VirtualBox

Ticket #13642: VBoxStartup.log

File VBoxStartup.log, 341.3 KB (added by yesoos, 10 years ago)

vboxstartup log

Line 
1490.13a8: Log file opened: 4.3.21r97018 g_hStartupLog=0000000000000010 g_uNtVerCombined=0x63258000
2490.13a8: \SystemRoot\System32\ntdll.dll:
3490.13a8: CreationTime: 2014-10-16T05:28:36.640268200Z
4490.13a8: LastWriteTime: 2014-08-16T04:01:48.888112400Z
5490.13a8: ChangeTime: 2014-10-16T11:35:18.666469000Z
6490.13a8: FileAttributes: 0x20
7490.13a8: Size: 0x1a1868
8490.13a8: NT Headers: 0xe8
9490.13a8: Timestamp: 0x53eebd22
10490.13a8: Machine: 0x8664 - amd64
11490.13a8: Timestamp: 0x53eebd22
12490.13a8: Image Version: 6.3
13490.13a8: SizeOfImage: 0x1a6000 (1728512)
14490.13a8: Resource Dir: 0x141000 LB 0x62450
15490.13a8: ProductName: Microsoft® Windows® Operating System
16490.13a8: ProductVersion: 6.3.9600.17278
17490.13a8: FileVersion: 6.3.9600.17278 (winblue_r2.140815-1500)
18490.13a8: FileDescription: NT Layer DLL
19490.13a8: \SystemRoot\System32\kernel32.dll:
20490.13a8: CreationTime: 2014-04-10T06:22:46.495003900Z
21490.13a8: LastWriteTime: 2014-03-20T04:19:59.915412000Z
22490.13a8: ChangeTime: 2014-04-10T06:36:12.855172700Z
23490.13a8: FileAttributes: 0x20
24490.13a8: Size: 0x13b3c0
25490.13a8: NT Headers: 0xe8
26490.13a8: Timestamp: 0x532a419c
27490.13a8: Machine: 0x8664 - amd64
28490.13a8: Timestamp: 0x532a419c
29490.13a8: Image Version: 6.3
30490.13a8: SizeOfImage: 0x13a000 (1286144)
31490.13a8: Resource Dir: 0x12a000 LB 0x520
32490.13a8: ProductName: Microsoft® Windows® Operating System
33490.13a8: ProductVersion: 6.3.9600.17056
34490.13a8: FileVersion: 6.3.9600.17056 (winblue_gdr.140319-1520)
35490.13a8: FileDescription: Windows NT BASE API Client DLL
36490.13a8: \SystemRoot\System32\KernelBase.dll:
37490.13a8: CreationTime: 2014-10-16T05:28:36.594282500Z
38490.13a8: LastWriteTime: 2014-08-16T03:58:45.372065200Z
39490.13a8: ChangeTime: 2014-10-16T11:35:18.510212600Z
40490.13a8: FileAttributes: 0x20
41490.13a8: Size: 0x10f9c0
42490.13a8: NT Headers: 0xf0
43490.13a8: Timestamp: 0x53eebf2e
44490.13a8: Machine: 0x8664 - amd64
45490.13a8: Timestamp: 0x53eebf2e
46490.13a8: Image Version: 6.3
47490.13a8: SizeOfImage: 0x10f000 (1110016)
48490.13a8: Resource Dir: 0x10a000 LB 0x3528
49490.13a8: ProductName: Microsoft® Windows® Operating System
50490.13a8: ProductVersion: 6.3.9600.17278
51490.13a8: FileVersion: 6.3.9600.17278 (winblue_r2.140815-1500)
52490.13a8: FileDescription: Windows NT BASE API Client DLL
53490.13a8: \SystemRoot\System32\apisetschema.dll:
54490.13a8: CreationTime: 2013-08-22T12:13:09.745625900Z
55490.13a8: LastWriteTime: 2013-08-22T12:35:12.091034400Z
56490.13a8: ChangeTime: 2013-10-17T15:08:21.251950300Z
57490.13a8: FileAttributes: 0x20
58490.13a8: Size: 0x11360
59490.13a8: NT Headers: 0xd0
60490.13a8: Timestamp: 0x52160049
61490.13a8: Machine: 0x8664 - amd64
62490.13a8: Timestamp: 0x52160049
63490.13a8: Image Version: 6.3
64490.13a8: SizeOfImage: 0x13000 (77824)
65490.13a8: Resource Dir: 0x11000 LB 0x3f8
66490.13a8: ProductName: Microsoft® Windows® Operating System
67490.13a8: ProductVersion: 6.3.9600.16384
68490.13a8: FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
69490.13a8: FileDescription: ApiSet Schema DLL
70490.13a8: NtOpenDirectoryObject failed on \Driver: 0xc0000022
71490.13a8: supR3HardenedWinFindAdversaries: 0x40
72490.13a8: \SystemRoot\System32\drivers\kl1.sys:
73490.13a8: CreationTime: 2014-02-20T10:59:04.000000000Z
74490.13a8: LastWriteTime: 2014-02-20T10:59:04.000000000Z
75490.13a8: ChangeTime: 2014-09-23T08:06:28.945022500Z
76490.13a8: FileAttributes: 0x20
77490.13a8: Size: 0x6fc60
78490.13a8: NT Headers: 0xe0
79490.13a8: Timestamp: 0x5305c3be
80490.13a8: Machine: 0x8664 - amd64
81490.13a8: Timestamp: 0x5305c3be
82490.13a8: Image Version: 0.0
83490.13a8: SizeOfImage: 0x75f000 (7729152)
84490.13a8: Resource Dir: 0x75d000 LB 0x448
85490.13a8: ProductName: Kaspersky Anti-Virus
86490.13a8: ProductVersion: 6.0.1.990
87490.13a8: FileVersion: 6.8.0.38
88490.13a8: FileDescription: Kaspersky Unified Driver
89490.13a8: \SystemRoot\System32\drivers\klflt.sys:
90490.13a8: CreationTime: 2014-09-23T08:05:07.970726700Z
91490.13a8: LastWriteTime: 2014-10-09T09:33:51.168422400Z
92490.13a8: ChangeTime: 2014-10-09T09:33:51.168422400Z
93490.13a8: FileAttributes: 0x20
94490.13a8: Size: 0x22c08
95490.13a8: NT Headers: 0xe0
96490.13a8: Timestamp: 0x54071890
97490.13a8: Machine: 0x8664 - amd64
98490.13a8: Timestamp: 0x54071890
99490.13a8: Image Version: 6.2
100490.13a8: SizeOfImage: 0x33000 (208896)
101490.13a8: Resource Dir: 0x31000 LB 0x378
102490.13a8: ProductName: Kaspersky™ Anti-Virus ®
103490.13a8: ProductVersion: 1.5.0.27
104490.13a8: FileVersion: 1.5.0.27
105490.13a8: FileDescription: Filter Core [fre_win8_x64]
106490.13a8: \SystemRoot\System32\drivers\klif.sys:
107490.13a8: CreationTime: 2014-09-23T08:05:07.952725500Z
108490.13a8: LastWriteTime: 2014-10-09T09:33:51.283433100Z
109490.13a8: ChangeTime: 2014-10-09T09:33:51.283433100Z
110490.13a8: FileAttributes: 0x20
111490.13a8: Size: 0xbc4c8
112490.13a8: NT Headers: 0xf8
113490.13a8: Timestamp: 0x54256756
114490.13a8: Machine: 0x8664 - amd64
115490.13a8: Timestamp: 0x54256756
116490.13a8: Image Version: 6.2
117490.13a8: SizeOfImage: 0xc4000 (802816)
118490.13a8: Resource Dir: 0xc1000 LB 0x1240
119490.13a8: ProductName: Kaspersky™ Anti-Virus ®
120490.13a8: ProductVersion: 8.15.0.241
121490.13a8: FileVersion: 8.15.0.241
122490.13a8: FileDescription: Klif Mini-Filter [fre_win8_x64]
123490.13a8: \SystemRoot\System32\drivers\klim6.sys:
124490.13a8: CreationTime: 2013-06-10T10:27:56.000000000Z
125490.13a8: LastWriteTime: 2014-02-25T11:09:02.000000000Z
126490.13a8: ChangeTime: 2014-09-23T08:06:28.524998200Z
127490.13a8: FileAttributes: 0x20
128490.13a8: Size: 0x7660
129490.13a8: NT Headers: 0xf0
130490.13a8: Timestamp: 0x530c5d9a
131490.13a8: Machine: 0x8664 - amd64
132490.13a8: Timestamp: 0x530c5d9a
133490.13a8: Image Version: 6.2
134490.13a8: SizeOfImage: 0xa000 (40960)
135490.13a8: Resource Dir: 0x8000 LB 0x470
136490.13a8: ProductName: Kaspersky Anti-Virus
137490.13a8: ProductVersion: 6.0.1.990
138490.13a8: FileVersion: 8.0.0.83
139490.13a8: FileDescription: Kaspersky Lab Intermediate Network Driver
140490.13a8: \SystemRoot\System32\drivers\klkbdflt.sys:
141490.13a8: CreationTime: 2014-03-28T15:51:02.000000000Z
142490.13a8: LastWriteTime: 2014-03-28T15:51:02.000000000Z
143490.13a8: ChangeTime: 2014-09-23T08:06:29.436051400Z
144490.13a8: FileAttributes: 0x20
145490.13a8: Size: 0x7060
146490.13a8: NT Headers: 0xe0
147490.13a8: Timestamp: 0x53357e35
148490.13a8: Machine: 0x8664 - amd64
149490.13a8: Timestamp: 0x53357e35
150490.13a8: Image Version: 6.2
151490.13a8: SizeOfImage: 0xc000 (49152)
152490.13a8: Resource Dir: 0xa000 LB 0x3b0
153490.13a8: ProductName: Kaspersky™ Anti-Virus ®
154490.13a8: ProductVersion: 8.14.0.13
155490.13a8: FileVersion: 8.14.0.13
156490.13a8: FileDescription: KLKBDFLT Keyboard Device Filter [fre_win8_x64]
157490.13a8: \SystemRoot\System32\drivers\klmouflt.sys:
158490.13a8: CreationTime: 2013-08-08T15:11:00.000000000Z
159490.13a8: LastWriteTime: 2013-08-08T15:11:00.000000000Z
160490.13a8: ChangeTime: 2014-09-23T08:06:29.216038300Z
161490.13a8: FileAttributes: 0x20
162490.13a8: Size: 0x7260
163490.13a8: NT Headers: 0xd8
164490.13a8: Timestamp: 0x52039874
165490.13a8: Machine: 0x8664 - amd64
166490.13a8: Timestamp: 0x52039874
167490.13a8: Image Version: 6.2
168490.13a8: SizeOfImage: 0xc000 (49152)
169490.13a8: Resource Dir: 0xa000 LB 0x3a8
170490.13a8: ProductName: Kaspersky™ Anti-Virus ®
171490.13a8: ProductVersion: 8.10.0.41
172490.13a8: FileVersion: 8.10.0.41
173490.13a8: FileDescription: KLMOUFLT Mouse Device Filter [fre_win8_x64]
174490.13a8: \SystemRoot\System32\drivers\kneps.sys:
175490.13a8: CreationTime: 2014-03-26T15:05:28.000000000Z
176490.13a8: LastWriteTime: 2014-03-26T15:05:28.000000000Z
177490.13a8: ChangeTime: 2014-09-23T08:06:37.648181200Z
178490.13a8: FileAttributes: 0x20
179490.13a8: Size: 0x2bc60
180490.13a8: NT Headers: 0x118
181490.13a8: Timestamp: 0x5332d05f
182490.13a8: Machine: 0x8664 - amd64
183490.13a8: Timestamp: 0x5332d05f
