: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 00007ff579b80000 (LB 0x1000, 00007ff579b80000 LB 0x1000) 6558.2ef4: 0000000000e49d10/0000: 16 00 20 00 00 00 00 00-10 00 b8 79 f5 7f 00 00 .. ........y.... 0000000000e49d20/0010: 61 00 74 00 63 00 75 00-66 00 36 00 34 00 2e 00 a.t.c.u.f.6.4... 0000000000e49d30/0020: 64 00 6c 00 6c 00 00 00-00 00 00 00 00 00 00 00 d.l.l........... 0000000000e49d40/0030: 43 00 3a 00 5c 00 50 00-72 00 6f 00 67 00 72 00 C.:.\.P.r.o.g.r. 0000000000e49d50/0040: 61 00 6d 00 20 00 46 00-69 00 6c 00 65 00 73 00 a.m. .F.i.l.e.s. 0000000000e49d60/0050: 5c 00 42 00 69 00 74 00-64 00 65 00 66 00 65 00 \.B.i.t.d.e.f.e. 0000000000e49d70/0060: 6e 00 64 00 65 00 72 00-20 00 41 00 6e 00 74 00 n.d.e.r. .A.n.t. 0000000000e49d80/0070: 69 00 76 00 69 00 72 00-75 00 73 00 20 00 46 00 i.v.i.r.u.s. .F. 0000000000e49d90/0080: 72 00 65 00 65 00 5c 00-61 00 74 00 63 00 75 00 r.e.e.\.a.t.c.u. 0000000000e49da0/0090: 66 00 5c 00 64 00 6c 00-6c 00 73 00 5f 00 32 00 f.\.d.l.l.s._.2. 0000000000e49db0/00a0: 36 00 35 00 36 00 39 00-31 00 32 00 36 00 37 00 6.5.6.9.1.2.6.7. 0000000000e49dc0/00b0: 30 00 35 00 32 00 36 00-39 00 36 00 34 00 35 00 0.5.2.6.9.6.4.5. 0000000000e49dd0/00c0: 34 00 5c 00 00 00 00 00-00 00 00 00 00 00 00 00 4.\............. 0000000000e49de0/00d0: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................ 0000000000e49df0/00e0: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................ 0000000000e49e00/00f0: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................ 6558.2ef4: 0000000000e4a110/0000: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................ **************** **** <ditto x 2> 0000000000e4a140/0030: 16 00 20 00 00 00 00 00-40 04 b8 79 f5 7f 00 00 .. .....@..y.... 0000000000e4a150/0040: 62 00 64 00 68 00 6b 00-6d 00 36 00 34 00 2e 00 b.d.h.k.m.6.4... 0000000000e4a160/0050: 64 00 6c 00 6c 00 00 00-00 00 00 00 00 00 00 00 d.l.l........... 0000000000e4a170/0060: 43 00 3a 00 5c 00 50 00-72 00 6f 00 67 00 72 00 C.:.\.P.r.o.g.r. 0000000000e4a180/0070: 61 00 6d 00 20 00 46 00-69 00 6c 00 65 00 73 00 a.m. .F.i.l.e.s. 0000000000e4a190/0080: 5c 00 42 00 69 00 74 00-64 00 65 00 66 00 65 00 \.B.i.t.d.e.f.e. 0000000000e4a1a0/0090: 6e 00 64 00 65 00 72 00-20 00 41 00 6e 00 74 00 n.d.e.r. .A.n.t. 0000000000e4a1b0/00a0: 69 00 76 00 69 00 72 00-75 00 73 00 20 00 46 00 i.v.i.r.u.s. .F. 0000000000e4a1c0/00b0: 72 00 65 00 65 00 5c 00-62 00 64 00 68 00 6b 00 r.e.e.\.b.d.h.k. 0000000000e4a1d0/00c0: 6d 00 5c 00 64 00 6c 00-6c 00 73 00 5f 00 32 00 m.\.d.l.l.s._.2. 0000000000e4a1e0/00d0: 36 00 35 00 36 00 39 00-31 00 32 00 36 00 37 00 6.5.6.9.1.2.6.7. 0000000000e4a1f0/00e0: 30 00 36 00 32 00 37 00-32 00 32 00 31 00 37 00 0.6.2.7.2.2.1.7. 0000000000e4a200/00f0: 37 00 5c 00 00 00 00 00-00 00 00 00 00 00 00 00 7.\............. 6558.2ef4: 0000000000e4a510/0000: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................ **************** **** <ditto x 5> 0000000000e4a570/0060: 10 6a 78 f6 fd 7f 00 00-60 d7 80 f6 fd 7f 00 00 .jx.....`....... 0000000000e4a580/0070: 48 89 5c 24 10 56 57 41-56 48 81 ec d0 00 00 00 H.\$.VWAVH...... 0000000000e4a590/0080: 48 83 ec 38 56 57 51 52-41 50 41 51 48 83 ec 40 H..8VWQRAPAQH..@ 0000000000e4a5a0/0090: 48 b9 ff ff ff ff ff ff-ff ff 48 8b 15 bf ff ff H.........H..... 0000000000e4a5b0/00a0: ff 48 89 54 24 38 48 8d-54 24 38 48 c7 44 24 28 .H.T$8H.T$8H.D$( 0000000000e4a5c0/00b0: 10 00 00 00 4c 8d 44 24-28 49 c7 c1 04 00 00 00 ....L.D$(I...... 0000000000e4a5d0/00c0: 48 8d 7c 24 30 48 89 7c-24 20 48 8b 05 97 ff ff H.|$0H.|$ H..... 0000000000e4a5e0/00d0: ff ff d0 85 c0 0f 88 00-01 00 00 48 8d 35 8e ff ...........H.5.. 0000000000e4a5f0/00e0: ff ff 48 8b 3d 77 ff ff-ff 48 c7 c1 10 00 00 00 ..H.=w...H...... 0000000000e4a600/00f0: fc f3 a4 48 b9 ff ff ff-ff ff ff ff ff 48 8b 15 ...H.........H.. 6558.2ef4: 0000000000e4a610/0000: 5c ff ff ff 48 89 54 24-38 48 8d 54 24 38 48 c7 \...H.T$8H.T$8H. 0000000000e4a620/0010: 44 24 28 10 00 00 00 4c-8d 44 24 28 4c 8b 4c 24 D$(....L.D$(L.L$ 0000000000e4a630/0020: 30 48 8d 7c 24 30 48 89-7c 24 20 48 8b 05 36 ff 0H.|$0H.|$ H..6. 0000000000e4a640/0030: ff ff ff d0 85 c0 0f 88-9f 00 00 00 48 83 c4 40 ............H..@ 0000000000e4a650/0040: 41 59 41 58 5a 59 5f 5e-48 8b 05 11 ff ff ff 48 AYAXZY_^H......H 0000000000e4a660/0050: 83 ec 20 ff d0 48 83 c4-20 85 c0 0f 88 86 00 00 .. ..H.. ....... 0000000000e4a670/0060: 00 65 48 8b 0c 25 60 00-00 00 ba 00 01 00 02 85 .eH..%`......... 0000000000e4a680/0070: 91 bc 00 00 00 75 70 48-8d 0d e2 fa ff ff 48 c7 .....upH......H. 0000000000e4a690/0080: c2 00 00 00 00 4c 8d 05-a4 fa ff ff 4c 8d 4c 24 .....L......L.L$ 0000000000e4a6a0/0090: 20 48 8b 05 c8 fe ff ff-48 83 ec 20 ff d0 48 83 H......H.. ..H. 0000000000e4a6b0/00a0: c4 20 85 c0 74 05 48 31-c0 eb 3c 48 8d 0d 7e f6 . ..t.H1..<H..~. 0000000000e4a6c0/00b0: ff ff 48 c7 c2 00 00 00-00 4c 8d 05 40 f6 ff ff ..H......L..@... 0000000000e4a6d0/00c0: 4c 8d 4c 24 20 48 8b 05-94 fe ff ff 48 83 ec 20 L.L$ H......H.. 0000000000e4a6e0/00d0: ff d0 48 83 c4 20 48 31-c0 eb 0c 48 83 c4 40 41 ..H.. H1...H..@A 0000000000e4a6f0/00e0: 59 41 58 5a 59 5f 5e 48-83 c4 38 c3 00 00 00 00 YAXZY_^H..8..... 0000000000e4a700/00f0: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................ 6558.2ef4: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [00007ff579b80000/00007ff579b80000 LB 0/0x1000] 6558.2ef4: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/00007ff579b80000 LB 0x10000 s=0x10000 ap=0x0 rp=0x00000000000001 6558.2ef4: 00007ff579b81000-00007ff579b8ffff 0x0001/0x0000 0x0000000 6558.2ef4: *00007ff579b90000-00007ff579b90fff 0x0002/0x0002 0x0040000 6558.2ef4: 00007ff579b91000-00007ff579b9ffff 0x0001/0x0000 0x0000000 6558.2ef4: *00007ff579ba0000-00007ff579bc2fff 0x0002/0x0002 0x0040000 6558.2ef4: 00007ff579bc3000-00007ff7ac75ffff 0x0001/0x0000 0x0000000 6558.2ef4: *00007ff7ac760000-00007ff7ac760fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 6558.2ef4: 00007ff7ac761000-00007ff7ac7d7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 6558.2ef4: 00007ff7ac7d8000-00007ff7ac7d8fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 6558.2ef4: 00007ff7ac7d9000-00007ff7ac821fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 6558.2ef4: 00007ff7ac822000-00007ff7ac822fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 6558.2ef4: 00007ff7ac823000-00007ff7ac823fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 6558.2ef4: 00007ff7ac824000-00007ff7ac828fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 6558.2ef4: 00007ff7ac829000-00007ff7ac829fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 6558.2ef4: 00007ff7ac82a000-00007ff7ac82afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 6558.2ef4: 00007ff7ac82b000-00007ff7ac82efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 6558.2ef4: 00007ff7ac82f000-00007ff7ac877fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 6558.2ef4: 00007ff7ac878000-00007ffdf676ffff 0x0001/0x0000 0x0000000 6558.2ef4: *00007ffdf6770000-00007ffdf6770fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 6558.2ef4: 00007ffdf6771000-00007ffdf688bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 6558.2ef4: 00007ffdf688c000-00007ffdf68d3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 6558.2ef4: 00007ffdf68d4000-00007ffdf68dffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 6558.2ef4: 00007ffdf68e0000-00007ffdf68eefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 6558.2ef4: 00007ffdf68ef000-00007ffdf68effff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 6558.2ef4: 00007ffdf68f0000-00007ffdf68f2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 6558.2ef4: 00007ffdf68f3000-00007ffdf6964fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 6558.2ef4: 00007ffdf6965000-00007ffffffeffff 0x0001/0x0000 0x0000000 6558.2ef4: VirtualBoxVM.exe: timestamp 0x619bb44c (rc=VINF_SUCCESS) 6558.2ef4: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202 6558.2ef4: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports 6558.2ef4: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports 6558.2ef4: ntdll.dll: Differences in section #1 (.text) between file and memory: 6558.2ef4: 00007ffdf6786a11 / 0x0016a11: 89 != b8 6558.2ef4: 00007ffdf6786a12 / 0x0016a12: 5c != 80 6558.2ef4: 00007ffdf6786a13 / 0x0016a13: 24 != 08 6558.2ef4: 00007ffdf6786a14 / 0x0016a14: 10 != b8 6558.2ef4: 00007ffdf6786a15 / 0x0016a15: 56 != 79 6558.2ef4: 00007ffdf6786a16 / 0x0016a16: 57 != f5 6558.2ef4: 00007ffdf6786a17 / 0x0016a17: 41 != 7f 6558.2ef4: 00007ffdf6786a18 / 0x0016a18: 56 != 00 6558.2ef4: 00007ffdf6786a19 / 0x0016a19: 48 != 00 6558.2ef4: 00007ffdf6786a1a / 0x0016a1a: 81 != ff 6558.2ef4: 00007ffdf6786a1b / 0x0016a1b: ec != e0 6558.2ef4: Restored 0x2000 bytes of original file content at 00007ffdf6785000 6558.2ef4: supR3HardNtChildPurify: cFixes=2 g_fSupAdversaries=0x80000000 6558.2ef4: supR3HardNtChildPurify: Startup delay kludge #1/1: 513 ms, 33 sleeps 6558.2ef4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 6558.2ef4: *0000000000000000-00000000006affff 0x0001/0x0000 0x0000000 6558.2ef4: *00000000006b0000-00000000006cffff 0x0004/0x0004 0x0020000 6558.2ef4: *00000000006d0000-00000000006ecfff 0x0002/0x0002 0x0040000 6558.2ef4: 00000000006ed000-00000000006effff 0x0001/0x0000 0x0000000 6558.2ef4: *00000000006f0000-00000000007eafff 0x0000/0x0004 0x0020000 6558.2ef4: 00000000007eb000-00000000007edfff 0x0104/0x0004 0x0020000 6558.2ef4: 00000000007ee000-00000000007effff 0x0004/0x0004 0x0020000 6558.2ef4: *00000000007f0000-00000000007f3fff 0x0002/0x0002 0x0040000 6558.2ef4: 00000000007f4000-00000000007fffff 0x0001/0x0000 0x0000000 6558.2ef4: *0000000000800000-00000000008aafff 0x0000/0x0004 0x0020000 6558.2ef4: 00000000008ab000-00000000008adfff 0x0004/0x0004 0x0020000 6558.2ef4: 00000000008ae000-00000000009fffff 0x0000/0x0004 0x0020000 6558.2ef4: *0000000000a00000-0000000000a01fff 0x0004/0x0004 0x0020000 6558.2ef4: 0000000000a02000-000000007ffdffff 0x0001/0x0000 0x0000000 6558.2ef4: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 6558.2ef4: 000000007ffe1000-000000007ffeafff 0x0001/0x0000 0x0000000 6558.2ef4: *000000007ffeb000-000000007ffebfff 0x0002/0x0002 0x0020000 6558.2ef4: 000000007ffec000-00007ff579b8ffff 0x0001/0x0000 0x0000000 6558.2ef4: *00007ff579b90000-00007ff579b90fff 0x0002/0x0002 0x0040000 6558.2ef4: 00007ff579b91000-00007ff579b9ffff 0x0001/0x0000 0x0000000 6558.2ef4: *00007ff579ba0000-00007ff579bc2fff 0x0002/0x0002 0x0040000 6558.2ef4: 00007ff579bc3000-00007ff7ac75ffff 0x0001/0x0000 0x0000000 6558.2ef4: *00007ff7ac760000-00007ff7ac760fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 6558.2ef4: 00007ff7ac761000-00007ff7ac7d7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 6558.2ef4: 00007ff7ac7d8000-00007ff7ac7d8fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 6558.2ef4: 00007ff7ac7d9000-00007ff7ac821fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 6558.2ef4: 00007ff7ac822000-00007ff7ac82efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 6558.2ef4: 00007ff7ac82f000-00007ff7ac877fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 6558.2ef4: 00007ff7ac878000-00007ffdf676ffff 0x0001/0x0000 0x0000000 6558.2ef4: *00007ffdf6770000-00007ffdf6770fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 6558.2ef4: 00007ffdf6771000-00007ffdf688bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 6558.2ef4: 00007ffdf688c000-00007ffdf68d3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 6558.2ef4: 00007ffdf68d4000-00007ffdf68d7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 6558.2ef4: 00007ffdf68d8000-00007ffdf68dffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 6558.2ef4: 00007ffdf68e0000-00007ffdf68eefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 6558.2ef4: 00007ffdf68ef000-00007ffdf68effff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 6558.2ef4: 00007ffdf68f0000-00007ffdf68f2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 6558.2ef4: 00007ffdf68f3000-00007ffdf6964fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 6558.2ef4: 00007ffdf6965000-00007ffffffeffff 0x0001/0x0000 0x0000000 6558.2ef4: supR3HardNtChildPurify: Done after 813 ms and 2 fixes (loop #1). 3e68.3760: Log file opened: 6.1.30r148432 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa04a6400 6558.2ef4: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000700000 LB 0x400000) 3e68.3760: supR3HardenedVmProcessInit: uNtDllAddr=00007ffdf6770000 g_uNtVerCombined=0xa04a6400 (stack ~00000000007ef638) 6558.2ef4: supR3HardNtEnableThreadCreationEx: 3e68.3760: ntdll.dll: timestamp 0xa280d1d6 (rc=VINF_SUCCESS) 3e68.3760: New simple heap: #1 0000000000b10000 LB 0x400000 (for 2052096 allocation) 3e68.3760: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' 3e68.3760: System32: \Device\HarddiskVolume3\Windows\System32 3e68.3760: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS 3e68.3760: KnownDllPath: C:\WINDOWS\System32 3e68.3760: supR3HardenedVmProcessInit: Opening vboxdrv... 3e68.3760: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 3e68.3760: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 3e68.3760: Registered Dll notification callback with NTDLL. 3e68.3760: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll) 3e68.3760: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling] 3e68.3760: supR3HardenedDllNotificationCallback: load 00007ffdf3fe0000 LB 0x002c8000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0] 3e68.3760: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll) 3e68.3760: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll 3e68.3760: supR3HardenedDllNotificationCallback: load 00007ffdf63f0000 LB 0x000be000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0] 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf63f0000 'C:\WINDOWS\System32\KERNEL32.DLL' 3e68.3760: supR3HardenedDllNotificationCallback: load 00007ff7ac760000 LB 0x00118000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0] 3e68.3760: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202 3e68.3760: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports 3e68.3760: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe) 3e68.3760: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 3e68.3760: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffdf67e4b00 pvNtTerminateThread=00007ffdf680d7c0 6558.2ef4: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 92 ms. 3e68.3760: \SystemRoot\System32\ntdll.dll: 3e68.3760: CreationTime: 2021-10-06T13:39:54.967473200Z 3e68.3760: LastWriteTime: 2021-10-06T13:39:55.014335100Z 3e68.3760: ChangeTime: 2021-12-17T09:52:47.850888900Z 3e68.3760: FileAttributes: 0x20 3e68.3760: Size: 0x1ee520 3e68.3760: NT Headers: 0xe8 3e68.3760: Timestamp: 0xa280d1d6 3e68.3760: Machine: 0x8664 - amd64 3e68.3760: Timestamp: 0xa280d1d6 3e68.3760: Image Version: 10.0 3e68.3760: SizeOfImage: 0x1f5000 (2052096) 3e68.3760: Resource Dir: 0x184000 LB 0x6fdc8 3e68.3760: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 3e68.3760: [Raw version resource data: 0x1840f0 LB 0x380, codepage 0x0 (reserved 0x0)] 3e68.3760: ProductName: Microsoft® Windows® Operating System 3e68.3760: ProductVersion: 10.0.19041.1288 3e68.3760: FileVersion: 10.0.19041.1288 (WinBuild.160101.0800) 3e68.3760: FileDescription: NT Layer DLL 3e68.3760: \SystemRoot\System32\kernel32.dll: 3e68.3760: CreationTime: 2021-12-02T15:03:52.492099300Z 3e68.3760: LastWriteTime: 2021-12-02T15:03:52.505102200Z 3e68.3760: ChangeTime: 2021-12-17T09:52:47.655061900Z 3e68.3760: FileAttributes: 0x20 3e68.3760: Size: 0xbc058 3e68.3760: NT Headers: 0xe8 3e68.3760: Timestamp: 0x38b369c4 3e68.3760: Machine: 0x8664 - amd64 3e68.3760: Timestamp: 0x38b369c4 3e68.3760: Image Version: 10.0 3e68.3760: SizeOfImage: 0xbe000 (778240) 3e68.3760: Resource Dir: 0xbc000 LB 0x520 3e68.3760: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 3e68.3760: [Raw version resource data: 0xbc0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)] 3e68.3760: ProductName: Microsoft® Windows® Operating System 3e68.3760: ProductVersion: 10.0.19041.1348 3e68.3760: FileVersion: 10.0.19041.1348 (WinBuild.160101.0800) 3e68.3760: FileDescription: Windows NT BASE API Client DLL 3e68.3760: \SystemRoot\System32\KernelBase.dll: 3e68.3760: CreationTime: 2021-12-17T09:52:07.022047900Z 3e68.3760: LastWriteTime: 2021-12-17T09:52:07.089062400Z 3e68.3760: ChangeTime: 2021-12-18T17:56:07.323012400Z 3e68.3760: FileAttributes: 0x20 3e68.3760: Size: 0x2c9168 3e68.3760: NT Headers: 0xf0 3e68.3760: Timestamp: 0xb9a844a 3e68.3760: Machine: 0x8664 - amd64 3e68.3760: Timestamp: 0xb9a844a 3e68.3760: Image Version: 10.0 3e68.3760: SizeOfImage: 0x2c8000 (2916352) 3e68.3760: Resource Dir: 0x29f000 LB 0x548 3e68.3760: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 3e68.3760: [Raw version resource data: 0x29f0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)] 3e68.3760: ProductName: Microsoft® Windows® Operating System 3e68.3760: ProductVersion: 10.0.19041.1387 3e68.3760: FileVersion: 10.0.19041.1387 (WinBuild.160101.0800) 3e68.3760: FileDescription: Windows NT BASE API Client DLL 3e68.3760: \SystemRoot\System32\apisetschema.dll: 3e68.3760: CreationTime: 2019-12-07T09:08:13.518339400Z 3e68.3760: LastWriteTime: 2019-12-07T09:08:13.518339400Z 3e68.3760: ChangeTime: 2021-12-17T09:52:47.633058800Z 3e68.3760: FileAttributes: 0x20 3e68.3760: Size: 0x1f538 3e68.3760: NT Headers: 0xd0 3e68.3760: Timestamp: 0x31288ce0 3e68.3760: Machine: 0x8664 - amd64 3e68.3760: Timestamp: 0x31288ce0 3e68.3760: Image Version: 10.0 3e68.3760: SizeOfImage: 0x20000 (131072) 3e68.3760: Resource Dir: 0x1f000 LB 0x408 3e68.3760: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 3e68.3760: [Raw version resource data: 0x1f060 LB 0x3a8, codepage 0x0 (reserved 0x0)] 3e68.3760: ProductName: Microsoft® Windows® Operating System 3e68.3760: ProductVersion: 10.0.19041.1 3e68.3760: FileVersion: 10.0.19041.1 (WinBuild.160101.0800) 3e68.3760: FileDescription: ApiSet Schema DLL 3e68.3760: NtOpenDirectoryObject failed on \Driver: 0xc0000022 3e68.3760: supR3HardenedWinFindAdversaries: 0x0 3e68.3760: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' 3e68.3760: Calling main() 3e68.3760: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2 3e68.3760: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' 3e68.3760: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202 3e68.3760: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports 3e68.3760: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe) 3e68.3760: SUPR3HardenedMain: Final process, opening VBoxDrv... 