184490.13a8: Image Version: 6.1
185490.13a8: SizeOfImage: 0x2d000 (184320)
186490.13a8: Resource Dir: 0x2b000 LB 0x398
187490.13a8: ProductName: Kaspersky™ Anti-Virus ®
188490.13a8: ProductVersion: 5.7.0.7
189490.13a8: FileVersion: 5.7.0.7 built by: WinDDK
190490.13a8: FileDescription: KNEPS Power [fre_wnet_amd64]
191490.13a8: \SystemRoot\System32\klfphc.dll:
192490.13a8: CreationTime: 2013-10-01T17:59:38.469691900Z
193490.13a8: LastWriteTime: 2013-05-06T07:13:26.000000000Z
194490.13a8: ChangeTime: 2014-09-23T08:05:54.290367000Z
195490.13a8: FileAttributes: 0x20
196490.13a8: Size: 0x1ae60
197490.13a8: NT Headers: 0xe8
198490.13a8: Timestamp: 0x51873bf2
199490.13a8: Machine: 0x8664 - amd64
200490.13a8: Timestamp: 0x51873bf2
201490.13a8: Image Version: 0.0
202490.13a8: SizeOfImage: 0x1d000 (118784)
203490.13a8: Resource Dir: 0x18000 LB 0x3c80
204490.13a8: ProductName: Kaspersky™ Anti-Virus ®
205490.13a8: ProductVersion: 1.0.0.12
206490.13a8: FileVersion: 1.0.0.12
207490.13a8: FileDescription: Filtering Platform Helper Class
208490.13a8: Calling main()
209490.13a8: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
210490.13a8: SUPR3HardenedMain: Respawn #1
211490.13a8: System32: \Device\HarddiskVolume2\Windows\System32
212490.13a8: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
213490.13a8: KnownDllPath: C:\WINDOWS\system32
214490.13a8: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
215490.13a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
216490.13a8: supR3HardNtEnableThreadCreation:
217490.13a8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffb4d959c5c pvNtTerminateThread=00007ffb4d981ba0
218490.13a8: supR3HardenedWinDoReSpawn(1): New child 13d8.19c4 [kernel32].
219490.13a8: supR3HardNtChildGatherData: PebBaseAddress=00007ff7641ac000 cbPeb=0x388
220490.13a8: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffb4d8f0000 uNtDllChildAddr=00007ffb4d8f0000
221490.13a8: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffb4d959c5c
222490.13a8: supR3HardenedWinSetupChildInit: Start child.
223490.13a8: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
224490.13a8: supR3HardNtChildPurify: Startup delay kludge #1/0: 519 ms, 35 sleeps
225490.13a8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
226490.13a8: *0000000000000000-ffffffffffa0ffff 0x0001/0x0000 0x0000000
227490.13a8: *00000000005f0000-00000000005cffff 0x0004/0x0004 0x0020000
228490.13a8: *0000000000610000-0000000000600fff 0x0002/0x0002 0x0040000
229490.13a8: 000000000061f000-000000000061dfff 0x0001/0x0000 0x0000000
230490.13a8: *0000000000620000-0000000000523fff 0x0000/0x0004 0x0020000
231490.13a8: 000000000071c000-0000000000718fff 0x0104/0x0004 0x0020000
232490.13a8: 000000000071f000-000000000071dfff 0x0004/0x0004 0x0020000
233490.13a8: *0000000000720000-000000000071bfff 0x0002/0x0002 0x0040000
234490.13a8: 0000000000724000-0000000000717fff 0x0001/0x0000 0x0000000
235490.13a8: *0000000000730000-000000000072dfff 0x0004/0x0004 0x0020000
236490.13a8: 0000000000732000-ffffffff80e83fff 0x0001/0x0000 0x0000000
237490.13a8: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
238490.13a8: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
239490.13a8: 000000007fff0000-ffff80099be5ffff 0x0001/0x0000 0x0000000
240490.13a8: *00007ff764180000-00007ff76415cfff 0x0002/0x0002 0x0040000
241490.13a8: 00007ff7641a3000-00007ff764199fff 0x0001/0x0000 0x0000000
242490.13a8: *00007ff7641ac000-00007ff7641aafff 0x0004/0x0004 0x0020000
243490.13a8: 00007ff7641ad000-00007ff7641abfff 0x0001/0x0000 0x0000000
244490.13a8: *00007ff7641ae000-00007ff7641abfff 0x0004/0x0004 0x0020000
245490.13a8: 00007ff7641b0000-00007ff76351ffff 0x0001/0x0000 0x0000000
246490.13a8: *00007ff764e40000-00007ff764e3efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
247490.13a8: 00007ff764e41000-00007ff764dbcfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
248490.13a8: 00007ff764ec5000-00007ff764ec3fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
249490.13a8: 00007ff764ec6000-00007ff764e88fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
250490.13a8: 00007ff764f03000-00007ff764f01fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
251490.13a8: 00007ff764f04000-00007ff764f02fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
252490.13a8: 00007ff764f05000-00007ff764f02fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
253490.13a8: 00007ff764f07000-00007ff764f05fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
254490.13a8: 00007ff764f08000-00007ff764f06fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
255490.13a8: 00007ff764f09000-00007ff764f04fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
256490.13a8: 00007ff764f0d000-00007ff764ed3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
257490.13a8: 00007ff764f46000-00007ff37c59bfff 0x0001/0x0000 0x0000000
258490.13a8: *00007ffb4d8f0000-00007ffb4d8eefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
259490.13a8: 00007ffb4d8f1000-00007ffb4d7cbfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
260490.13a8: 00007ffb4da16000-00007ffb4da0cfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
261490.13a8: 00007ffb4da1f000-00007ffb4da11fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
262490.13a8: 00007ffb4da2c000-00007ffb4da2afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
263490.13a8: 00007ffb4da2d000-00007ffb4da2bfff 0x0010/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
264490.13a8: 00007ffb4da2e000-00007ffb4d9c5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
265490.13a8: 00007ffb4da96000-00007ff69b54bfff 0x0001/0x0000 0x0000000
266490.13a8: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
267490.13a8: VirtualBox.exe: timestamp 0x54731bc2 (rc=VINF_SUCCESS)
268490.13a8: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
269490.13a8: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
270490.13a8: supR3HardNtChildPurify: Done after 580 ms and 0 fixes (loop #0).
27113d8.19c4: Log file opened: 4.3.21r97018 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x63258000
27213d8.19c4: supR3HardenedVmProcessInit: uNtDllAddr=00007ffb4d8f0000
27313d8.19c4: ntdll.dll: timestamp 0x53eebd22 (rc=VINF_SUCCESS)
27413d8.19c4: New simple heap: #1 0000000000840000 LB 0x400000 (for 1728512 allocation)
275490.13a8: supR3HardNtEnableThreadCreation:
27613d8.19c4: System32: \Device\HarddiskVolume2\Windows\System32
27713d8.19c4: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
27813d8.19c4: KnownDllPath: C:\WINDOWS\system32
27913d8.19c4: supR3HardenedVmProcessInit: Opening vboxdrv stub...
28013d8.19c4: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
28113d8.19c4: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
28213d8.19c4: Registered Dll notification callback with NTDLL.
28313d8.19c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
28413d8.19c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
28513d8.19c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801:<flags> [calling]
28613d8.19c4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
28713d8.19c4: supR3HardenedDllNotificationCallback: load 00007ffb4b010000 LB 0x0010f000 C:\WINDOWS\system32\KERNELBASE.dll [fFlags=0x0]
28813d8.19c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
28913d8.19c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
29013d8.19c4: supR3HardenedDllNotificationCallback: load 00007ffb4b8d0000 LB 0x0013a000 C:\WINDOWS\system32\KERNEL32.DLL [fFlags=0x0]
29113d8.19c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
29213d8.19c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b8d0000 'C:\WINDOWS\system32\KERNEL32.DLL'
29313d8.19c4: supR3HardenedDllNotificationCallback: load 00007ff764e40000 LB 0x00106000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
29413d8.19c4: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
29513d8.19c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
29613d8.19c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
29713d8.19c4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffb4d959c5c pvNtTerminateThread=00007ffb4d981ba0
298490.13a8: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 76 ms.