3e68.3760: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000b10000 LB 0x400000) 3e68.3760: supR3HardNtEnableThreadCreationEx: 3e68.3760: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll: Signature #1/2: info status: 24202 3e68.3760: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll) 3e68.3760: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling] 3e68.3760: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedDllNotificationCallback: load 00007ffdec7b0000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0] 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdec7b0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdec7b0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdec7b0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'. 3e68.3760: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wintrust.dll) 3e68.3760: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wintrust.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 3e68.3760: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll) 3e68.3760: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3e68.3760: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcrt.dll) 3e68.3760: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcrt.dll 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling] 3e68.3760: supR3HardenedDllNotificationCallback: load 00007ffdf6350000 LB 0x0009e000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0] 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedDllNotificationCallback: load 00007ffdf5080000 LB 0x0012a000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0] 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedDllNotificationCallback: load 00007ffdf42e0000 LB 0x00060000 C:\WINDOWS\System32\Wintrust.dll [fFlags=0x0] 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedDllNotificationCallback: load 00007ffdf4470000 LB 0x00100000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0] 3e68.3760: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ucrtbase.dll) 3e68.3760: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ucrtbase.dll 3e68.3760: supR3HardenedDllNotificationCallback: load 00007ffdf4570000 LB 0x00156000 C:\WINDOWS\System32\CRYPT32.dll [fFlags=0x0] 3e68.3760: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\crypt32.dll) 3e68.3760: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\crypt32.dll 3e68.3760: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf3fe0000 'api-ms-win-core-synch-l1-2-0' 3e68.3760: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf3fe0000 'api-ms-win-core-fibers-l1-1-1' 3e68.3760: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf3fe0000 'api-ms-win-core-fibers-l1-1-1' 3e68.3760: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf3fe0000 'api-ms-win-core-synch-l1-2-0' 3e68.3760: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf3fe0000 'api-ms-win-core-localization-l1-2-1' 3e68.3760: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msasn1.dll) 3e68.3760: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msasn1.dll 3e68.3760: supR3HardenedDllNotificationCallback: load 00007ffdf3610000 LB 0x00012000 C:\WINDOWS\SYSTEM32\MSASN1.dll [fFlags=0x0] 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf42e0000 'C:\WINDOWS\system32\Wintrust.dll' 3e68.3760: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcrypt.dll) 3e68.3760: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcrypt.dll 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling] 3e68.3760: supR3HardenedDllNotificationCallback: load 00007ffdf4780000 LB 0x00027000 C:\WINDOWS\System32\bcrypt.dll [fFlags=0x0] 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4780000 'C:\WINDOWS\system32\bcrypt.dll' 3e68.3760: bcrypt.dll loaded at 00007ffdf4780000, BCryptOpenAlgorithmProvider at 00007ffdf47851e0, preloading providers: 3e68.3760: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll) 3e68.3760: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.3760: supR3HardenedDllNotificationCallback: load 00007ffdf4340000 LB 0x00082000 C:\WINDOWS\System32\bcryptprimitives.dll [fFlags=0x0] 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4340000 'C:\WINDOWS\system32\bcryptprimitives.dll' 3e68.3760: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=0000000000fffb90) 3e68.3760: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=0000000001000a20) 3e68.3760: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=0000000001000d40) 3e68.3760: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000000001001060) 3e68.3760: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000001001380) 3e68.3760: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=00000000010016a0) 3e68.3760: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=00000000010019c0) 3e68.3760: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000001001ce0) 3e68.3760: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptsp.dll) 3e68.3760: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptsp.dll 3e68.3760: supR3HardenedDllNotificationCallback: load 00007ffdf3b90000 LB 0x00018000 C:\WINDOWS\SYSTEM32\CRYPTSP.dll [fFlags=0x0] 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptsp.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'bcrypt.dll'. 3e68.3760: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rsaenh.dll) 3e68.3760: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.3760: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedDllNotificationCallback: load 00007ffdf2880000 LB 0x00034000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0] 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptbase.dll) 3e68.3760: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptbase.dll 3e68.3760: supR3HardenedDllNotificationCallback: load 00007ffdf31b0000 LB 0x0000c000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0] 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptbase.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf63f0000 'C:\WINDOWS\System32\kernel32.dll' 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf42e0000 'C:\WINDOWS\System32\WINTRUST.DLL' 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\System32\CRYPT32.dll' 3e68.3760: supR3HardenedDllNotificationCallback: load 00007ffdf51b0000 LB 0x0001d000 C:\WINDOWS\System32\imagehlp.dll [fFlags=0x0] 3e68.3760: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\imagehlp.dll) 3e68.3760: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imagehlp.dll 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supR3HardenedDllNotificationCallback: load 00007ffdf4910000 LB 0x0009b000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0] 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'. 3e68.3760: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\sechost.dll) 3e68.3760: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sechost.dll 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'. 3e68.3760: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gpapi.dll) 3e68.3760: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gpapi.dll 3e68.3760: supR3HardenedDllNotificationCallback: load 00007ffdf1920000 LB 0x00023000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0] 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gpapi.dll [lacks WinVerifyTrust] 3e68.3760: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\profapi.dll) 3e68.3760: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\profapi.dll 3e68.3760: supR3HardenedDllNotificationCallback: load 00007ffdf3dc0000 LB 0x0001f000 C:\WINDOWS\SYSTEM32\profapi.dll [fFlags=0x0] 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\profapi.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'. 3e68.3760: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptnet.dll) 3e68.3760: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptnet.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.3760: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedDllNotificationCallback: load 00007ffdeac20000 LB 0x00031000 C:\WINDOWS\System32\cryptnet.dll [fFlags=0x0] 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdeac20000 'C:\WINDOWS\System32\cryptnet.dll' 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdeac20000 'C:\WINDOWS\System32\cryptnet.dll' 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdeac20000 'C:\WINDOWS\System32\cryptnet.dll' 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdeac20000 'C:\WINDOWS\System32\cryptnet.dll' 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdeac20000 'C:\WINDOWS\System32\cryptnet.dll' 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdeac20000 'C:\WINDOWS\System32\cryptnet.dll' 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdeac20000 'C:\WINDOWS\System32\cryptnet.dll' 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdeac20000 'C:\WINDOWS\System32\cryptnet.dll' 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdeac20000 'C:\WINDOWS\System32\cryptnet.dll' 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdeac20000 'C:\WINDOWS\System32\cryptnet.dll' 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdeac20000 'C:\WINDOWS\System32\cryptnet.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdeac20000 'C:\WINDOWS\System32\cryptnet.dll' 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdeac20000 'C:\Windows\System32\cryptnet.dll' 3e68.3760: supR3HardenedDllNotificationCallback: load 00007ffdf5310000 LB 0x000ac000 C:\WINDOWS\System32\advapi32.dll [fFlags=0x0] 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'. 3e68.3760: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\advapi32.dll) 3e68.3760: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\advapi32.dll 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume3\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\sechost.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\System32\crypt32.dll' 3e68.3760: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll 3e68.3760: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000001077710 3e68.3760: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001077710 3e68.3760: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CF5EACF36F78DD76A9C15BF564DC1094C86C4B18 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf5080000 'C:\WINDOWS\System32\rpcrt4.dll' 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\System32\crypt32.dll' 3e68.3760: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0516~31bf3856ad364e35~amd64~~10.0.19041.1288.cat'; file='\SystemRoot\System32\ntdll.dll' 3e68.3760: g_pfnWinVerifyTrust=00007ffdf42e1da0 3e68.3760: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [redoing WinVerifyTrust] 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\System32\crypt32.dll' 3e68.3760: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' 3e68.3760: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [redoing WinVerifyTrust] 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\System32\crypt32.dll' 3e68.3760: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\wintrust.dll' 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\System32\crypt32.dll' 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\System32\crypt32.dll' 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptnet.dll' 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\System32\crypt32.dll' 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\profapi.dll' 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\System32\crypt32.dll' 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gpapi.dll' 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\System32\crypt32.dll' 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\sechost.dll' 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\System32\crypt32.dll' 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imagehlp.dll' 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\System32\crypt32.dll' 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptbase.dll' 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\System32\crypt32.dll' 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rsaenh.dll' 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\System32\crypt32.dll' 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptsp.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\System32\crypt32.dll' 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\System32\crypt32.dll' 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\System32\crypt32.dll' 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\System32\crypt32.dll' 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ucrtbase.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\System32\crypt32.dll' 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\System32\crypt32.dll' 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\System32\crypt32.dll' 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\KernelBase.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\System32\crypt32.dll' 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\kernel32.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\system32\crypt32.dll' 3e68.3760: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority 3e68.3760: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA 3e68.3760: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority 3e68.3760: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority 3e68.3760: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft 3e68.3760: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011 3e68.3760: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority 3e68.3760: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010 3e68.3760: supR3HardenedWinIsDesiredRootCA: Adding 0xf3bb4d7e894b420 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC TS Root Certificate Authority 2018 3e68.3760: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp. 3e68.3760: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc. 3e68.3760: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018 3e68.3760: supR3HardenedWinIsDesiredRootCA: Adding 0x43323b06d8e78a8c CN=Bitdefender Personal CA.avfree000000, OU=IDS, O=Bitdefender, C=US 3e68.3760: supR3HardenedWinIsDesiredRootCA: Adding 0xca58a05dd401ae00 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Time Stamp Root Certificate Authority 2014 3e68.3760: supR3HardenedWinIsDesiredRootCA: Adding 0x2ca429a5c4c6a700 C=IT, L=Milan, O=Actalis S.p.A./03358520967, CN=Actalis Authentication Root CA 3e68.3760: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object 3e68.3760: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2 3e68.3760: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority 3e68.3760: supR3HardenedWinIsDesiredRootCA: Adding 0xbbde687390e6bf00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Trusted Root G4 3e68.3760: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3 3e68.3760: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign 3e68.3760: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root 3e68.3760: supR3HardenedWinIsDesiredRootCA: Adding 0xeae16ef49d40be00 C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services 3e68.3760: supR3HardenedWinIsDesiredRootCA: Adding 0x3714f47324e8ad00 C=US, O=Internet Security Research Group, CN=ISRG Root X1 3e68.3760: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 3e68.3760: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2 3e68.3760: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority 3e68.3760: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA 3e68.3760: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority 3e68.3760: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA 3e68.3760: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root 3e68.3760: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA 3e68.3760: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2 3e68.3760: supR3HardenedWinIsDesiredRootCA: Adding 0xbebef0d2217f0bfb C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G3 3e68.3760: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign 3e68.3760: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority 3e68.3760: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA 3e68.3760: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA 3e68.3760: supR3HardenedWinIsDesiredRootCA: Adding 0x73e85f1bda5faa00 C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 2 3e68.3760: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03 3e68.3760: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048) 3e68.3760: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5 3e68.3760: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2 3e68.3760: supR3HardenedWinIsDesiredRootCA: Adding 0xb16dd37ffeb3b300 C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1 3e68.3760: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority 3e68.3760: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority 3e68.3760: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority 3e68.3760: supR3HardenedWinIsDesiredRootCA: Adding 0xdc1801b225aea100 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 G3 3e68.3760: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA 3e68.3760: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA 3e68.3760: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root 3e68.3760: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=51 3e68.3760: SUPR3HardenedMain: Load Runtime... 