29913d8.19c4: \SystemRoot\System32\ntdll.dll:
30013d8.19c4: CreationTime: 2014-10-16T05:28:36.640268200Z
30113d8.19c4: LastWriteTime: 2014-08-16T04:01:48.888112400Z
30213d8.19c4: ChangeTime: 2014-10-16T11:35:18.666469000Z
30313d8.19c4: FileAttributes: 0x20
30413d8.19c4: Size: 0x1a1868
30513d8.19c4: NT Headers: 0xe8
30613d8.19c4: Timestamp: 0x53eebd22
30713d8.19c4: Machine: 0x8664 - amd64
30813d8.19c4: Timestamp: 0x53eebd22
30913d8.19c4: Image Version: 6.3
31013d8.19c4: SizeOfImage: 0x1a6000 (1728512)
31113d8.19c4: Resource Dir: 0x141000 LB 0x62450
31213d8.19c4: ProductName: Microsoft® Windows® Operating System
31313d8.19c4: ProductVersion: 6.3.9600.17278
31413d8.19c4: FileVersion: 6.3.9600.17278 (winblue_r2.140815-1500)
31513d8.19c4: FileDescription: NT Layer DLL
31613d8.19c4: \SystemRoot\System32\kernel32.dll:
31713d8.19c4: CreationTime: 2014-04-10T06:22:46.495003900Z
31813d8.19c4: LastWriteTime: 2014-03-20T04:19:59.915412000Z
31913d8.19c4: ChangeTime: 2014-04-10T06:36:12.855172700Z
32013d8.19c4: FileAttributes: 0x20
32113d8.19c4: Size: 0x13b3c0
32213d8.19c4: NT Headers: 0xe8
32313d8.19c4: Timestamp: 0x532a419c
32413d8.19c4: Machine: 0x8664 - amd64
32513d8.19c4: Timestamp: 0x532a419c
32613d8.19c4: Image Version: 6.3
32713d8.19c4: SizeOfImage: 0x13a000 (1286144)
32813d8.19c4: Resource Dir: 0x12a000 LB 0x520
32913d8.19c4: ProductName: Microsoft® Windows® Operating System
33013d8.19c4: ProductVersion: 6.3.9600.17056
33113d8.19c4: FileVersion: 6.3.9600.17056 (winblue_gdr.140319-1520)
33213d8.19c4: FileDescription: Windows NT BASE API Client DLL
33313d8.19c4: \SystemRoot\System32\KernelBase.dll:
33413d8.19c4: CreationTime: 2014-10-16T05:28:36.594282500Z
33513d8.19c4: LastWriteTime: 2014-08-16T03:58:45.372065200Z
33613d8.19c4: ChangeTime: 2014-10-16T11:35:18.510212600Z
33713d8.19c4: FileAttributes: 0x20
33813d8.19c4: Size: 0x10f9c0
33913d8.19c4: NT Headers: 0xf0
34013d8.19c4: Timestamp: 0x53eebf2e
34113d8.19c4: Machine: 0x8664 - amd64
34213d8.19c4: Timestamp: 0x53eebf2e
34313d8.19c4: Image Version: 6.3
34413d8.19c4: SizeOfImage: 0x10f000 (1110016)
34513d8.19c4: Resource Dir: 0x10a000 LB 0x3528
34613d8.19c4: ProductName: Microsoft® Windows® Operating System
34713d8.19c4: ProductVersion: 6.3.9600.17278
34813d8.19c4: FileVersion: 6.3.9600.17278 (winblue_r2.140815-1500)
34913d8.19c4: FileDescription: Windows NT BASE API Client DLL
35013d8.19c4: \SystemRoot\System32\apisetschema.dll:
35113d8.19c4: CreationTime: 2013-08-22T12:13:09.745625900Z
35213d8.19c4: LastWriteTime: 2013-08-22T12:35:12.091034400Z
35313d8.19c4: ChangeTime: 2013-10-17T15:08:21.251950300Z
35413d8.19c4: FileAttributes: 0x20
35513d8.19c4: Size: 0x11360
35613d8.19c4: NT Headers: 0xd0
35713d8.19c4: Timestamp: 0x52160049
35813d8.19c4: Machine: 0x8664 - amd64
35913d8.19c4: Timestamp: 0x52160049
36013d8.19c4: Image Version: 6.3
36113d8.19c4: SizeOfImage: 0x13000 (77824)
36213d8.19c4: Resource Dir: 0x11000 LB 0x3f8
36313d8.19c4: ProductName: Microsoft® Windows® Operating System
36413d8.19c4: ProductVersion: 6.3.9600.16384
36513d8.19c4: FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
36613d8.19c4: FileDescription: ApiSet Schema DLL
36713d8.19c4: NtOpenDirectoryObject failed on \Driver: 0xc0000022
36813d8.19c4: supR3HardenedWinFindAdversaries: 0x40
36913d8.19c4: \SystemRoot\System32\drivers\kl1.sys:
37013d8.19c4: CreationTime: 2014-02-20T10:59:04.000000000Z
37113d8.19c4: LastWriteTime: 2014-02-20T10:59:04.000000000Z
37213d8.19c4: ChangeTime: 2014-09-23T08:06:28.945022500Z
37313d8.19c4: FileAttributes: 0x20
37413d8.19c4: Size: 0x6fc60
37513d8.19c4: NT Headers: 0xe0
37613d8.19c4: Timestamp: 0x5305c3be
37713d8.19c4: Machine: 0x8664 - amd64
37813d8.19c4: Timestamp: 0x5305c3be
37913d8.19c4: Image Version: 0.0
38013d8.19c4: SizeOfImage: 0x75f000 (7729152)
38113d8.19c4: Resource Dir: 0x75d000 LB 0x448
38213d8.19c4: ProductName: Kaspersky Anti-Virus
38313d8.19c4: ProductVersion: 6.0.1.990
38413d8.19c4: FileVersion: 6.8.0.38
38513d8.19c4: FileDescription: Kaspersky Unified Driver
38613d8.19c4: \SystemRoot\System32\drivers\klflt.sys:
38713d8.19c4: CreationTime: 2014-09-23T08:05:07.970726700Z
38813d8.19c4: LastWriteTime: 2014-10-09T09:33:51.168422400Z
38913d8.19c4: ChangeTime: 2014-10-09T09:33:51.168422400Z
39013d8.19c4: FileAttributes: 0x20
39113d8.19c4: Size: 0x22c08
39213d8.19c4: NT Headers: 0xe0
39313d8.19c4: Timestamp: 0x54071890
39413d8.19c4: Machine: 0x8664 - amd64
39513d8.19c4: Timestamp: 0x54071890
39613d8.19c4: Image Version: 6.2
39713d8.19c4: SizeOfImage: 0x33000 (208896)
39813d8.19c4: Resource Dir: 0x31000 LB 0x378
39913d8.19c4: ProductName: Kaspersky™ Anti-Virus ®
40013d8.19c4: ProductVersion: 1.5.0.27
40113d8.19c4: FileVersion: 1.5.0.27
40213d8.19c4: FileDescription: Filter Core [fre_win8_x64]
40313d8.19c4: \SystemRoot\System32\drivers\klif.sys:
40413d8.19c4: CreationTime: 2014-09-23T08:05:07.952725500Z
40513d8.19c4: LastWriteTime: 2014-10-09T09:33:51.283433100Z
40613d8.19c4: ChangeTime: 2014-10-09T09:33:51.283433100Z
40713d8.19c4: FileAttributes: 0x20
40813d8.19c4: Size: 0xbc4c8
40913d8.19c4: NT Headers: 0xf8
41013d8.19c4: Timestamp: 0x54256756
41113d8.19c4: Machine: 0x8664 - amd64
41213d8.19c4: Timestamp: 0x54256756
41313d8.19c4: Image Version: 6.2
41413d8.19c4: SizeOfImage: 0xc4000 (802816)
41513d8.19c4: Resource Dir: 0xc1000 LB 0x1240
41613d8.19c4: ProductName: Kaspersky™ Anti-Virus ®
41713d8.19c4: ProductVersion: 8.15.0.241
41813d8.19c4: FileVersion: 8.15.0.241
41913d8.19c4: FileDescription: Klif Mini-Filter [fre_win8_x64]
42013d8.19c4: \SystemRoot\System32\drivers\klim6.sys:
42113d8.19c4: CreationTime: 2013-06-10T10:27:56.000000000Z
42213d8.19c4: LastWriteTime: 2014-02-25T11:09:02.000000000Z
42313d8.19c4: ChangeTime: 2014-09-23T08:06:28.524998200Z
42413d8.19c4: FileAttributes: 0x20
42513d8.19c4: Size: 0x7660
42613d8.19c4: NT Headers: 0xf0
42713d8.19c4: Timestamp: 0x530c5d9a
42813d8.19c4: Machine: 0x8664 - amd64
42913d8.19c4: Timestamp: 0x530c5d9a
43013d8.19c4: Image Version: 6.2
43113d8.19c4: SizeOfImage: 0xa000 (40960)
43213d8.19c4: Resource Dir: 0x8000 LB 0x470
43313d8.19c4: ProductName: Kaspersky Anti-Virus
43413d8.19c4: ProductVersion: 6.0.1.990
43513d8.19c4: FileVersion: 8.0.0.83
43613d8.19c4: FileDescription: Kaspersky Lab Intermediate Network Driver
43713d8.19c4: \SystemRoot\System32\drivers\klkbdflt.sys:
43813d8.19c4: CreationTime: 2014-03-28T15:51:02.000000000Z
43913d8.19c4: LastWriteTime: 2014-03-28T15:51:02.000000000Z
44013d8.19c4: ChangeTime: 2014-09-23T08:06:29.436051400Z
44113d8.19c4: FileAttributes: 0x20
44213d8.19c4: Size: 0x7060
44313d8.19c4: NT Headers: 0xe0
44413d8.19c4: Timestamp: 0x53357e35
44513d8.19c4: Machine: 0x8664 - amd64
44613d8.19c4: Timestamp: 0x53357e35
44713d8.19c4: Image Version: 6.2
44813d8.19c4: SizeOfImage: 0xc000 (49152)
44913d8.19c4: Resource Dir: 0xa000 LB 0x3b0
45013d8.19c4: ProductName: Kaspersky™ Anti-Virus ®
45113d8.19c4: ProductVersion: 8.14.0.13
45213d8.19c4: FileVersion: 8.14.0.13
45313d8.19c4: FileDescription: KLKBDFLT Keyboard Device Filter [fre_win8_x64]
45413d8.19c4: \SystemRoot\System32\drivers\klmouflt.sys:
45513d8.19c4: CreationTime: 2013-08-08T15:11:00.000000000Z
45613d8.19c4: LastWriteTime: 2013-08-08T15:11:00.000000000Z
45713d8.19c4: ChangeTime: 2014-09-23T08:06:29.216038300Z
45813d8.19c4: FileAttributes: 0x20
45913d8.19c4: Size: 0x7260
46013d8.19c4: NT Headers: 0xd8
46113d8.19c4: Timestamp: 0x52039874
46213d8.19c4: Machine: 0x8664 - amd64
46313d8.19c4: Timestamp: 0x52039874
46413d8.19c4: Image Version: 6.2
46513d8.19c4: SizeOfImage: 0xc000 (49152)
46613d8.19c4: Resource Dir: 0xa000 LB 0x3a8
46713d8.19c4: ProductName: Kaspersky™ Anti-Virus ®
46813d8.19c4: ProductVersion: 8.10.0.41
46913d8.19c4: FileVersion: 8.10.0.41
47013d8.19c4: FileDescription: KLMOUFLT Mouse Device Filter [fre_win8_x64]
47113d8.19c4: \SystemRoot\System32\drivers\kneps.sys:
47213d8.19c4: CreationTime: 2014-03-26T15:05:28.000000000Z
47313d8.19c4: LastWriteTime: 2014-03-26T15:05:28.000000000Z
47413d8.19c4: ChangeTime: 2014-09-23T08:06:37.648181200Z
47513d8.19c4: FileAttributes: 0x20
47613d8.19c4: Size: 0x2bc60
47713d8.19c4: NT Headers: 0x118
47813d8.19c4: Timestamp: 0x5332d05f
47913d8.19c4: Machine: 0x8664 - amd64
48013d8.19c4: Timestamp: 0x5332d05f
48113d8.19c4: Image Version: 6.1
48213d8.19c4: SizeOfImage: 0x2d000 (184320)
48313d8.19c4: Resource Dir: 0x2b000 LB 0x398
48413d8.19c4: ProductName: Kaspersky™ Anti-Virus ®
48513d8.19c4: ProductVersion: 5.7.0.7
48613d8.19c4: FileVersion: 5.7.0.7 built by: WinDDK
48713d8.19c4: FileDescription: KNEPS Power [fre_wnet_amd64]
48813d8.19c4: \SystemRoot\System32\klfphc.dll:
48913d8.19c4: CreationTime: 2013-10-01T17:59:38.469691900Z
49013d8.19c4: LastWriteTime: 2013-05-06T07:13:26.000000000Z
49113d8.19c4: ChangeTime: 2014-09-23T08:05:54.290367000Z
49213d8.19c4: FileAttributes: 0x20
49313d8.19c4: Size: 0x1ae60
49413d8.19c4: NT Headers: 0xe8
49513d8.19c4: Timestamp: 0x51873bf2
49613d8.19c4: Machine: 0x8664 - amd64
49713d8.19c4: Timestamp: 0x51873bf2
49813d8.19c4: Image Version: 0.0
49913d8.19c4: SizeOfImage: 0x1d000 (118784)
50013d8.19c4: Resource Dir: 0x18000 LB 0x3c80
50113d8.19c4: ProductName: Kaspersky™ Anti-Virus ®
50213d8.19c4: ProductVersion: 1.0.0.12
50313d8.19c4: FileVersion: 1.0.0.12
50413d8.19c4: FileDescription: Filtering Platform Helper Class
50513d8.19c4: Calling main()
50613d8.19c4: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
50713d8.19c4: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
50813d8.19c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
50913d8.19c4: SUPR3HardenedMain: Respawn #2
51013d8.19c4: supR3HardNtEnableThreadCreation:
51113d8.19c4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffb4d959c5c pvNtTerminateThread=00007ffb4d981ba0
51213d8.19c4: supR3HardenedWinDoReSpawn(2): New child ff4.644 [kernel32].
51313d8.19c4: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
51413d8.19c4: supR3HardNtChildGatherData: PebBaseAddress=00007ff7644a5000 cbPeb=0x388
51513d8.19c4: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffb4d8f0000 uNtDllChildAddr=00007ffb4d8f0000
51613d8.19c4: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffb4d959c5c
51713d8.19c4: supR3HardenedWinSetupChildInit: Start child.
51813d8.19c4: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
51913d8.19c4: supR3HardNtChildPurify: Startup delay kludge #1/0: 520 ms, 50 sleeps
52013d8.19c4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
52113d8.19c4: *0000000000000000-ffffffffff7fffff 0x0001/0x0000 0x0000000
52213d8.19c4: *0000000000800000-00000000007dffff 0x0004/0x0004 0x0020000
52313d8.19c4: *0000000000820000-0000000000810fff 0x0002/0x0002 0x0040000
52413d8.19c4: 000000000082f000-000000000082dfff 0x0001/0x0000 0x0000000
52513d8.19c4: *0000000000830000-0000000000733fff 0x0000/0x0004 0x0020000
52613d8.19c4: 000000000092c000-0000000000928fff 0x0104/0x0004 0x0020000
52713d8.19c4: 000000000092f000-000000000092dfff 0x0004/0x0004 0x0020000
52813d8.19c4: *0000000000930000-000000000092bfff 0x0002/0x0002 0x0040000
52913d8.19c4: 0000000000934000-0000000000927fff 0x0001/0x0000 0x0000000
53013d8.19c4: *0000000000940000-000000000093dfff 0x0004/0x0004 0x0020000
53113d8.19c4: 0000000000942000-ffffffff812a3fff 0x0001/0x0000 0x0000000
53213d8.19c4: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
53313d8.19c4: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
53413d8.19c4: 000000007fff0000-ffff80099bb5ffff 0x0001/0x0000 0x0000000
53513d8.19c4: *00007ff764480000-00007ff76445cfff 0x0002/0x0002 0x0040000
53613d8.19c4: 00007ff7644a3000-00007ff7644a0fff 0x0001/0x0000 0x0000000
53713d8.19c4: *00007ff7644a5000-00007ff7644a3fff 0x0004/0x0004 0x0020000
53813d8.19c4: 00007ff7644a6000-00007ff76449dfff 0x0001/0x0000 0x0000000
53913d8.19c4: *00007ff7644ae000-00007ff7644abfff 0x0004/0x0004 0x0020000
54013d8.19c4: 00007ff7644b0000-00007ff763b1ffff 0x0001/0x0000 0x0000000
54113d8.19c4: *00007ff764e40000-00007ff764e3efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
54213d8.19c4: 00007ff764e41000-00007ff764dbcfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
54313d8.19c4: 00007ff764ec5000-00007ff764ec3fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
54413d8.19c4: 00007ff764ec6000-00007ff764e88fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
54513d8.19c4: 00007ff764f03000-00007ff764f01fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
54613d8.19c4: 00007ff764f04000-00007ff764f02fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
54713d8.19c4: 00007ff764f05000-00007ff764f02fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
54813d8.19c4: 00007ff764f07000-00007ff764f05fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
54913d8.19c4: 00007ff764f08000-00007ff764f06fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
55013d8.19c4: 00007ff764f09000-00007ff764f04fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
55113d8.19c4: 00007ff764f0d000-00007ff764ed3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
55213d8.19c4: 00007ff764f46000-00007ff37c59bfff 0x0001/0x0000 0x0000000
55313d8.19c4: *00007ffb4d8f0000-00007ffb4d8eefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
55413d8.19c4: 00007ffb4d8f1000-00007ffb4d7cbfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
55513d8.19c4: 00007ffb4da16000-00007ffb4da0cfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
55613d8.19c4: 00007ffb4da1f000-00007ffb4da11fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
55713d8.19c4: 00007ffb4da2c000-00007ffb4da2afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
55813d8.19c4: 00007ffb4da2d000-00007ffb4da2bfff 0x0010/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
55913d8.19c4: 00007ffb4da2e000-00007ffb4d9c5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
56013d8.19c4: 00007ffb4da96000-00007ff69b54bfff 0x0001/0x0000 0x0000000
56113d8.19c4: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
56213d8.19c4: VirtualBox.exe: timestamp 0x54731bc2 (rc=VINF_SUCCESS)
56313d8.19c4: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
56413d8.19c4: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
56513d8.19c4: supR3HardNtChildPurify: Done after 582 ms and 0 fixes (loop #0).
566ff4.644: Log file opened: 4.3.21r97018 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x63258000
567ff4.644: supR3HardenedVmProcessInit: uNtDllAddr=00007ffb4d8f0000
568ff4.644: ntdll.dll: timestamp 0x53eebd22 (rc=VINF_SUCCESS)
569ff4.644: New simple heap: #1 0000000000a50000 LB 0x400000 (for 1728512 allocation)
57013d8.19c4: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000840000 LB 0x400000)
57113d8.19c4: supR3HardNtEnableThreadCreation:
572ff4.644: System32: \Device\HarddiskVolume2\Windows\System32
573ff4.644: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
574ff4.644: KnownDllPath: C:\WINDOWS\system32
575ff4.644: supR3HardenedVmProcessInit: Opening vboxdrv...
576ff4.644: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
577ff4.644: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
578ff4.644: Registered Dll notification callback with NTDLL.
579ff4.644: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
580ff4.644: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
581ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801:<flags> [calling]
582ff4.644: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
583ff4.644: supR3HardenedDllNotificationCallback: load 00007ffb4b010000 LB 0x0010f000 C:\WINDOWS\system32\KERNELBASE.dll [fFlags=0x0]
584ff4.644: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
585ff4.644: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
586ff4.644: supR3HardenedDllNotificationCallback: load 00007ffb4b8d0000 LB 0x0013a000 C:\WINDOWS\system32\KERNEL32.DLL [fFlags=0x0]
587ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
588ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b8d0000 'C:\WINDOWS\system32\KERNEL32.DLL'
589ff4.644: supR3HardenedDllNotificationCallback: load 00007ff764e40000 LB 0x00106000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
590ff4.644: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
591ff4.644: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
592ff4.644: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
593ff4.644: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffb4d959c5c pvNtTerminateThread=00007ffb4d981ba0
59413d8.19c4: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 78 ms.