3e68.3760: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll: Signature #1/2: info status: 24202 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'. 3e68.3760: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust 3e68.3760: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\System32\crypt32.dll' 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'. 3e68.3760: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ws2_32.dll) WinVerifyTrust 3e68.3760: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ws2_32.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 3e68.3760: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll: Signature #1/2: info status: 24202 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 3e68.3760: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust 3e68.3760: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 3e68.3760: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll: Signature #1/2: info status: 24202 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 3e68.3760: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll: Signature #1/2: info status: 24202 3e68.3760: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. 3e68.3760: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll) 3e68.3760: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling] 3e68.3760: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 3e68.3760: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust] 3e68.3760: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll 3e68.3760: supR3HardenedDllNotificationCallback: load 000000005d4d0000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0] 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust] 3e68.3760: supR3HardenedDllNotificationCallback: load 000000005c950000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0] 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll 3e68.3760: supR3HardenedDllNotificationCallback: load 00007ffdf53c0000 LB 0x0006b000 C:\WINDOWS\System32\WS2_32.dll [fFlags=0x0] 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll 3e68.3760: supR3HardenedDllNotificationCallback: load 00007ffd8c4a0000 LB 0x005eb000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0] 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 3e68.3760: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8c4a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3e68.3760: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8c4a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3e68.3760: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8c4a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3e68.3760: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8c4a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3e68.3760: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8c4a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3e68.3760: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8c4a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3e68.3760: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8c4a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3e68.3760: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8c4a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3e68.3760: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8c4a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3e68.3760: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8c4a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3e68.3760: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8c4a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3e68.3760: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8c4a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3e68.3760: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8c4a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3e68.3760: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8c4a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3e68.3760: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8c4a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3e68.3760: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8c4a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3e68.3760: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8c4a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3e68.3760: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8c4a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3e68.3760: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8c4a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3e68.3760: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8c4a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3e68.3760: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8c4a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3e68.3760: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8c4a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3e68.3760: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8c4a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3e68.3760: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8c4a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3e68.3760: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8c4a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3e68.3760: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8c4a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3e68.3760: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8c4a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3e68.3760: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8c4a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3e68.3760: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8c4a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3e68.3760: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8c4a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3e68.3760: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8c4a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3e68.3760: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8c4a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3e68.3760: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8c4a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf42e0000 'C:\WINDOWS\system32\Wintrust.dll' 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\System32\crypt32.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\System32\crypt32.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\system32\crypt32.dll' 3e68.3760: SUPR3HardenedMain: Load TrustedMain... 3e68.3760: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll: Signature #1/2: info status: 24202 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'uicommon.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcp100.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcr100.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5corevbox.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5guivbox.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5widgetsvbox.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'ole32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'oleaut32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'winmm.dll'. 3e68.3760: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll) WinVerifyTrust 3e68.3760: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\System32\crypt32.dll' 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. 3e68.3760: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winmm.dll) WinVerifyTrust 3e68.3760: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winmm.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\System32\crypt32.dll' 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'. 3e68.3760: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\oleaut32.dll) WinVerifyTrust 3e68.3760: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\oleaut32.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 3e68.3760: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'. 3e68.3760: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\combase.dll) 3e68.3760: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\combase.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] 3e68.3760: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'. 3e68.3760: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll) 3e68.3760: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\System32\crypt32.dll' 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #49 'gdi32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #50 'user32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #51 'combase.dll'. 3e68.3760: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ole32.dll) WinVerifyTrust 3e68.3760: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ole32.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 3e68.3760: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'gdi32.dll'. 3e68.3760: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\user32.dll) 3e68.3760: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\user32.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 3e68.3760: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'win32u.dll'. 3e68.3760: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32.dll) 3e68.3760: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] 3e68.3760: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'. 3e68.3760: '\Device\HarddiskVolume3\Windows\System32\win32u.dll' has no imports 3e68.3760: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\win32u.dll) 3e68.3760: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\win32u.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\System32\crypt32.dll' 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'gdi32.dll'. 3e68.3760: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\user32.dll) WinVerifyTrust 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008] 3e68.3760: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll: Signature #1/2: info status: 24202 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'. 3e68.3760: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust 3e68.3760: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008] 3e68.3760: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll: Signature #1/2: info status: 24202 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 3e68.3760: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll: Signature #1/2: info status: 24202 3e68.3760: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'. 3e68.3760: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll) 3e68.3760: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] 3e68.3760: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll: Signature #1/2: info status: 24202 3e68.3760: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'. 3e68.3760: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll) 3e68.3760: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008] 3e68.3760: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll: Signature #1/2: info status: 24202 3e68.3760: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'. 3e68.3760: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) 3e68.3760: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 3e68.3760: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #72 'user32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #74 'gdi32.dll'. 3e68.3760: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shell32.dll) 3e68.3760: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shell32.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008] 3e68.3760: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\opengl32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'glu32.dll'. 3e68.3760: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\opengl32.dll) 3e68.3760: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\opengl32.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008] 3e68.3760: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'. 3e68.3760: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\mpr.dll) 3e68.3760: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\mpr.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008] 3e68.3760: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'opengl32.dll'. 3e68.3760: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\glu32.dll) 3e68.3760: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\glu32.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'. 3e68.3760: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust] 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll' 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll' 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uicommon.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'uicommon.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\uicommon.dll' [rcNtRedir=0xc0150008] 3e68.3760: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\UICommon.dll: Signature #1/2: info status: 24202 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcr100.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5widgetsvbox.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'. 3e68.3760: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\UICommon.dll) WinVerifyTrust 3e68.3760: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\UICommon.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll [redoing WinVerifyTrust] 3e68.3760: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000440 pwszName=\Device\HarddiskVolume3\Windows\System32\opengl32.dll 3e68.3760: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001077710 3e68.3760: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001077710 3e68.3760: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8E7659A85CD9E1DD85A2EDD240E0AFC0D2340903 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\System32\crypt32.dll' 3e68.3760: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0212~31bf3856ad364e35~amd64~~10.0.19041.1348.cat'; file='\Device\HarddiskVolume3\Windows\System32\opengl32.dll' 3e68.3760: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 3e68.3760: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling] 3e68.3760: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll 3e68.3760: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll 3e68.3760: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\UICommon.dll 3e68.3760: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll 3e68.3760: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll 3e68.3760: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [avoiding WinVerifyTrust] 3e68.3760: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll 3e68.3760: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll 3e68.3760: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\glu32.dll [avoiding WinVerifyTrust] 3e68.3760: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mpr.dll [avoiding WinVerifyTrust] 3e68.3760: supR3HardenedDllNotificationCallback: load 00007ffdf42b0000 LB 0x00022000 C:\WINDOWS\System32\win32u.dll [fFlags=0x0] 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [avoiding WinVerifyTrust] 3e68.3760: supR3HardenedDllNotificationCallback: load 00007ffdf43d0000 LB 0x0009d000 C:\WINDOWS\System32\msvcp_win.dll [fFlags=0x0] 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [avoiding WinVerifyTrust] 3e68.3760: supR3HardenedDllNotificationCallback: load 00007ffdf3ed0000 LB 0x0010d000 C:\WINDOWS\System32\gdi32full.dll [fFlags=0x0] 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'gdi32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'user32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'win32u.dll'. 3e68.3760: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32full.dll) 3e68.3760: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32full.dll 3e68.3760: supR3HardenedDllNotificationCallback: load 00007ffdf6320000 LB 0x0002b000 C:\WINDOWS\System32\GDI32.dll [fFlags=0x0] 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [avoiding WinVerifyTrust] 3e68.3760: supR3HardenedDllNotificationCallback: load 00007ffdf6170000 LB 0x001a1000 C:\WINDOWS\System32\USER32.dll [fFlags=0x0] 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [avoiding WinVerifyTrust] 3e68.3760: supR3HardenedDllNotificationCallback: load 00007ffdf5430000 LB 0x00355000 C:\WINDOWS\System32\combase.dll [fFlags=0x0] 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [avoiding WinVerifyTrust] 3e68.3760: supR3HardenedDllNotificationCallback: load 00007ffda2f10000 LB 0x0002c000 C:\WINDOWS\SYSTEM32\GLU32.dll [fFlags=0x0] 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\glu32.dll [avoiding WinVerifyTrust] 3e68.3760: supR3HardenedDllNotificationCallback: load 00007ffd94df0000 LB 0x00125000 C:\WINDOWS\SYSTEM32\OPENGL32.dll [fFlags=0x0] 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll 3e68.3760: supR3HardenedDllNotificationCallback: load 00007ffdf5790000 LB 0x00744000 C:\WINDOWS\System32\SHELL32.dll [fFlags=0x0] 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [avoiding WinVerifyTrust] 3e68.3760: supR3HardenedDllNotificationCallback: load 00007ffdf47e0000 LB 0x0012a000 C:\WINDOWS\System32\ole32.dll [fFlags=0x0] 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll 3e68.3760: supR3HardenedDllNotificationCallback: load 00007ffdd43b0000 LB 0x0001d000 C:\WINDOWS\SYSTEM32\MPR.dll [fFlags=0x0] 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mpr.dll [avoiding WinVerifyTrust] 3e68.3760: supR3HardenedDllNotificationCallback: load 000000005cf60000 LB 0x00565000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0] 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll 3e68.3760: supR3HardenedDllNotificationCallback: load 00007ffd8bea0000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0] 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll 3e68.3760: supR3HardenedDllNotificationCallback: load 000000005c9f0000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0] 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [avoiding WinVerifyTrust] 3e68.3760: supR3HardenedDllNotificationCallback: load 00007ffdf64b0000 LB 0x000cd000 C:\WINDOWS\System32\OLEAUT32.dll [fFlags=0x0] 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll 3e68.3760: supR3HardenedDllNotificationCallback: load 00007ffd8ca90000 LB 0x0231e000 C:\Program Files\Oracle\VirtualBox\UICommon.dll [fFlags=0x0] 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\UICommon.dll 3e68.3760: supR3HardenedDllNotificationCallback: load 000000005c8a0000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0] 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll 3e68.3760: supR3HardenedDllNotificationCallback: load 00007ffdf0d80000 LB 0x00027000 C:\WINDOWS\SYSTEM32\WINMM.dll [fFlags=0x0] 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll 3e68.3760: supR3HardenedDllNotificationCallback: load 00007ffda4f80000 LB 0x001c8000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll [fFlags=0x0] 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled] 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [redoing WinVerifyTrust] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'. 3e68.3760: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\win32u.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [redoing WinVerifyTrust] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'. 3e68.3760: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\user32.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [redoing WinVerifyTrust] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'. 3e68.3760: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\gdi32.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'. 3e68.3760: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf63f0000 'C:\WINDOWS\System32\kernel32.dll' 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled] 3e68.3760: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf3fe0000 'api-ms-win-core-string-l1-1-0' 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled] 3e68.3760: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf3fe0000 'api-ms-win-core-datetime-l1-1-1' 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled] 3e68.3760: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf3fe0000 'api-ms-win-core-localization-obsolete-l1-2-0' 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'win32u.dll'. 3e68.3760: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\imm32.dll) 3e68.3760: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imm32.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [redoing WinVerifyTrust] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'. 3e68.3760: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\win32u.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [redoing WinVerifyTrust] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'. 3e68.3760: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\user32.dll 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling] 3e68.3760: supR3HardenedDllNotificationCallback: load 00007ffdf47b0000 LB 0x00030000 C:\WINDOWS\System32\IMM32.DLL [fFlags=0x0] 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [avoiding WinVerifyTrust] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf47b0000 'C:\WINDOWS\system32\IMM32.DLL' 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled] 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf5310000 'C:\WINDOWS\System32\ADVAPI32.DLL' 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled] 3e68.3760: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'. 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffda4f80000 'C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\System32\crypt32.dll' 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\System32\crypt32.dll' 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' 3e68.3760: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000490 pwszName=\Device\HarddiskVolume3\Windows\System32\glu32.dll 3e68.3760: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001077710 3e68.3760: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001077710 3e68.3760: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0FEA41B8444B51E45D80438EF35CC443EA7D79A6 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\System32\crypt32.dll' 3e68.3760: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0212~31bf3856ad364e35~amd64~~10.0.19041.1348.cat'; file='\Device\HarddiskVolume3\Windows\System32\glu32.dll' 3e68.3760: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\System32\crypt32.dll' 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\System32\crypt32.dll' 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\System32\crypt32.dll' 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\System32\crypt32.dll' 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\System32\crypt32.dll' 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\System32\crypt32.dll' 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\System32\crypt32.dll' 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' 3e68.3760: SUPR3HardenedMain: Calling TrustedMain (00007ffda4f816c0)... 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'combase.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'msvcp_win.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'wldp.dll'. 3e68.3760: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\windows.storage.dll) 3e68.3760: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\windows.storage.dll 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 3e68.3760: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wldp.dll) 3e68.3760: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wldp.dll 3e68.3760: supR3HardenedDllNotificationCallback: load 00007ffdf31e0000 LB 0x0002e000 C:\WINDOWS\SYSTEM32\Wldp.dll [fFlags=0x0] 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wldp.dll [avoiding WinVerifyTrust] 3e68.3760: supR3HardenedDllNotificationCallback: load 00007ffdf1150000 LB 0x00794000 C:\WINDOWS\SYSTEM32\windows.storage.dll [fFlags=0x0] 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\windows.storage.dll [avoiding WinVerifyTrust] 3e68.3760: supR3HardenedDllNotificationCallback: load 00007ffdf4a10000 LB 0x000ad000 C:\WINDOWS\System32\SHCORE.dll [fFlags=0x0] 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'combase.dll'. 3e68.3760: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\SHCore.dll) 3e68.3760: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\SHCore.dll 3e68.3760: supR3HardenedDllNotificationCallback: load 00007ffdf49b0000 LB 0x00055000 C:\WINDOWS\System32\shlwapi.dll [fFlags=0x0] 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. 3e68.3760: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shlwapi.dll) 3e68.3760: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shlwapi.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldp.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldp.dll' -> '\Device\HarddiskVolume3\Windows\System32\wldp.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wldp.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\System32\crypt32.dll' 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\System32\crypt32.dll' 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\System32\crypt32.dll' 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\wldp.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\System32\crypt32.dll' 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' 3e68.3760: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll: Signature #1/2: info status: 24202 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'. 3e68.3760: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust 3e68.3760: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.3760: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll 3e68.3760: supR3HardenedDllNotificationCallback: load 00007ffd8bd10000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0] 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8bd10000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll' 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'. 3e68.3760: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll) 3e68.3760: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll 3e68.3760: supR3HardenedDllNotificationCallback: load 00007ffdf1900000 LB 0x00012000 C:\WINDOWS\SYSTEM32\kernel.appcore.dll [fFlags=0x0] 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll [avoiding WinVerifyTrust] 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\System32\crypt32.dll' 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll' 3e68.3760: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005d0 pwszName=\Device\HarddiskVolume3\Windows\System32\uxtheme.dll 3e68.3760: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001077710 3e68.3760: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001077710 3e68.3760: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D52B5B313F26D198724C9A8532CECB1A8130856B 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\System32\crypt32.dll' 3e68.3760: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0519~31bf3856ad364e35~amd64~~10.0.19041.1415.cat'; file='\Device\HarddiskVolume3\Windows\System32\uxtheme.dll' 3e68.3760: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'user32.dll'. 3e68.3760: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\uxtheme.dll) WinVerifyTrust 3e68.3760: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\uxtheme.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling] 3e68.3760: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll 3e68.3760: supR3HardenedDllNotificationCallback: load 00007ffdf07e0000 LB 0x0009e000 C:\WINDOWS\system32\uxtheme.dll [fFlags=0x0] 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf07e0000 'C:\WINDOWS\system32\uxtheme.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf6170000 'C:\WINDOWS\system32\user32.dll' 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf5790000 'C:\WINDOWS\system32\shell32.dll' 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\SHCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4a10000 'C:\WINDOWS\system32\SHCore.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll; rcNtGetDll=0x0 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\system32\wintab32.dll' 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf0d80000 'C:\WINDOWS\system32\winmm.dll' 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf0d80000 'C:\WINDOWS\system32\winmm.dll' 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf5790000 'C:\WINDOWS\system32\shell32.dll' 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf07e0000 'C:\WINDOWS\system32\uxtheme.dll' 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf5310000 'C:\WINDOWS\system32\advapi32.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\System32\crypt32.dll' 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'. 3e68.3760: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\userenv.dll) WinVerifyTrust 3e68.3760: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\userenv.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.3760: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll 3e68.3760: supR3HardenedDllNotificationCallback: load 00007ffdf3d80000 LB 0x0002e000 C:\WINDOWS\system32\userenv.dll [fFlags=0x0] 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf3d80000 'C:\WINDOWS\system32\userenv.dll' 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf63f0000 'C:\WINDOWS\System32\kernel32.dll' 3e68.3760: supR3HardenedDllNotificationCallback: load 00007ffdf5260000 LB 0x000a9000 C:\WINDOWS\System32\clbcatq.dll [fFlags=0x0] 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'. 3e68.3760: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\clbcatq.dll) 3e68.3760: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\clbcatq.dll 3e68.990: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 3e68.990: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 3e68.990: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 3e68.990: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3e68.990: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3e68.990: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.990: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.990: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\System32\crypt32.dll' 3e68.990: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\clbcatq.dll' 3e68.990: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll: Signature #1/2: info status: 24202 3e68.990: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.990: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 3e68.990: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. 3e68.990: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 3e68.990: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'. 3e68.990: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'. 3e68.990: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'. 3e68.990: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust 3e68.990: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll 3e68.990: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 3e68.990: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 3e68.990: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll 3e68.990: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 3e68.990: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 3e68.990: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll 3e68.990: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 3e68.990: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 3e68.990: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll 3e68.990: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 3e68.990: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 3e68.990: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 3e68.990: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 3e68.990: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll 3e68.990: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 3e68.990: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 3e68.990: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling] 3e68.990: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll 3e68.990: supR3HardenedDllNotificationCallback: load 00007ffd8b850000 LB 0x003c1000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0] 3e68.990: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll 3e68.990: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8b850000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll' 3e68.990: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll: Signature #1/2: info status: 24202 3e68.990: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.990: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 3e68.990: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. 