595ff4.644: \SystemRoot\System32\ntdll.dll:
596ff4.644: CreationTime: 2014-10-16T05:28:36.640268200Z
597ff4.644: LastWriteTime: 2014-08-16T04:01:48.888112400Z
598ff4.644: ChangeTime: 2014-10-16T11:35:18.666469000Z
599ff4.644: FileAttributes: 0x20
600ff4.644: Size: 0x1a1868
601ff4.644: NT Headers: 0xe8
602ff4.644: Timestamp: 0x53eebd22
603ff4.644: Machine: 0x8664 - amd64
604ff4.644: Timestamp: 0x53eebd22
605ff4.644: Image Version: 6.3
606ff4.644: SizeOfImage: 0x1a6000 (1728512)
607ff4.644: Resource Dir: 0x141000 LB 0x62450
608ff4.644: ProductName: Microsoft® Windows® Operating System
609ff4.644: ProductVersion: 6.3.9600.17278
610ff4.644: FileVersion: 6.3.9600.17278 (winblue_r2.140815-1500)
611ff4.644: FileDescription: NT Layer DLL
612ff4.644: \SystemRoot\System32\kernel32.dll:
613ff4.644: CreationTime: 2014-04-10T06:22:46.495003900Z
614ff4.644: LastWriteTime: 2014-03-20T04:19:59.915412000Z
615ff4.644: ChangeTime: 2014-04-10T06:36:12.855172700Z
616ff4.644: FileAttributes: 0x20
617ff4.644: Size: 0x13b3c0
618ff4.644: NT Headers: 0xe8
619ff4.644: Timestamp: 0x532a419c
620ff4.644: Machine: 0x8664 - amd64
621ff4.644: Timestamp: 0x532a419c
622ff4.644: Image Version: 6.3
623ff4.644: SizeOfImage: 0x13a000 (1286144)
624ff4.644: Resource Dir: 0x12a000 LB 0x520
625ff4.644: ProductName: Microsoft® Windows® Operating System
626ff4.644: ProductVersion: 6.3.9600.17056
627ff4.644: FileVersion: 6.3.9600.17056 (winblue_gdr.140319-1520)
628ff4.644: FileDescription: Windows NT BASE API Client DLL
629ff4.644: \SystemRoot\System32\KernelBase.dll:
630ff4.644: CreationTime: 2014-10-16T05:28:36.594282500Z
631ff4.644: LastWriteTime: 2014-08-16T03:58:45.372065200Z
632ff4.644: ChangeTime: 2014-10-16T11:35:18.510212600Z
633ff4.644: FileAttributes: 0x20
634ff4.644: Size: 0x10f9c0
635ff4.644: NT Headers: 0xf0
636ff4.644: Timestamp: 0x53eebf2e
637ff4.644: Machine: 0x8664 - amd64
638ff4.644: Timestamp: 0x53eebf2e
639ff4.644: Image Version: 6.3
640ff4.644: SizeOfImage: 0x10f000 (1110016)
641ff4.644: Resource Dir: 0x10a000 LB 0x3528
642ff4.644: ProductName: Microsoft® Windows® Operating System
643ff4.644: ProductVersion: 6.3.9600.17278
644ff4.644: FileVersion: 6.3.9600.17278 (winblue_r2.140815-1500)
645ff4.644: FileDescription: Windows NT BASE API Client DLL
646ff4.644: \SystemRoot\System32\apisetschema.dll:
647ff4.644: CreationTime: 2013-08-22T12:13:09.745625900Z
648ff4.644: LastWriteTime: 2013-08-22T12:35:12.091034400Z
649ff4.644: ChangeTime: 2013-10-17T15:08:21.251950300Z
650ff4.644: FileAttributes: 0x20
651ff4.644: Size: 0x11360
652ff4.644: NT Headers: 0xd0
653ff4.644: Timestamp: 0x52160049
654ff4.644: Machine: 0x8664 - amd64
655ff4.644: Timestamp: 0x52160049
656ff4.644: Image Version: 6.3
657ff4.644: SizeOfImage: 0x13000 (77824)
658ff4.644: Resource Dir: 0x11000 LB 0x3f8
659ff4.644: ProductName: Microsoft® Windows® Operating System
660ff4.644: ProductVersion: 6.3.9600.16384
661ff4.644: FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
662ff4.644: FileDescription: ApiSet Schema DLL
663ff4.644: NtOpenDirectoryObject failed on \Driver: 0xc0000022
664ff4.644: supR3HardenedWinFindAdversaries: 0x40
665ff4.644: \SystemRoot\System32\drivers\kl1.sys:
666ff4.644: CreationTime: 2014-02-20T10:59:04.000000000Z
667ff4.644: LastWriteTime: 2014-02-20T10:59:04.000000000Z
668ff4.644: ChangeTime: 2014-09-23T08:06:28.945022500Z
669ff4.644: FileAttributes: 0x20
670ff4.644: Size: 0x6fc60
671ff4.644: NT Headers: 0xe0
672ff4.644: Timestamp: 0x5305c3be
673ff4.644: Machine: 0x8664 - amd64
674ff4.644: Timestamp: 0x5305c3be
675ff4.644: Image Version: 0.0
676ff4.644: SizeOfImage: 0x75f000 (7729152)
677ff4.644: Resource Dir: 0x75d000 LB 0x448
678ff4.644: ProductName: Kaspersky Anti-Virus
679ff4.644: ProductVersion: 6.0.1.990
680ff4.644: FileVersion: 6.8.0.38
681ff4.644: FileDescription: Kaspersky Unified Driver
682ff4.644: \SystemRoot\System32\drivers\klflt.sys:
683ff4.644: CreationTime: 2014-09-23T08:05:07.970726700Z
684ff4.644: LastWriteTime: 2014-10-09T09:33:51.168422400Z
685ff4.644: ChangeTime: 2014-10-09T09:33:51.168422400Z
686ff4.644: FileAttributes: 0x20
687ff4.644: Size: 0x22c08
688ff4.644: NT Headers: 0xe0
689ff4.644: Timestamp: 0x54071890
690ff4.644: Machine: 0x8664 - amd64
691ff4.644: Timestamp: 0x54071890
692ff4.644: Image Version: 6.2
693ff4.644: SizeOfImage: 0x33000 (208896)
694ff4.644: Resource Dir: 0x31000 LB 0x378
695ff4.644: ProductName: Kaspersky™ Anti-Virus ®
696ff4.644: ProductVersion: 1.5.0.27
697ff4.644: FileVersion: 1.5.0.27
698ff4.644: FileDescription: Filter Core [fre_win8_x64]
699ff4.644: \SystemRoot\System32\drivers\klif.sys:
700ff4.644: CreationTime: 2014-09-23T08:05:07.952725500Z
701ff4.644: LastWriteTime: 2014-10-09T09:33:51.283433100Z
702ff4.644: ChangeTime: 2014-10-09T09:33:51.283433100Z
703ff4.644: FileAttributes: 0x20
704ff4.644: Size: 0xbc4c8
705ff4.644: NT Headers: 0xf8
706ff4.644: Timestamp: 0x54256756
707ff4.644: Machine: 0x8664 - amd64
708ff4.644: Timestamp: 0x54256756
709ff4.644: Image Version: 6.2
710ff4.644: SizeOfImage: 0xc4000 (802816)
711ff4.644: Resource Dir: 0xc1000 LB 0x1240
712ff4.644: ProductName: Kaspersky™ Anti-Virus ®
713ff4.644: ProductVersion: 8.15.0.241
714ff4.644: FileVersion: 8.15.0.241
715ff4.644: FileDescription: Klif Mini-Filter [fre_win8_x64]
716ff4.644: \SystemRoot\System32\drivers\klim6.sys:
717ff4.644: CreationTime: 2013-06-10T10:27:56.000000000Z
718ff4.644: LastWriteTime: 2014-02-25T11:09:02.000000000Z
719ff4.644: ChangeTime: 2014-09-23T08:06:28.524998200Z
720ff4.644: FileAttributes: 0x20
721ff4.644: Size: 0x7660
722ff4.644: NT Headers: 0xf0
723ff4.644: Timestamp: 0x530c5d9a
724ff4.644: Machine: 0x8664 - amd64
725ff4.644: Timestamp: 0x530c5d9a
726ff4.644: Image Version: 6.2
727ff4.644: SizeOfImage: 0xa000 (40960)
728ff4.644: Resource Dir: 0x8000 LB 0x470
729ff4.644: ProductName: Kaspersky Anti-Virus
730ff4.644: ProductVersion: 6.0.1.990
731ff4.644: FileVersion: 8.0.0.83
732ff4.644: FileDescription: Kaspersky Lab Intermediate Network Driver
733ff4.644: \SystemRoot\System32\drivers\klkbdflt.sys:
734ff4.644: CreationTime: 2014-03-28T15:51:02.000000000Z
735ff4.644: LastWriteTime: 2014-03-28T15:51:02.000000000Z
736ff4.644: ChangeTime: 2014-09-23T08:06:29.436051400Z
737ff4.644: FileAttributes: 0x20
738ff4.644: Size: 0x7060
739ff4.644: NT Headers: 0xe0
740ff4.644: Timestamp: 0x53357e35
741ff4.644: Machine: 0x8664 - amd64
742ff4.644: Timestamp: 0x53357e35
743ff4.644: Image Version: 6.2
744ff4.644: SizeOfImage: 0xc000 (49152)
745ff4.644: Resource Dir: 0xa000 LB 0x3b0
746ff4.644: ProductName: Kaspersky™ Anti-Virus ®
747ff4.644: ProductVersion: 8.14.0.13
748ff4.644: FileVersion: 8.14.0.13
749ff4.644: FileDescription: KLKBDFLT Keyboard Device Filter [fre_win8_x64]
750ff4.644: \SystemRoot\System32\drivers\klmouflt.sys:
751ff4.644: CreationTime: 2013-08-08T15:11:00.000000000Z
752ff4.644: LastWriteTime: 2013-08-08T15:11:00.000000000Z
753ff4.644: ChangeTime: 2014-09-23T08:06:29.216038300Z
754ff4.644: FileAttributes: 0x20
755ff4.644: Size: 0x7260
756ff4.644: NT Headers: 0xd8
757ff4.644: Timestamp: 0x52039874
758ff4.644: Machine: 0x8664 - amd64
759ff4.644: Timestamp: 0x52039874
760ff4.644: Image Version: 6.2
761ff4.644: SizeOfImage: 0xc000 (49152)
762ff4.644: Resource Dir: 0xa000 LB 0x3a8
763ff4.644: ProductName: Kaspersky™ Anti-Virus ®
764ff4.644: ProductVersion: 8.10.0.41
765ff4.644: FileVersion: 8.10.0.41
766ff4.644: FileDescription: KLMOUFLT Mouse Device Filter [fre_win8_x64]
767ff4.644: \SystemRoot\System32\drivers\kneps.sys:
768ff4.644: CreationTime: 2014-03-26T15:05:28.000000000Z
769ff4.644: LastWriteTime: 2014-03-26T15:05:28.000000000Z
770ff4.644: ChangeTime: 2014-09-23T08:06:37.648181200Z
771ff4.644: FileAttributes: 0x20
772ff4.644: Size: 0x2bc60
773ff4.644: NT Headers: 0x118
774ff4.644: Timestamp: 0x5332d05f
775ff4.644: Machine: 0x8664 - amd64
776ff4.644: Timestamp: 0x5332d05f
777ff4.644: Image Version: 6.1
778ff4.644: SizeOfImage: 0x2d000 (184320)
779ff4.644: Resource Dir: 0x2b000 LB 0x398
780ff4.644: ProductName: Kaspersky™ Anti-Virus ®
781ff4.644: ProductVersion: 5.7.0.7
782ff4.644: FileVersion: 5.7.0.7 built by: WinDDK
783ff4.644: FileDescription: KNEPS Power [fre_wnet_amd64]
784ff4.644: \SystemRoot\System32\klfphc.dll:
785ff4.644: CreationTime: 2013-10-01T17:59:38.469691900Z
786ff4.644: LastWriteTime: 2013-05-06T07:13:26.000000000Z
787ff4.644: ChangeTime: 2014-09-23T08:05:54.290367000Z
788ff4.644: FileAttributes: 0x20
789ff4.644: Size: 0x1ae60
790ff4.644: NT Headers: 0xe8
791ff4.644: Timestamp: 0x51873bf2
792ff4.644: Machine: 0x8664 - amd64
793ff4.644: Timestamp: 0x51873bf2
794ff4.644: Image Version: 0.0
795ff4.644: SizeOfImage: 0x1d000 (118784)
796ff4.644: Resource Dir: 0x18000 LB 0x3c80
797ff4.644: ProductName: Kaspersky™ Anti-Virus ®
798ff4.644: ProductVersion: 1.0.0.12
799ff4.644: FileVersion: 1.0.0.12
800ff4.644: FileDescription: Filtering Platform Helper Class
801ff4.644: Calling main()
802ff4.644: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
803ff4.644: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
804ff4.644: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
805ff4.644: SUPR3HardenedMain: Final process, opening VBoxDrv...