3e68.990: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. 3e68.990: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'. 3e68.990: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'. 3e68.990: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'. 3e68.990: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'. 3e68.990: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust 3e68.990: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll 3e68.990: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 3e68.990: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 3e68.990: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 3e68.990: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 3e68.990: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll 3e68.990: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 3e68.990: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 3e68.990: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll 3e68.990: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... 3e68.990: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008] 3e68.990: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll 3e68.990: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 3e68.990: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 3e68.990: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll 3e68.990: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 3e68.990: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 3e68.990: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 3e68.990: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 3e68.990: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling] 3e68.990: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll 3e68.990: supR3HardenedDllNotificationCallback: load 00007ffd8bc20000 LB 0x000ef000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0] 3e68.990: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll 3e68.990: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8bc20000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll' 3e68.990: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll 3e68.990: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling] 3e68.990: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf64b0000 'C:\Windows\System32\oleaut32.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf6320000 'C:\WINDOWS\system32\gdi32.dll' 3e68.c78: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.c78: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.c78: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll: Signature #1/2: info status: 24202 3e68.c78: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.c78: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 3e68.c78: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. 3e68.c78: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll) WinVerifyTrust 3e68.c78: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll 3e68.c78: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 3e68.c78: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 3e68.c78: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 3e68.c78: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 3e68.c78: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.c78: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll 3e68.c78: supR3HardenedDllNotificationCallback: load 00007ffde9290000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL [fFlags=0x0] 3e68.c78: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll 3e68.c78: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde9290000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL' 3e68.3760: supR3HardenedDllNotificationCallback: load 00007ffdf6610000 LB 0x00115000 C:\WINDOWS\System32\MSCTF.dll [fFlags=0x0] 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'oleaut32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'user32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'gdi32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'imm32.dll'. 3e68.3760: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msctf.dll) 3e68.3760: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msctf.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\System32\crypt32.dll' 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msctf.dll' 3e68.3760: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009c0 pwszName=\Device\HarddiskVolume3\Windows\System32\DataExchange.dll 3e68.3760: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001077710 3e68.3760: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001077710 3e68.3760: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F602E8855BCD942955FA9DBB13C4E4D44C41A311 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\System32\crypt32.dll' 3e68.3760: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0510~31bf3856ad364e35~amd64~~10.0.19041.1415.cat'; file='\Device\HarddiskVolume3\Windows\System32\DataExchange.dll' 3e68.3760: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'd3d11.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'dcomp.dll'. 3e68.3760: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\DataExchange.dll) WinVerifyTrust 3e68.3760: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\DataExchange.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume3\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\System32\crypt32.dll' 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp_win.dll'. 3e68.3760: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dcomp.dll) WinVerifyTrust 3e68.3760: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dcomp.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume3\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\System32\crypt32.dll' 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'dxgi.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'win32u.dll'. 3e68.3760: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\d3d11.dll) WinVerifyTrust 3e68.3760: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\d3d11.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume3\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\System32\crypt32.dll' 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'win32u.dll'. 3e68.3760: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dxgi.dll) WinVerifyTrust 3e68.3760: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dxgi.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling] 3e68.3760: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DataExchange.dll 3e68.3760: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d11.dll 3e68.3760: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dcomp.dll 3e68.3760: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dxgi.dll 3e68.3760: supR3HardenedDllNotificationCallback: load 00007ffdf1970000 LB 0x000f4000 C:\WINDOWS\system32\dxgi.dll [fFlags=0x0] 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dxgi.dll 3e68.3760: supR3HardenedDllNotificationCallback: load 00007ffdef230000 LB 0x00264000 C:\WINDOWS\system32\d3d11.dll [fFlags=0x0] 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d11.dll 3e68.3760: supR3HardenedDllNotificationCallback: load 00007ffdefa60000 LB 0x001e5000 C:\WINDOWS\system32\dcomp.dll [fFlags=0x0] 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dcomp.dll 3e68.3760: supR3HardenedDllNotificationCallback: load 00007ffdbf770000 LB 0x0003e000 C:\WINDOWS\system32\dataexchange.dll [fFlags=0x0] 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DataExchange.dll 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf6320000 'C:\WINDOWS\System32\gdi32.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdbf770000 'C:\WINDOWS\system32\dataexchange.dll' 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'combase.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'msvcp_win.dll'. 3e68.3760: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll) 3e68.3760: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll 3e68.3760: supR3HardenedDllNotificationCallback: load 00007ffdeda20000 LB 0x00201000 C:\WINDOWS\system32\twinapi.appcore.dll [fFlags=0x0] 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust] 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\System32\crypt32.dll' 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll' 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Shcore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4a10000 'C:\WINDOWS\system32\Shcore.dll' 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'oleaut32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'coreuicomponents.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'coremessaging.dll'. 3e68.3760: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll) 3e68.3760: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'coremessaging.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'rpcrt4.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #48 'shcore.dll'. 3e68.3760: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll) 3e68.3760: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'ws2_32.dll'. 3e68.3760: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll) 3e68.3760: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll 3e68.3760: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntmarta.dll) 3e68.3760: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntmarta.dll 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'combase.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'bcryptprimitives.dll'. 3e68.3760: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\WinTypes.dll) 3e68.3760: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\WinTypes.dll 3e68.3760: supR3HardenedDllNotificationCallback: load 00007ffdf3b50000 LB 0x00033000 C:\WINDOWS\SYSTEM32\ntmarta.dll [fFlags=0x0] 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntmarta.dll [avoiding WinVerifyTrust] 3e68.3760: supR3HardenedDllNotificationCallback: load 00007ffdf0410000 LB 0x000f2000 C:\WINDOWS\System32\CoreMessaging.dll [fFlags=0x0] 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [avoiding WinVerifyTrust] 3e68.3760: supR3HardenedDllNotificationCallback: load 00007ffdeec70000 LB 0x00154000 C:\WINDOWS\SYSTEM32\wintypes.dll [fFlags=0x0] 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust] 3e68.3760: supR3HardenedDllNotificationCallback: load 00007ffdefd30000 LB 0x0035e000 C:\WINDOWS\System32\CoreUIComponents.dll [fFlags=0x0] 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll [avoiding WinVerifyTrust] 3e68.3760: supR3HardenedDllNotificationCallback: load 00007ffde6240000 LB 0x000f9000 C:\WINDOWS\SYSTEM32\textinputframework.dll [fFlags=0x0] 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll [avoiding WinVerifyTrust] 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume3\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume3\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume3\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coreuicomponents.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'coreuicomponents.dll' -> '\Device\HarddiskVolume3\Windows\System32\coreuicomponents.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll [lacks WinVerifyTrust] 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\System32\crypt32.dll' 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\WinTypes.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\System32\crypt32.dll' 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ntmarta.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\System32\crypt32.dll' 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\System32\crypt32.dll' 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\System32\crypt32.dll' 3e68.3760: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll' 3e68.3760: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll) -> 0x0, fPresent=1 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf6170000 'ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll' 3e68.3760: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll) -> 0x0, fPresent=1 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf6170000 'ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll' 3e68.3760: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-com-l1-1-0.dll) -> 0x0, fPresent=1 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-com-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf5430000 'api-ms-win-core-com-l1-1-0.dll' 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msctf.dll 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf6610000 'C:\WINDOWS\System32\MSCTF.dll' 3e68.3760: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b40 pwszName=\Device\HarddiskVolume3\Windows\System32\oleacc.dll 3e68.3760: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001077710 3e68.3760: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001077710 3e68.3760: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8F5F6FD89BE6BD7C0A280D2BF2CB2B19B0118938 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\System32\crypt32.dll' 3e68.3760: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05111~31bf3856ad364e35~amd64~~10.0.19041.1348.cat'; file='\Device\HarddiskVolume3\Windows\System32\oleacc.dll' 3e68.3760: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'. 3e68.3760: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\oleacc.dll) WinVerifyTrust 3e68.3760: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\oleacc.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\oleacc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.3760: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleacc.dll 3e68.3760: supR3HardenedDllNotificationCallback: load 00007ffddf9e0000 LB 0x00066000 C:\WINDOWS\system32\oleacc.dll [fFlags=0x0] 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleacc.dll 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffddf9e0000 'C:\WINDOWS\system32\oleacc.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf64b0000 'C:\WINDOWS\System32\OLEAUT32.DLL' 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleacc.dll 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleacc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffddf9e0000 'C:\Windows\System32\oleacc.dll' 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf5790000 'C:\WINDOWS\system32\shell32.dll' 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf5790000 'C:\WINDOWS\system32\shell32.dll' 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf47e0000 'C:\WINDOWS\System32\ole32.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf64b0000 'C:\WINDOWS\System32\OLEAUT32.dll' 3e68.3760: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a44 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll 3e68.3760: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001077710 3e68.3760: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001077710 3e68.3760: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D5E9B4B8E891F6D9AAF89D119CB8AAE1934ED673 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\System32\crypt32.dll' 3e68.3760: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.19041.1348.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll' 3e68.3760: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'. 3e68.3760: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust 3e68.3760: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b2c pwszName=\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll 3e68.3760: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001077710 3e68.3760: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001077710 3e68.3760: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3171C0A71232B61EEEB57057418104E9B8748536 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\System32\crypt32.dll' 3e68.3760: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.19041.1348.