806ff4.644: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000a50000 LB 0x400000)
807ff4.644: supR3HardNtEnableThreadCreation:
808ff4.644: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
809ff4.644: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
810ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
811ff4.644: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
812ff4.644: supR3HardenedDllNotificationCallback: load 00007ffb444c0000 LB 0x00004000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
813ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
814ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
815ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
816ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb444c0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
817ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
818ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
819ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb444c0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
820ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb444c0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
821ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
822ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'crypt32.dll'.
823ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'msasn1.dll'.
824ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
825ff4.644: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
826ff4.644: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
827ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
828ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
829ff4.644: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
830ff4.644: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
831ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
832ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
833ff4.644: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
834ff4.644: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
835ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
836ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
837ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
838ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'msasn1.dll'.
839ff4.644: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
840ff4.644: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
841ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
842ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
843ff4.644: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
844ff4.644: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
845ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
846ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
847ff4.644: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
848ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
849ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
850ff4.644: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
851ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
852ff4.644: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
853ff4.644: supR3HardenedDllNotificationCallback: load 00007ffb4d450000 LB 0x000a7000 C:\WINDOWS\system32\msvcrt.dll [fFlags=0x0]
854ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
855ff4.644: supR3HardenedDllNotificationCallback: load 00007ffb4ad10000 LB 0x00012000 C:\WINDOWS\system32\MSASN1.dll [fFlags=0x0]
856ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
857ff4.644: supR3HardenedDllNotificationCallback: load 00007ffb4ae30000 LB 0x001d7000 C:\WINDOWS\system32\CRYPT32.dll [fFlags=0x0]
858ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
859ff4.644: supR3HardenedDllNotificationCallback: load 00007ffb4d310000 LB 0x00137000 C:\WINDOWS\system32\RPCRT4.dll [fFlags=0x0]
860ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
861ff4.644: supR3HardenedDllNotificationCallback: load 00007ffb4b120000 LB 0x0004c000 C:\WINDOWS\system32\Wintrust.dll [fFlags=0x0]
862ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
863ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b120000 'C:\WINDOWS\system32\Wintrust.dll'
864ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
865ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
866ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b120000 'C:\Windows\System32\WINTRUST.DLL'
867ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
868ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
869ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b120000 'C:\Windows\System32\WINTRUST.DLL'
870ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
871ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
872ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b120000 'C:\Windows\System32\WINTRUST.DLL'
873ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
874ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
875ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b120000 'C:\Windows\System32\WINTRUST.DLL'
876ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
877ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
878ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b120000 'C:\Windows\System32\WINTRUST.DLL'
879ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
880ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
881ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b120000 'C:\Windows\System32\WINTRUST.DLL'
882ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
883ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b120000 'C:\Windows\System32\WINTRUST.DLL'
884ff4.644: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
885ff4.644: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
886ff4.644: supR3HardenedDllNotificationCallback: load 00007ffb4a500000 LB 0x0001e000 C:\WINDOWS\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
887ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
888ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcrypt.dll'.
889ff4.644: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
890ff4.644: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
891ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
892ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
893ff4.644: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
894ff4.644: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
895ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
896ff4.644: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
897ff4.644: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
898ff4.644: supR3HardenedDllNotificationCallback: load 00007ffb4a740000 LB 0x00026000 C:\WINDOWS\SYSTEM32\bcrypt.dll [fFlags=0x0]
899ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
900ff4.644: supR3HardenedDllNotificationCallback: load 00007ffb4a140000 LB 0x00035000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
901ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
902ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
903ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
904ff4.644: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
905ff4.644: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
906ff4.644: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
907ff4.644: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
908ff4.644: supR3HardenedDllNotificationCallback: load 00007ffb4aa70000 LB 0x00060000 C:\WINDOWS\SYSTEM32\bcryptPrimitives.dll [fFlags=0x0]
909ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
910ff4.644: supR3HardenedDllNotificationCallback: load 00007ffb4ab30000 LB 0x0000a000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
911ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
912ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
913ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
914ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
915ff4.644: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
916ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
917ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b8d0000 'C:\WINDOWS\system32\kernel32.dll'
918ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
919ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b120000 'C:\Windows\System32\WINTRUST.DLL'
920ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
921ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
922ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4ae30000 'C:\WINDOWS\system32\CRYPT32.dll'
923ff4.644: supR3HardenedDllNotificationCallback: load 00007ffb4d2f0000 LB 0x00015000 C:\WINDOWS\system32\imagehlp.dll [fFlags=0x0]
924ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
925ff4.644: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
926ff4.644: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
927ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
928ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
929ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
930ff4.644: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
931ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
932ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
933ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'bcrypt.dll'.
934ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ntasn1.dll'.
935ff4.644: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ncrypt.dll)
936ff4.644: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ncrypt.dll
937ff4.644: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntasn1.dll)
938ff4.644: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntasn1.dll
939ff4.644: supR3HardenedDllNotificationCallback: load 00007ffb4a6d0000 LB 0x0003a000 C:\WINDOWS\SYSTEM32\NTASN1.dll [fFlags=0x0]
940ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntasn1.dll [lacks WinVerifyTrust]
941ff4.644: supR3HardenedDllNotificationCallback: load 00007ffb4a710000 LB 0x00024000 C:\WINDOWS\SYSTEM32\ncrypt.dll [fFlags=0x0]
942ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
943ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
944ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntasn1.dll'...
945ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\ntasn1.dll' [rcNtRedir=0xc0150008]
946ff4.644: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntasn1.dll [lacks WinVerifyTrust]
947ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
948ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
949ff4.644: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
950ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
951ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4aa70000 'C:\WINDOWS\system32\bcryptprimitives.dll'
952ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
953ff4.644: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
954ff4.644: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
955ff4.644: supR3HardenedDllNotificationCallback: load 00007ffb4b4e0000 LB 0x00057000 C:\WINDOWS\SYSTEM32\sechost.dll [fFlags=0x0]
956ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
957ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
958ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
959ff4.644: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
960ff4.644: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
961ff4.644: supR3HardenedDllNotificationCallback: load 00007ffb49e10000 LB 0x00022000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0]
962ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
963ff4.644: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
964ff4.644: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
965ff4.644: supR3HardenedDllNotificationCallback: load 00007ffb4ac60000 LB 0x00014000 C:\WINDOWS\SYSTEM32\profapi.dll [fFlags=0x0]
966ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
967ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
968ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'crypt32.dll'.
969ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'wldap32.dll'.
970ff4.644: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
971ff4.644: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
972ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
973ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
974ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
975ff4.644: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\Wldap32.dll)
976ff4.644: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\Wldap32.dll
977ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
978ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
979ff4.644: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
980ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
981ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
982ff4.644: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
983ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
984ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
985ff4.644: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
986ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
987ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
988ff4.644: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
989ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
990ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
991ff4.644: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
992ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
993ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
994ff4.644: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
995ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
996ff4.644: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
997ff4.644: supR3HardenedDllNotificationCallback: load 00007ffb4b720000 LB 0x0005c000 C:\WINDOWS\system32\WLDAP32.dll [fFlags=0x0]
998ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
999ff4.644: supR3HardenedDllNotificationCallback: load 00007ffb3ecb0000 LB 0x00034000 C:\WINDOWS\system32\cryptnet.dll [fFlags=0x0]
1000ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1001ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1002ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
1003ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb3ecb0000 'C:\WINDOWS\system32\cryptnet.dll'
1004ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1005ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
1006ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb3ecb0000 'C:\WINDOWS\system32\cryptnet.dll'
1007ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1008ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
1009ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb3ecb0000 'C:\WINDOWS\system32\cryptnet.dll'
1010ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1011ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
1012ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb3ecb0000 'C:\WINDOWS\system32\cryptnet.dll'
1013ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1014ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
1015ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb3ecb0000 'C:\WINDOWS\system32\cryptnet.dll'
1016ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1017ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
1018ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb3ecb0000 'C:\WINDOWS\system32\cryptnet.dll'
1019ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1020ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb3ecb0000 'C:\WINDOWS\system32\cryptnet.dll'
1021ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1022ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb3ecb0000 'C:\WINDOWS\system32\cryptnet.dll'
1023ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1024ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb3ecb0000 'C:\WINDOWS\system32\cryptnet.dll'
1025ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1026ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb3ecb0000 'C:\WINDOWS\system32\cryptnet.dll'
1027ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1028ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb3ecb0000 'C:\WINDOWS\system32\cryptnet.dll'
1029ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb3ecb0000 'C:\WINDOWS\system32\cryptnet.dll'
1030ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1031ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb3ecb0000 'C:\Windows\System32\cryptnet.dll'
1032ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1033ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'sechost.dll'.
1034ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'rpcrt4.dll'.
1035ff4.644: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
1036ff4.644: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1037ff4.644: supR3HardenedDllNotificationCallback: load 00007ffb4ce30000 LB 0x000a5000 C:\WINDOWS\SYSTEM32\advapi32.dll [fFlags=0x0]
1038ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
1039ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1040ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1041ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1042ff4.644: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1043ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
1044ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume2\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
1045ff4.644: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
1046ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1047ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1048ff4.644: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1049ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1050ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
1051ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
1052ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1053ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4ae30000 'C:\WINDOWS\system32\crypt32.dll'
1054ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
1055ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: New context 000000000104b970
1056ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000104b970
1057ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7F4DBD57735AA8D272712E3B59634C9F87BD4711
1058ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1059ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1060ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d310000 'C:\WINDOWS\system32\rpcrt4.dll'
1061ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
1062ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b120000 'C:\Windows\System32\WINTRUST.DLL'
1063ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
1064ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b120000 'C:\Windows\System32\WINTRUST.DLL'
1065ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
1066ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b120000 'C:\Windows\System32\WINTRUST.DLL'
1067ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
1068ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b120000 'C:\Windows\System32\WINTRUST.DLL'
1069ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
1070ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b120000 'C:\Windows\System32\WINTRUST.DLL'
1071ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
1072ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1073ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b120000 'C:\Windows\System32\WINTRUST.DLL'
1074ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
1075ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b120000 'C:\Windows\System32\WINTRUST.DLL'
1076ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1077ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1078ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
1079ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
1080ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1081ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4ae30000 'C:\WINDOWS\system32\crypt32.dll'
1082ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_58_for_KB2984006~31bf3856ad364e35~amd64~~6.3.1.4.cat'; file='\SystemRoot\System32\ntdll.dll'
1083ff4.644: g_pfnWinVerifyTrust=00007ffb4b121040
1084ff4.644: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
1085ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1086ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1087ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
1088ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
1089ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1090ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4ae30000 'C:\WINDOWS\system32\crypt32.dll'
1091ff4.644: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
1092ff4.644: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
1093ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1094ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1095ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
1096ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
1097ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1098ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4ae30000 'C:\WINDOWS\system32\crypt32.dll'
1099ff4.644: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
1100ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1101ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1102ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
1103ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4ae30000 'C:\WINDOWS\system32\crypt32.dll'
1104ff4.644: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
1105ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000378 pwszName=\Device\HarddiskVolume2\Windows\System32\Wldap32.dll
1106ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000104b970
1107ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000104b970
1108ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A08496AE026B14E832621417F248DDCAECD22079
1109ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1110ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
1111ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4ae30000 'C:\WINDOWS\system32\crypt32.dll'
1112ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_76_for_KB2984006~31bf3856ad364e35~amd64~~6.3.1.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
1113ff4.644: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1114ff4.644: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
1115ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000374 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll
1116ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000104b970
1117ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000104b970
1118ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0315578F0B76A9760FEA2715053C51E46A277B04
1119ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1120ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
1121ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4ae30000 'C:\WINDOWS\system32\crypt32.dll'
1122ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-CoreSystem-DS-Package~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
1123ff4.644: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1124ff4.644: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
1125ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1126ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
1127ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4ae30000 'C:\WINDOWS\system32\crypt32.dll'
1128ff4.644: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
1129ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1130ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
1131ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4ae30000 'C:\WINDOWS\system32\crypt32.dll'
1132ff4.644: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
1133ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1134ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
1135ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4ae30000 'C:\WINDOWS\system32\crypt32.dll'
1136ff4.644: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll'
1137ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1138ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
1139ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4ae30000 'C:\WINDOWS\system32\crypt32.dll'
1140ff4.644: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ntasn1.dll'
1141ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1142ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
1143ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
1144ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1145ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4ae30000 'C:\WINDOWS\system32\crypt32.dll'
1146ff4.644: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
1147ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1148ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1149ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
1150ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4ae30000 'C:\WINDOWS\system32\crypt32.dll'
1151ff4.644: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
1152ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1153ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
1154ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4ae30000 'C:\WINDOWS\system32\crypt32.dll'
1155ff4.644: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll'
1156ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1157ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
1158ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4ae30000 'C:\WINDOWS\system32\crypt32.dll'
1159ff4.644: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
1160ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1161ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
1162ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4ae30000 'C:\WINDOWS\system32\crypt32.dll'
1163ff4.644: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
1164ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1165ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
1166ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4ae30000 'C:\WINDOWS\system32\crypt32.dll'
1167ff4.644: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
1168ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
1169ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4ae30000 'C:\WINDOWS\system32\crypt32.dll'
1170ff4.644: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
1171ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
1172ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4ae30000 'C:\WINDOWS\system32\crypt32.dll'
1173ff4.644: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
1174ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
1175ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4ae30000 'C:\WINDOWS\system32\crypt32.dll'
1176ff4.644: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
1177ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
1178ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4ae30000 'C:\WINDOWS\system32\crypt32.dll'
1179ff4.644: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
1180ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
1181ff4.644: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
1182ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
1183ff4.644: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe'
1184ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
1185ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4ae30000 'C:\WINDOWS\system32\crypt32.dll'
1186ff4.644: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
1187ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
1188ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4ae30000 'C:\WINDOWS\system32\crypt32.dll'
1189ff4.644: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
1190ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4ae30000 'C:\WINDOWS\system32\crypt32.dll'
1191ff4.644: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
1192ff4.644: supR3HardenedWinIsDesiredRootCA: Adding 0x8640a02c0066e400 O=Kaspersky Lab ZAO, CN=Kaspersky Anti-Virus Personal Root Certificate
1193ff4.644: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
1194ff4.644: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
1195ff4.644: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
1196ff4.644: supR3HardenedWinIsDesiredRootCA: Adding 0x987869d3679da00 CN=ClockworkMod
1197ff4.644: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
1198ff4.644: supR3HardenedWinIsDesiredRootCA: Adding 0x255a0d3bbf95cc00 O=Kaspersky Lab ZAO, CN=Kaspersky Anti-Virus Personal Root Certificate
1199ff4.644: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
1200ff4.644: supR3HardenedWinIsDesiredRootCA: Adding 0x64d5f13bf2919100 CN=skynet.knet.local
1201ff4.644: supR3HardenedWinIsDesiredRootCA: Adding 0xee6ccf90a0b39100 CN=skynet
1202ff4.644: supR3HardenedWinIsDesiredRootCA: Adding 0xe436bce2ef78ea00 O=Kaspersky Lab ZAO, CN=Kaspersky Anti-Virus Personal Root Certificate
1203ff4.644: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
1204ff4.644: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
1205ff4.644: supR3HardenedWinIsDesiredRootCA: Adding 0xe6de801c119ab400 O=Kaspersky Lab ZAO, CN=Kaspersky Anti-Virus Personal Root Certificate
1206ff4.644: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
1207ff4.644: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
1208ff4.644: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
1209ff4.644: supR3HardenedWinIsDesiredRootCA: Adding 0xe248b7eeee4af00 C=CH, O=SwissSign AG, CN=SwissSign Gold CA - G2
1210ff4.644: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
1211ff4.644: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
1212ff4.644: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
1213ff4.644: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
1214ff4.644: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
1215ff4.644: supR3HardenedWinIsDesiredRootCA: Adding 0xc3f08e9b8780ab00 C=DE, O=TC TrustCenter GmbH, OU=TC TrustCenter Class 2 CA, CN=TC TrustCenter Class 2 CA II
1216ff4.644: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
1217ff4.644: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
1218ff4.644: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
1219ff4.644: supR3HardenedWinIsDesiredRootCA: Adding 0xff3891b54348328 C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Secure Server Certification Authority
1220ff4.644: supR3HardenedWinIsDesiredRootCA: Adding 0xabd0695c5d11d15e C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
1221ff4.644: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
1222ff4.644: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
1223ff4.644: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
1224ff4.644: supR3HardenedWinIsDesiredRootCA: Adding 0xabd0695c5d11d15e C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
1225ff4.644: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
1226ff4.644: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
1227ff4.644: supR3HardenedWinIsDesiredRootCA: Adding 0xab549401526569d3 L=Internet, O=VeriSign, Inc., OU=VeriSign Commercial Software Publishers CA
1228ff4.644: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
1229ff4.644: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
1230ff4.644: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
1231ff4.644: supR3HardenedWinIsDesiredRootCA: Adding 0x6e2ba21058eedf00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN - DATACorp SGC
1232ff4.644: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
1233ff4.644: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
1234ff4.644: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
1235ff4.644: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
1236ff4.644: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
1237ff4.644: supR3HardenedWinIsDesiredRootCA: Adding 0x30669a4e82fa800 C=US, O=America Online Inc., CN=America Online Root Certification Authority 1
1238ff4.644: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
1239ff4.644: supR3HardenedWinIsDesiredRootCA: Adding 0x9259c8abe5ca713a L=ValiCert Validation Network, O=ValiCert, Inc., OU=ValiCert Class 2 Policy Validation Authority, CN=http://www.valicert.com/, Email=info@valicert.com
1240ff4.644: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
1241ff4.644: supR3HardenedWinIsDesiredRootCA: Adding 0xdd80d271558fb700 O=RSA Security Inc, OU=RSA Security 2048 V3
1242ff4.644: supR3HardenedWinIsDesiredRootCA: Adding 0xab549401526569d3 L=Internet, O=VeriSign, Inc., OU=VeriSign Commercial Software Publishers CA
1243ff4.644: supR3HardenedWinIsDesiredRootCA: Adding 0xe66b56ffc86e50a4 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA, Email=server-certs@thawte.com
1244ff4.644: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
1245ff4.644: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
1246ff4.644: supR3HardenedWinIsDesiredRootCA: Adding 0xa8b43f38c3f7b100 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware
1247ff4.644: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
1248ff4.644: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=57
1249ff4.644: SUPR3HardenedMain: Load Runtime...
1250ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
1251ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1252ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
1253ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
1254ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
1255ff4.644: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll)WinVerifyTrust
1256ff4.644: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1257ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1258ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1259ff4.644: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1260ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1261ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1262ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
1263ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4ae30000 'C:\WINDOWS\system32\crypt32.dll'
1264ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'nsi.dll'.
1265ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'.
1266ff4.644: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll)WinVerifyTrust
1267ff4.644: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1268ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1269ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1270ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1271ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1272ff4.644: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1273ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
1274ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
1275ff4.644: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\nsi.dll'.