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' 3e68.3760: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 3e68.3760: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll) WinVerifyTrust 3e68.3760: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling] 3e68.3760: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll 3e68.3760: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll 3e68.3760: supR3HardenedDllNotificationCallback: load 00007ffde8ed0000 LB 0x00092000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [fFlags=0x0] 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll 3e68.3760: supR3HardenedDllNotificationCallback: load 00007ffdeaad0000 LB 0x00011000 C:\WINDOWS\system32\wbem\wbemprox.dll [fFlags=0x0] 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll 3e68.3760: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(API-MS-Win-Core-LocalRegistry-L1-1-0.dll) -> 0x0, fPresent=1 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf3fe0000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdeaad0000 'C:\WINDOWS\system32\wbem\wbemprox.dll' 3e68.3760: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b70 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll 3e68.3760: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001077710 3e68.3760: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001077710 3e68.3760: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8CA332CD27CD01F33F85EB4BED516FAA617B555A 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\System32\crypt32.dll' 3e68.3760: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.19041.1348.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll' 3e68.3760: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'. 3e68.3760: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust 3e68.3760: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling] 3e68.3760: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll 3e68.3760: supR3HardenedDllNotificationCallback: load 00007ffdec820000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [fFlags=0x0] 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdec820000 'C:\WINDOWS\system32\wbem\wbemsvc.dll' 3e68.3760: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-0.dll) -> 0x0, fPresent=1 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf3fe0000 'api-ms-win-core-localization-l1-2-0.dll' 3e68.3760: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-1-0.dll) -> 0x0, fPresent=1 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf3fe0000 'api-ms-win-core-localization-obsolete-l1-1-0.dll' 3e68.3760: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b30 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll 3e68.3760: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001077710 3e68.3760: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001077710 3e68.3760: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=184DC69A17259EC62BC6A74793DCE28D7CC5A1AC 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\System32\crypt32.dll' 3e68.3760: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.19041.1348.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll' 3e68.3760: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'wbemcomn.dll'. 3e68.3760: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll) WinVerifyTrust 3e68.3760: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling] 3e68.3760: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll 3e68.3760: supR3HardenedDllNotificationCallback: load 00007ffde8420000 LB 0x0010b000 C:\WINDOWS\system32\wbem\fastprox.dll [fFlags=0x0] 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde8420000 'C:\WINDOWS\system32\wbem\fastprox.dll' 3e68.3760: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b58 pwszName=\Device\HarddiskVolume3\Windows\System32\amsi.dll 3e68.3760: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001077710 3e68.3760: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001077710 3e68.3760: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=245B8E27DCB2C7A41C4202082696F699C79E039C 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\System32\crypt32.dll' 3e68.3760: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05~31bf3856ad364e35~amd64~~10.0.19041.1348.cat'; file='\Device\HarddiskVolume3\Windows\System32\amsi.dll' 3e68.3760: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'. 3e68.3760: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\amsi.dll) WinVerifyTrust 3e68.3760: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\amsi.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\amsi.dll (Input=amsi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling] 3e68.3760: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\amsi.dll 3e68.3760: supR3HardenedDllNotificationCallback: load 00007ffde91f0000 LB 0x00019000 C:\WINDOWS\System32\amsi.dll [fFlags=0x0] 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\amsi.dll 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde91f0000 'C:\WINDOWS\System32\amsi.dll' 3e68.3760: \Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\bdamsi\265691267036524441\antimalware_provider64.dll: Owner is administrators group. 3e68.3760: \Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\bdamsi\265691267036524441\antimalware_provider64.dll: Signature #1/2: info status: 24202 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'version.dll'. 3e68.3760: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\bdamsi\265691267036524441\antimalware_provider64.dll) WinVerifyTrust 3e68.3760: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\bdamsi\265691267036524441\antimalware_provider64.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume3\Windows\System32\version.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\System32\crypt32.dll' 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 3e68.3760: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\version.dll) WinVerifyTrust 3e68.3760: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\version.dll 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3e68.3760: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Bitdefender Antivirus Free\bdamsi\265691267036524441\antimalware_provider64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.3760: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\bdamsi\265691267036524441\antimalware_provider64.dll 3e68.3760: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\version.dll 3e68.3760: supR3HardenedDllNotificationCallback: load 00007ffdf1bd0000 LB 0x0000a000 C:\WINDOWS\SYSTEM32\VERSION.dll [fFlags=0x0] 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\version.dll 3e68.3760: supR3HardenedDllNotificationCallback: load 00007ffdcd2f0000 LB 0x000af000 C:\Program Files\Bitdefender Antivirus Free\bdamsi\265691267036524441\antimalware_provider64.dll [fFlags=0x0] 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\bdamsi\265691267036524441\antimalware_provider64.dll 3e68.3760: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf3fe0000 'api-ms-win-core-synch-l1-2-0' 3e68.3760: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf3fe0000 'api-ms-win-core-fibers-l1-1-1' 3e68.3760: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf3fe0000 'api-ms-win-core-synch-l1-2-0' 3e68.3760: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf3fe0000 'api-ms-win-core-fibers-l1-1-1' 3e68.3760: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf3fe0000 'api-ms-win-core-localization-l1-2-1' 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf63f0000 'C:\WINDOWS\System32\kernel32.dll' 3e68.3760: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf3fe0000 'api-ms-win-core-string-l1-1-0' 3e68.3760: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf3fe0000 'api-ms-win-core-datetime-l1-1-1' 3e68.3760: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1 3e68.3760: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling] 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf3fe0000 'api-ms-win-core-localization-obsolete-l1-2-0' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdcd2f0000 'C:\Program Files\Bitdefender Antivirus Free\bdamsi\265691267036524441\antimalware_provider64.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf5310000 'C:\WINDOWS\System32\ADVAPI32.dll' 3e68.19ec: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll: Signature #1/2: info status: 24202 3e68.19ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.19ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 3e68.19ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. 3e68.19ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust 3e68.19ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll 3e68.19ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 3e68.19ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 3e68.19ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 3e68.19ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 3e68.19ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.19ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll 3e68.19ec: supR3HardenedDllNotificationCallback: load 00007ffda1f60000 LB 0x0037c000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0] 3e68.19ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll 3e68.19ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffda1f60000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL' 3e68.3b24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf47e0000 'C:\WINDOWS\system32\ole32.dll' 3e68.864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf47e0000 'C:\WINDOWS\system32\ole32.dll' 3e68.36ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf47e0000 'C:\WINDOWS\system32\ole32.dll' 3e68.4b6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf47e0000 'C:\WINDOWS\system32\ole32.dll' 3e68.3b24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.5520: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll: Signature #1/2: info status: 24202 3e68.5520: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.5520: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 3e68.5520: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. 3e68.5520: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'. 3e68.5520: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'. 3e68.5520: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'. 3e68.5520: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust 3e68.5520: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll 3e68.5520: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 3e68.5520: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 3e68.5520: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll 3e68.5520: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 3e68.5520: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 3e68.5520: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... 3e68.5520: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008] 3e68.5520: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll 3e68.5520: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 3e68.5520: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 3e68.5520: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 3e68.5520: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 3e68.5520: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.5520: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll 3e68.5520: supR3HardenedDllNotificationCallback: load 00007ffde9220000 LB 0x00010000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0] 3e68.5520: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll 3e68.5520: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde9220000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL' 3e68.3704: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll: Signature #1/2: info status: 24202 3e68.3704: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3704: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 3e68.3704: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. 3e68.3704: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 3e68.3704: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust 3e68.3704: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll 3e68.3704: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 3e68.3704: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 3e68.3704: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 3e68.3704: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 3e68.3704: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 3e68.3704: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 3e68.3704: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll 3e68.3704: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.3704: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll 3e68.3704: supR3HardenedDllNotificationCallback: load 00007ffde9210000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0] 3e68.3704: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll 3e68.3704: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde9210000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL' 3e68.3b24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf5790000 'C:\WINDOWS\system32\Shell32.dll' 3e68.3b24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll 3e68.3b24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.3b24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffda1f60000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL' 3e68.3b24: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll: Signature #1/2: info status: 24202 3e68.3b24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3b24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 3e68.3b24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. 3e68.3b24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 3e68.3b24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'. 3e68.3b24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'. 3e68.3b24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll) WinVerifyTrust 3e68.3b24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 3e68.3b24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.3b24: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll 3e68.3b24: supR3HardenedDllNotificationCallback: load 00007ffda4f30000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0] 3e68.3b24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll 3e68.3b24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffda4f30000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL' 3e68.3b24: supR3HardenedDllNotificationCallback: Unload 00007ffda4f30000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0] 3e68.3b24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3b24: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll: Signature #1/2: info status: 24202 3e68.3b24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3b24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 3e68.3b24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'. 3e68.3b24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 3e68.3b24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'. 3e68.3b24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'. 3e68.3b24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'. 3e68.3b24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'. 3e68.3b24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'. 3e68.3b24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'. 3e68.3b24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'. 3e68.3b24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust 3e68.3b24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'... 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008] 3e68.3b24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3b24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\System32\crypt32.dll' 3e68.3b24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust 3e68.3b24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 3e68.3b24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'... 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008] 3e68.3b24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3b24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\System32\crypt32.dll' 3e68.3b24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 3e68.3b24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'rpcrt4.dll'. 3e68.3b24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'cfgmgr32.dll'. 3e68.3b24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'bcrypt.dll'. 3e68.3b24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\setupapi.dll) WinVerifyTrust 3e68.3b24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\setupapi.dll 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'... 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008] 3e68.3b24: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll: Signature #1/2: info status: 24202 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'... 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008] 3e68.3b24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'... 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008] 3e68.3b24: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'. 3e68.3b24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll) 3e68.3b24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3e68.3b24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3b24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 3e68.3b24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. 3e68.3b24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust 3e68.3b24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'... 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008] 3e68.3b24: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll: Signature #1/2: info status: 24202 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 3e68.3b24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3b24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 3e68.3b24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. 3e68.3b24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 3e68.3b24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'. 3e68.3b24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'. 3e68.3b24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust 3e68.3b24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008] 3e68.3b24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'... 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008] 3e68.3b24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 3e68.3b24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.3b24: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll 3e68.3b24: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll 3e68.3b24: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll 3e68.3b24: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL 3e68.3b24: supR3HardenedDllNotificationCallback: load 00007ffdf3e80000 LB 0x0004e000 C:\WINDOWS\System32\cfgmgr32.dll [fFlags=0x0] 3e68.3b24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll [avoiding WinVerifyTrust] 3e68.3b24: supR3HardenedDllNotificationCallback: load 00007ffdf4c00000 LB 0x00472000 C:\WINDOWS\System32\SETUPAPI.dll [fFlags=0x0] 3e68.3b24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll 3e68.3b24: supR3HardenedDllNotificationCallback: load 00007ffd8b510000 LB 0x00066000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0] 3e68.3b24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll 3e68.3b24: supR3HardenedDllNotificationCallback: load 00007ffd43eb0000 LB 0x0085c000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0] 3e68.3b24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll 3e68.3b24: supR3HardenedDllNotificationCallback: load 00007ffdf2c30000 LB 0x0003b000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0] 3e68.3b24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL 3e68.3b24: supR3HardenedDllNotificationCallback: load 00007ffd44710000 LB 0x00a04000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0] 3e68.3b24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll 3e68.3b24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44710000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL' 3e68.3b24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3b24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\System32\crypt32.dll' 3e68.3b24: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' 3e68.3b24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3b24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll 3e68.3b24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.3b24: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll 3e68.3b24: supR3HardenedDllNotificationCallback: load 00007ffda4f30000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0] 3e68.3b24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll 3e68.3b24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffda4f30000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL' 3e68.3b24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3b24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll 3e68.3b24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.3b24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd8b850000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL' 3e68.3b24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3b24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll 3e68.3b24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.3b24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43eb0000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL' 3e68.3b24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3b24: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll: Signature #1/2: info status: 24202 3e68.3b24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3b24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 3e68.3b24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. 3e68.3b24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll) WinVerifyTrust 3e68.3b24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 3e68.3b24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.3b24: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll 3e68.3b24: supR3HardenedDllNotificationCallback: load 00007ffde6600000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [fFlags=0x0] 3e68.3b24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll 3e68.3b24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde6600000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL' 3e68.3b24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3b24: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll: Signature #1/2: info status: 24202 3e68.3b24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3b24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 3e68.3b24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. 3e68.3b24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll) WinVerifyTrust 3e68.3b24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 3e68.3b24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.3b24: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll 3e68.3b24: supR3HardenedDllNotificationCallback: load 00007ffdcc1f0000 LB 0x00012000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL [fFlags=0x0] 3e68.3b24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll 3e68.3b24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdcc1f0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL' 3e68.3b24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3b24: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll: Signature #1/2: info status: 24202 3e68.3b24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3b24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 3e68.3b24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. 3e68.3b24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll) WinVerifyTrust 3e68.3b24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 3e68.3b24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.3b24: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll 3e68.3b24: supR3HardenedDllNotificationCallback: load 00007ffdbd4c0000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [fFlags=0x0] 3e68.3b24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll 3e68.3b24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdbd4c0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL' 3e68.3b24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3b24: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll: Signature #1/2: info status: 24202 3e68.3b24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3b24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 3e68.3b24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. 3e68.3b24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll) WinVerifyTrust 3e68.3b24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 3e68.3b24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.3b24: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll 3e68.3b24: supR3HardenedDllNotificationCallback: load 00007ffdb11c0000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [fFlags=0x0] 3e68.3b24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll 3e68.3b24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdb11c0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL' 3e68.3b24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3898: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll: Signature #1/2: info status: 24202 3e68.3898: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 3e68.3898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'. 3e68.3898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 3e68.3898: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust 3e68.3898: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll 3e68.3898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 3e68.3898: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 3e68.3898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... 3e68.3898: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008] 3e68.3898: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll 3e68.3898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 3e68.3898: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 3e68.3898: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.3898: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll 3e68.3898: supR3HardenedDllNotificationCallback: load 00007ffdad2f0000 LB 0x00014000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0] 3e68.3898: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll 3e68.3898: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdad2f0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL' 3e68.2e44: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll: Signature #1/2: info status: 24202 3e68.2e44: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.2e44: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 3e68.2e44: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. 3e68.2e44: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'. 3e68.2e44: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'. 3e68.2e44: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust 3e68.2e44: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll 3e68.2e44: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 3e68.2e44: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 3e68.2e44: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... 3e68.2e44: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008] 3e68.2e44: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll 3e68.2e44: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 3e68.2e44: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 3e68.2e44: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 3e68.2e44: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 3e68.2e44: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.2e44: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll 3e68.2e44: supR3HardenedDllNotificationCallback: load 00007ffde8c40000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0] 3e68.2e44: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll 3e68.2e44: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde8c40000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL' 3e68.4620: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll: Signature #1/2: info status: 24202 3e68.4620: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.4620: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 3e68.4620: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. 3e68.4620: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 3e68.4620: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust 3e68.4620: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll 3e68.4620: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 3e68.4620: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 3e68.4620: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 3e68.4620: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 3e68.4620: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 3e68.4620: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 3e68.4620: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.4620: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll 3e68.4620: supR3HardenedDllNotificationCallback: load 00007ffdde340000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0] 3e68.4620: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll 3e68.4620: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdde340000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL' 3e68.3b24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3b24: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll: Signature #1/2: info status: 24202 3e68.3b24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3b24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 3e68.3b24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. 3e68.3b24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll) WinVerifyTrust 3e68.3b24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 3e68.3b24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.3b24: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll 3e68.3b24: supR3HardenedDllNotificationCallback: load 00007ffdaaf00000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL [fFlags=0x0] 3e68.3b24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll 3e68.3b24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdaaf00000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL' 3e68.3b24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL 3e68.3b24: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.3b24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2c30000 'C:\WINDOWS\system32\Iphlpapi.dll' 3e68.3b24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'. 3e68.3b24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'nsi.dll'. 3e68.3b24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winnsi.dll) 3e68.3b24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winnsi.dll 3e68.3b24: supR3HardenedDllNotificationCallback: load 00007ffdf5250000 LB 0x00008000 C:\WINDOWS\System32\NSI.dll [fFlags=0x0] 3e68.3b24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\nsi.dll) 3e68.3b24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\nsi.dll 3e68.3b24: supR3HardenedDllNotificationCallback: load 00007ffdee4a0000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\WINNSI.DLL [fFlags=0x0] 3e68.3b24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winnsi.dll [avoiding WinVerifyTrust] 3e68.3b24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'. 3e68.3b24: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll) 3e68.3b24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll 3e68.3b24: supR3HardenedDllNotificationCallback: load 00007ffded5a0000 LB 0x00017000 C:\WINDOWS\SYSTEM32\dhcpcsvc6.DLL [fFlags=0x0] 3e68.3b24: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll [avoiding WinVerifyTrust] 3e68.3b24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'. 3e68.3b24: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll) 3e68.3b24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll 3e68.3b24: supR3HardenedDllNotificationCallback: load 00007ffded4d0000 LB 0x0001d000 C:\WINDOWS\SYSTEM32\dhcpcsvc.DLL [fFlags=0x0] 3e68.3b24: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll [avoiding WinVerifyTrust] 3e68.3b24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dnsapi.dll) 3e68.3b24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dnsapi.dll 3e68.3b24: supR3HardenedDllNotificationCallback: load 00007ffdf2c70000 LB 0x000cb000 C:\WINDOWS\SYSTEM32\DNSAPI.dll [fFlags=0x0] 3e68.3b24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dnsapi.dll [avoiding WinVerifyTrust] 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'... 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008] 3e68.3b24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll [lacks WinVerifyTrust] 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 3e68.3b24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3b24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\System32\crypt32.dll' 3e68.3b24: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dnsapi.dll' 3e68.3b24: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ffc pwszName=\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll 3e68.3b24: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001077710 3e68.3b24: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001077710 3e68.3b24: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DCAD48333E2A4922B628484108339A2EED2CAAA4 3e68.3b24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3b24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\System32\crypt32.dll' 3e68.3b24: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0516~31bf3856ad364e35~amd64~~10.0.19041.1288.cat'; file='\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll' 3e68.3b24: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 3e68.3b24: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll' 3e68.3b24: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ff4 pwszName=\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll 3e68.3b24: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001077710 3e68.3b24: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001077710 3e68.3b24: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3B30BEFD11A7A908BF866683855A2B32DDCBE496 3e68.3b24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3b24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\System32\crypt32.dll' 3e68.3b24: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0516~31bf3856ad364e35~amd64~~10.0.19041.1288.cat'; file='\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll' 3e68.3b24: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 3e68.3b24: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll' 3e68.3b24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3b24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\System32\crypt32.dll' 3e68.3b24: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\nsi.dll' 3e68.3b24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3b24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\System32\crypt32.dll' 3e68.3b24: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\winnsi.dll' 3e68.3b24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3b24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\System32\crypt32.dll' 3e68.3b24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'. 3e68.3b24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'. 3e68.3b24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'devobj.dll'. 3e68.3b24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll) WinVerifyTrust 3e68.3b24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'... 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume3\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008] 3e68.3b24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3b24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\System32\crypt32.dll' 3e68.3b24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'cfgmgr32.dll'. 3e68.3b24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\devobj.dll) WinVerifyTrust 3e68.3b24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\devobj.dll 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] 3e68.3b24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'... 3e68.3b24: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008] 3e68.3b24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll 3e68.3b24: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling] 3e68.3b24: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll 3e68.3b24: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devobj.dll 3e68.3b24: supR3HardenedDllNotificationCallback: load 00007ffdf3bb0000 LB 0x00034000 C:\WINDOWS\System32\DEVOBJ.dll [fFlags=0x0] 3e68.3b24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devobj.dll 3e68.3b24: supR3HardenedDllNotificationCallback: load 00007ffdeadf0000 LB 0x00085000 C:\WINDOWS\System32\MMDevApi.dll [fFlags=0x0] 3e68.3b24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll 3e68.3b24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdeadf0000 'C:\WINDOWS\System32\MMDevApi.dll' 3e68.3b24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll 3e68.3b24: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.3b24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdeadf0000 'C:\WINDOWS\System32\MMDEVAPI.DLL' 3e68.3b24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf5790000 'C:\WINDOWS\system32\shell32.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf5790000 'C:\WINDOWS\system32\shell32.dll' 3e68.49f4: '\Device\HarddiskVolume3\Windows\System32\tzres.dll' has no imports 3e68.49f4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\tzres.dll) 3e68.49f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\tzres.dll 3e68.49f4: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000001234 (hFile=0000000000001220) with 0xc0000022 -> STATUS_TRUST_FAILURE 3e68.49f4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\tzres.dll [avoiding WinVerifyTrust] 3e68.49f4: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000001220 (hFile=0000000000001234) with 0xc0000022 -> STATUS_TRUST_FAILURE 3e68.49f4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001230 pwszName=\Device\HarddiskVolume3\Windows\System32\tzres.dll 3e68.49f4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001077710 3e68.49f4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001077710 3e68.49f4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2E839801282351DA34C3C3D030DE51DC353C9836 3e68.49f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.49f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\System32\crypt32.dll' 3e68.49f4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0516~31bf3856ad364e35~amd64~~10.0.19041.1415.cat'; file='\Device\HarddiskVolume3\Windows\System32\tzres.dll' 3e68.49f4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 3e68.49f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\tzres.dll' 3e68.49f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.49f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\System32\crypt32.dll' 3e68.49f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'ws2_32.dll'. 3e68.49f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'. 3e68.49f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\mswsock.dll) WinVerifyTrust 3e68.49f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\mswsock.dll 3e68.49f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 3e68.49f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 3e68.49f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 3e68.49f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 3e68.49f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll 3e68.49f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\mswsock.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.49f4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mswsock.dll 3e68.49f4: supR3HardenedDllNotificationCallback: load 00007ffdf3080000 LB 0x0006a000 C:\WINDOWS\system32\mswsock.dll [fFlags=0x0] 3e68.49f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mswsock.dll 3e68.49f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf3080000 'C:\WINDOWS\system32\mswsock.dll' 3e68.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 3e68.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\System32\crypt32.dll' 3e68.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'. 3e68.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'. 3e68.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'. 3e68.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'mmdevapi.dll'. 3e68.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\AudioSes.dll) WinVerifyTrust 3e68.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\AudioSes.dll 3e68.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'... 3e68.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008] 3e68.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll 3e68.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 3e68.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 3e68.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 3e68.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 3e68.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... 3e68.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] 3e68.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll 3e68.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 3e68.9f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\AudioSes.dll 3e68.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'. 3e68.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\powrprof.dll) 3e68.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\powrprof.dll 3e68.9f0: supR3HardenedDllNotificationCallback: load 00007ffdf3c40000 LB 0x0004b000 C:\WINDOWS\SYSTEM32\powrprof.dll [fFlags=0x0] 3e68.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\powrprof.dll [avoiding WinVerifyTrust] 3e68.9f0: supR3HardenedDllNotificationCallback: load 00007ffdeae80000 LB 0x00181000 C:\WINDOWS\System32\AUDIOSES.DLL [fFlags=0x0] 3e68.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\AudioSes.dll 3e68.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\umpdc.dll) 3e68.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\umpdc.dll 3e68.9f0: supR3HardenedDllNotificationCallback: load 00007ffdf3c20000 LB 0x00012000 C:\WINDOWS\SYSTEM32\UMPDC.dll [fFlags=0x0] 3e68.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\umpdc.dll [avoiding WinVerifyTrust] 3e68.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdeae80000 'C:\WINDOWS\System32\AUDIOSES.DLL' 3e68.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 3e68.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 3e68.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\System32\crypt32.dll' 3e68.9f0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\umpdc.dll' 3e68.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf2880000 'C:\WINDOWS\system32\rsaenh.dll' 3e68.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf4570000 'C:\WINDOWS\System32\crypt32.dll' 3e68.9f0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' 3e68.5520: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf6170000 'C:\WINDOWS\system32\User32.dll' 3e68.3760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf5790000 'C:\WINDOWS\system32\shell32.dll' 3e68.4620: supR3HardenedDllNotificationCallback: Unload 00007ffdde340000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [flags=0x0] 3e68.2e44: supR3HardenedDllNotificationCallback: Unload 00007ffde8c40000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [flags=0x0] 3e68.3898: supR3HardenedDllNotificationCallback: Unload 00007ffdad2f0000 LB 0x00014000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [flags=0x0] 3e68.3704: supR3HardenedDllNotificationCallback: Unload 00007ffde9210000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [flags=0x0] 3e68.5520: supR3HardenedDllNotificationCallback: Unload 00007ffde9220000 LB 0x00010000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [flags=0x0] 3e68.3b24: supR3HardenedDllNotificationCallback: Unload 00007ffdb11c0000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [flags=0x0] 3e68.3b24: supR3HardenedDllNotificationCallback: Unload 00007ffdbd4c0000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [flags=0x0] 3e68.3b24: supR3HardenedDllNotificationCallback: Unload 00007ffdcc1f0000 LB 0x00012000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL [flags=0x0] 3e68.3b24: supR3HardenedDllNotificationCallback: Unload 00007ffde6600000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [flags=0x0] 3e68.3b24: supR3HardenedDllNotificationCallback: Unload 00007ffda4f30000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0] 3e68.3b24: supR3HardenedDllNotificationCallback: Unload 00007ffd44710000 LB 0x00a04000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [flags=0x0] 3e68.3b24: supR3HardenedDllNotificationCallback: Unload 00007ffd8b510000 LB 0x00066000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [flags=0x0] 3e68.3b24: supR3HardenedDllNotificationCallback: Unload 00007ffd43eb0000 LB 0x0085c000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [flags=0x0] 3e68.3b24: supR3HardenedDllNotificationCallback: Unload 00007ffdf4c00000 LB 0x00472000 C:\WINDOWS\System32\SETUPAPI.dll [flags=0x0] 3e68.3760: supR3HardenedDllNotificationCallback: Unload 00007ffde9290000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL [flags=0x0] 3e68.3760: supR3HardenedDllNotificationCallback: Unload 00007ffdec820000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [flags=0x0] 3e68.3760: supR3HardenedDllNotificationCallback: Unload 00007ffdbf770000 LB 0x0003e000 C:\WINDOWS\system32\dataexchange.dll [flags=0x0] 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'. 3e68.3760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'win32u.dll'. 3e68.3760: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\DXCore.dll) 3e68.3760: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\DXCore.dll 3e68.3760: supR3HardenedDllNotificationCallback: load 00007ffde8fe0000 LB 0x0003b000 C:\WINDOWS\SYSTEM32\dxcore.dll [fFlags=0x0] 3e68.3760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DXCore.dll [avoiding WinVerifyTrust] 3e68.3760: supR3HardenedDllNotificationCallback: Unload 00007ffdef230000 LB 0x00264000 C:\WINDOWS\system32\d3d11.dll [flags=0x0] 3e68.3760: supR3HardenedDllNotificationCallback: Unload 00007ffdf1970000 LB 0x000f4000 C:\WINDOWS\system32\dxgi.dll [flags=0x0] 3e68.3760: supR3HardenedDllNotificationCallback: Unload 00007ffdefa60000 LB 0x001e5000 C:\WINDOWS\system32\dcomp.dll [flags=0x0] 3e68.3760: supR3HardenedDllNotificationCallback: Unload 00007ffdeda20000 LB 0x00201000 C:\WINDOWS\system32\twinapi.appcore.dll [flags=0x0] 3e68.3760: supR3HardenedDllNotificationCallback: Unload 00007ffde8420000 LB 0x0010b000 C:\WINDOWS\system32\wbem\fastprox.dll [flags=0x0] 3e68.3760: supR3HardenedDllNotificationCallback: Unload 00007ffd8bc20000 LB 0x000ef000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [flags=0x0] 3e68.3760: supR3HardenedDllNotificationCallback: Unload 00007ffdeaad0000 LB 0x00011000 C:\WINDOWS\system32\wbem\wbemprox.dll [flags=0x0] 3e68.3760: supR3HardenedDllNotificationCallback: Unload 00007ffde8ed0000 LB 0x00092000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [flags=0x0] 3e68.3760: supR3HardenedDllNotificationCallback: Unload 00007ffd8b850000 LB 0x003c1000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [flags=0x0] 3e68.3760: Terminating the normal way: rcExit=0 6558.2ef4: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 370876 ms, the end); 27c8.36b8: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 371844 ms, the end);
Optional Paste Settings
Category:
None
Cryptocurrency
Cybersecurity
Fixit
Food
Gaming
Haiku
Help
History
Housing
Jokes
Legal
Money
Movies
Music
Pets
Photo
Science
Software
Source Code
Spirit
Sports
Travel
TV
Writing
Tags:
Syntax Highlighting:
None
Bash
C
C#
C++
CSS
HTML
JSON
Java
JavaScript
Lua
Markdown (PRO members only)
Objective C
PHP
Perl
Python
Ruby
Swift
4CS
6502 ACME Cross Assembler
6502 Kick Assembler
6502 TASM/64TASS
ABAP
AIMMS
ALGOL 68
APT Sources
ARM
ASM (NASM)
ASP
ActionScript
ActionScript 3
Ada
Apache Log
AppleScript
Arduino
Asymptote
AutoIt
Autohotkey
Avisynth
Awk
BASCOM AVR
BNF
BOO
Bash
Basic4GL
Batch
BibTeX
Blitz Basic
Blitz3D
BlitzMax
BrainFuck
C
C (WinAPI)
C Intermediate Language
C for Macs
C#
C++
C++ (WinAPI)
C++ (with Qt extensions)
C: Loadrunner
CAD DCL
CAD Lisp
CFDG
CMake
COBOL
CSS
Ceylon
ChaiScript
Chapel
Clojure
Clone C
Clone C++
CoffeeScript
ColdFusion
Cuesheet
D
DCL
DCPU-16
DCS
DIV
DOT
Dart
Delphi
Delphi Prism (Oxygene)
Diff
E
ECMAScript
EPC
Easytrieve
Eiffel
Email
Erlang
Euphoria
F#
FO Language
Falcon
Filemaker
Formula One
Fortran
FreeBasic
FreeSWITCH
GAMBAS
GDB
GDScript
Game Maker
Genero
Genie
GetText
Go
Godot GLSL
Groovy
GwBasic
HQ9 Plus
HTML
HTML 5
Haskell
Haxe
HicEst
IDL
INI file
INTERCAL
IO
ISPF Panel Definition
Icon
Inno Script
J
JCL
JSON
Java
Java 5
JavaScript
Julia
KSP (Kontakt Script)
KiXtart
Kotlin
LDIF
LLVM
LOL Code
LScript
Latex
Liberty BASIC
Linden Scripting
Lisp
Loco Basic
Logtalk
Lotus Formulas
Lotus Script
Lua
M68000 Assembler
MIX Assembler
MK-61/52
MPASM
MXML
MagikSF
Make
MapBasic
Markdown (PRO members only)
MatLab
Mercury
MetaPost
Modula 2
Modula 3
Motorola 68000 HiSoft Dev
MySQL
Nagios
NetRexx
Nginx
Nim
NullSoft Installer
OCaml
OCaml Brief
Oberon 2
Objeck Programming Langua
Objective C
Octave
Open Object Rexx
OpenBSD PACKET FILTER
OpenGL Shading
Openoffice BASIC
Oracle 11
Oracle 8
Oz
PARI/GP
PCRE
PHP
PHP Brief
PL/I
PL/SQL
POV-Ray
ParaSail
Pascal
Pawn
Per
Perl
Perl 6
Phix
Pic 16
Pike
Pixel Bender
PostScript
PostgreSQL
PowerBuilder
PowerShell
ProFTPd
Progress
Prolog
Properties
ProvideX
Puppet
PureBasic
PyCon
Python
Python for S60
QBasic
QML
R
RBScript
REBOL
REG
RPM Spec
Racket
Rails
Rexx
Robots
Roff Manpage
Ruby
Ruby Gnuplot
Rust
SAS
SCL
SPARK
SPARQL
SQF
SQL
SSH Config
Scala
Scheme
Scilab
SdlBasic
Smalltalk
Smarty
StandardML
StoneScript
SuperCollider
Swift
SystemVerilog
T-SQL
TCL
TeXgraph
Tera Term
TypeScript
TypoScript
UPC
Unicon
UnrealScript
Urbi
VB.NET
VBScript
VHDL
VIM
Vala
Vedit
VeriLog
Visual Pro Log
VisualBasic
VisualFoxPro
WHOIS
WhiteSpace
Winbatch
XBasic
XML
XPP
Xojo
Xorg Config
YAML
YARA
Z80 Assembler
ZXBasic
autoconf
jQuery
mIRC
newLISP
q/kdb+
thinBasic
Paste Expiration:
Never
Burn after read
10 Minutes
1 Hour
1 Day
1 Week
2 Weeks
1 Month
6 Months
1 Year
Paste Exposure:
Public
Unlisted
Private
Folder:
(members only)
Password
NEW
Enabled
Disabled
Burn after read
NEW
Paste Name / Title:
Create New Paste
Hello
Guest
Sign Up
or
Login
Sign in with Facebook
Sign in with Twitter
Sign in with Google
You are currently not logged in, this means you can not edit or delete anything you paste.
Sign Up
or
Login
Public Pastes
Untitled
23 min ago | 6.06 KB
Untitled
2 hours ago | 6.29 KB
Untitled
4 hours ago | 7.39 KB
Untitled
6 hours ago | 5.74 KB
Untitled
8 hours ago | 5.00 KB
Untitled
9 hours ago | 9.00 KB
Untitled
13 hours ago | 5.64 KB
PS: CI Sheet Review/Finalize CI Sheet - Respo...
13 hours ago | 0.27 KB
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the
Cookies Policy
.
OK, I Understand
Not a member of Pastebin yet?
Sign Up
, it unlocks many cool features!