1276ff4.644: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll)
1277ff4.644: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll
1278ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
1279ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1280ff4.644: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll)WinVerifyTrust
1281ff4.644: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1282ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1283ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1284ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
1285ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1286ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1287ff4.644: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1288ff4.644: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll)
1289ff4.644: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1290ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1291ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
1292ff4.644: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll)WinVerifyTrust
1293ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
1294ff4.644: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1295ff4.644: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
1296ff4.644: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1297ff4.644: supR3HardenedDllNotificationCallback: load 0000000058eb0000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
1298ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
1299ff4.644: supR3HardenedDllNotificationCallback: load 0000000058e10000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
1300ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1301ff4.644: supR3HardenedDllNotificationCallback: load 00007ffb4ba10000 LB 0x00009000 C:\WINDOWS\system32\NSI.dll [fFlags=0x0]
1302ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll [avoiding WinVerifyTrust]
1303ff4.644: supR3HardenedDllNotificationCallback: load 00007ffb4d060000 LB 0x00058000 C:\WINDOWS\system32\WS2_32.dll [fFlags=0x0]
1304ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1305ff4.644: supR3HardenedDllNotificationCallback: load 00007ffb26c40000 LB 0x00531000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
1306ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1307ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
1308ff4.644: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'
1309ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
1310ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4ae30000 'C:\WINDOWS\system32\crypt32.dll'
1311ff4.644: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\nsi.dll'
1312ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1313ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1314ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb26c40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1315ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1316ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1317ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb26c40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1318ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1319ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1320ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb26c40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1321ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1322ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1323ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb26c40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1324ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1325ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1326ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb26c40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1327ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1328ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1329ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb26c40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1330ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb26c40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1331ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb26c40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1332ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb26c40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1333ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb26c40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1334ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb26c40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1335ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb26c40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1336ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb26c40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1337ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1338ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1339ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb26c40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1340ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb26c40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1341ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb26c40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1342ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb26c40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1343ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb26c40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1344ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb26c40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1345ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb26c40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1346ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb26c40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1347ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb26c40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1348ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb26c40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1349ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb26c40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1350ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb26c40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1351ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb26c40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1352ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb26c40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1353ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb26c40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1354ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb26c40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1355ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1356ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1357ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb26c40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1358ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb26c40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1359ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb26c40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1360ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb26c40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1361ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b120000 'C:\WINDOWS\system32\Wintrust.dll'
1362ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
1363ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4ae30000 'C:\WINDOWS\system32\crypt32.dll'
1364ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
1365ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
1366ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1367ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4ae30000 'C:\WINDOWS\system32\crypt32.dll'
1368ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4ae30000 'C:\WINDOWS\system32\crypt32.dll'
1369ff4.644: SUPR3HardenedMain: Load TrustedMain...
1370ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
1371ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1372ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
1373ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
1374ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
1375ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
1376ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qtguivbox4.dll'.
1377ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qtnetworkvbox4.dll'.
1378ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qtopenglvbox4.dll'.
1379ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'user32.dll'.
1380ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'gdi32.dll'.
1381ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
1382ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
1383ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
1384ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
1385ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'comdlg32.dll'.
1386ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'winmm.dll'.
1387ff4.644: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll)WinVerifyTrust
1388ff4.644: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
1389ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1390ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1391ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
1392ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4ae30000 'C:\WINDOWS\system32\crypt32.dll'
1393ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
1394ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcrt.dll'.
1395ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'user32.dll'.
1396ff4.644: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll)WinVerifyTrust
1397ff4.644: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll
1398ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
1399ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
1400ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004f0 pwszName=\Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1401ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000104b970
1402ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000104b970
1403ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D07100D567670EB6C18EAD4F8F1561AE4F40E0A5
1404ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1405ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1406ff4.644: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
1407ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'gdi32.dll'.
1408ff4.644: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
1409ff4.644: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
1410ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1411ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1412ff4.644: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1413ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
1414ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
1415ff4.644: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll'.
1416ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1417ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'devobj.dll'.
1418ff4.644: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmmbase.dll)
1419ff4.644: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmmbase.dll
1420ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
1421ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
1422ff4.644: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\devobj.dll'.
1423ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1424ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'cfgmgr32.dll'.
1425ff4.644: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\devobj.dll)
1426ff4.644: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devobj.dll
1427ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1428ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1429ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1430ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1431ff4.644: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
1432ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'user32.dll'.
1433ff4.644: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
1434ff4.644: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1435ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1436ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1437ff4.644: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1438ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
1439ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
1440ff4.644: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'.
1441ff4.644: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll)
1442ff4.644: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1443ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1444ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1445ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
1446ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4ae30000 'C:\WINDOWS\system32\crypt32.dll'
1447ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_546_for_KB2975719~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'
1448ff4.644: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1449ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1450ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'.
1451ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1452ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1453ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'.
1454ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
1455ff4.644: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comdlg32.dll)WinVerifyTrust
1456ff4.644: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1457ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1458ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1459ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1460ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1461ff4.644: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'.
1462ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1463ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #55 'user32.dll'.
1464ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #57 'shlwapi.dll'.
1465ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #59 'gdi32.dll'.
1466ff4.644: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll)
1467ff4.644: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
1468ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
1469ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
1470ff4.644: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\comctl32.dll'.
1471ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
1472ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1473ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1474ff4.644: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\comctl32.dll)
1475ff4.644: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comctl32.dll
1476ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1477ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1478ff4.644: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1479ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1480ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1481ff4.644: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1482ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1483ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1484ff4.644: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'.
1485ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1486ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'user32.dll'.
1487ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'gdi32.dll'.
1488ff4.644: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll)
1489ff4.644: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1490ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1491ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1492ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1493ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1494ff4.644: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1495ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1496ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1497ff4.644: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1498ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1499ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1500ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1501ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1502ff4.644: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1503ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1504ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1505ff4.644: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1506ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1507ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1508ff4.644: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1509ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1510ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1511ff4.644: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1512ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1513ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1514ff4.644: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
1515ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1516ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1517ff4.644: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1518ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1519ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1520ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
1521ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4ae30000 'C:\WINDOWS\system32\crypt32.dll'
1522ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1523ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'combase.dll'.
1524ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
1525ff4.644: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll)WinVerifyTrust
1526ff4.644: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1527ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1528ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1529ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1530ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1531ff4.644: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1532ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1533ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1534ff4.644: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
1535ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1536ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
1537ff4.644: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\combase.dll)
1538ff4.644: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\combase.dll
1539ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1540ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1541ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1542ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1543ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1544ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1545ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
1546ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4ae30000 'C:\WINDOWS\system32\crypt32.dll'
1547ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1548ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
1549ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'gdi32.dll'.
1550ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'user32.dll'.
1551ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'combase.dll'.
1552ff4.644: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ole32.dll)WinVerifyTrust
1553ff4.644: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
1554ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1555ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1556ff4.644: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll [redoing WinVerifyTrust]
1557ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1558ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1559ff4.644: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [lacks WinVerifyTrust]
1560ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1561ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1562ff4.644: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1563ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1564ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1565ff4.644: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1566ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1567ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1568ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1569ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1570ff4.644: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1571ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
1572ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4ae30000 'C:\WINDOWS\system32\crypt32.dll'
1573ff4.644: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll'
1574ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1575ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1576ff4.644: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1577ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1578ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1579ff4.644: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
1580ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
1581ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4ae30000 'C:\WINDOWS\system32\crypt32.dll'
1582ff4.644: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
1583ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1584ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1585ff4.644: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [redoing WinVerifyTrust]
1586ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
1587ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4ae30000 'C:\WINDOWS\system32\crypt32.dll'
1588ff4.644: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll'
1589ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtopenglvbox4.dll'...
1590ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtopenglvbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtopenglvbox4.dll' [rcNtRedir=0xc0150008]
1591ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
1592ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1593ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1594ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1595ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qtguivbox4.dll'.
1596ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
1597ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'.
1598ff4.644: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll)WinVerifyTrust
1599ff4.644: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
1600ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtnetworkvbox4.dll'...
1601ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtnetworkvbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtnetworkvbox4.dll' [rcNtRedir=0xc0150008]
1602ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1603ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1604ff4.644: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1605ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1606ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1607ff4.644: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll'.
1608ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1609ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
1610ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1611ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
1612ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1613ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1614ff4.644: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll)
1615ff4.644: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1616ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
1617ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
1618ff4.644: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll'.
1619ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1620ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'comdlg32.dll'.
1621ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'.
1622ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
1623ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
1624ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
1625ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
1626ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
1627ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'advapi32.dll'.
1628ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shell32.dll'.
1629ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'qtcorevbox4.dll'.
1630ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp100.dll'.
1631ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcr100.dll'.
1632ff4.644: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll)
1633ff4.644: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
1634ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1635ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1636ff4.644: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1637ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1638ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1639ff4.644: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1640ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1641ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1642ff4.644: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\opengl32.dll'.
1643ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1644ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1645ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1646ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
1647ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
1648ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
1649ff4.644: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll)
1650ff4.644: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1651ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1652ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1653ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
1654ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
1655ff4.644: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\ddraw.dll'.
1656ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1657ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'user32.dll'.
1658ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'gdi32.dll'.
1659ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'dciman32.dll'.
1660ff4.644: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ddraw.dll)
1661ff4.644: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ddraw.dll
1662ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
1663ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
1664ff4.644: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
1665ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1666ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
1667ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1668ff4.644: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\glu32.dll)
1669ff4.644: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll
1670ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1671ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1672ff4.644: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1673ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1674ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1675ff4.644: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1676ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1677ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1678ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1679ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1680ff4.644: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1681ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1682ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1683ff4.644: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1684ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1685ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1686ff4.644: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [lacks WinVerifyTrust]
1687ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1688ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1689ff4.644: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1690ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1691ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1692ff4.644: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1693ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1694ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1695ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1696ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1697ff4.644: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1698ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
1699ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
1700ff4.644: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\winspool.drv'.
1701ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1702ff4.644: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\winspool.drv)
1703ff4.644: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winspool.drv
1704ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1705ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1706ff4.644: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1707ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
1708ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
1709ff4.644: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
1710ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
1711ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'msctf.dll'.
1712ff4.644: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\imm32.dll)
1713ff4.644: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll
1714ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1715ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1716ff4.644: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1717ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
1718ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
1719ff4.644: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1720ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1721ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1722ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1723ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1724ff4.644: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1725ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1726ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1727ff4.644: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1728ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1729ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1730ff4.644: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1731ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1732ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1733ff4.644: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1734ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1735ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1736ff4.644: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1737ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1738ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1739ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
1740ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume2\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
1741ff4.644: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msctf.dll'.
1742ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1743ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
1744ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
1745ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'imm32.dll'.
1746ff4.644: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msctf.dll)
1747ff4.644: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll
1748ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1749ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1750ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1751ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1752ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1753ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1754ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1755ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1756ff4.644: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
1757ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1758ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1759ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
1760ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
1761ff4.644: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\dciman32.dll'.
1762ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1763ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
1764ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1765ff4.644: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\dciman32.dll)
1766ff4.644: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dciman32.dll
1767ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1768ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1769ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1770ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1771ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1772ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1773ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1774ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1775ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1776ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1777ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1778ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1779ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
1780ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
1781ff4.644: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
1782ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1783ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1784ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1785ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1786ff4.644: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1787ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1788ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1789ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
1790ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ws2_32.dll'.
1791ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qtcorevbox4.dll'.
1792ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcr100.dll'.
1793ff4.644: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll)WinVerifyTrust
1794ff4.644: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
1795ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
1796ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
1797ff4.644: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [redoing WinVerifyTrust]
1798ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1799ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1800ff4.644: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1801ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1802ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1803ff4.644: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [lacks WinVerifyTrust]
1804ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1805ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1806ff4.644: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1807ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
1808ff4.644: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll'
1809ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1810ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1811ff4.644: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [redoing WinVerifyTrust]
1812ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
1813ff4.644: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll'
1814ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1815ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1816ff4.644: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1817ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1818ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1819ff4.644: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1820ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1821ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1822ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1823ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1824ff4.644: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
1825ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004f4 pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll
1826ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000104b970
1827ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000104b970
1828ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E7B21317A30D467EC23A2D5AE5A00919E81ECF45
1829ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
1830ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4ae30000 'C:\WINDOWS\system32\crypt32.dll'
1831ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-windows~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
1832ff4.644: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1833ff4.644: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
1834ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
1835ff4.644: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
1836ff4.644: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1837ff4.644: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1838ff4.644: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
1839ff4.644: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
1840ff4.644: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
1841ff4.644: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1842ff4.644: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
1843ff4.644: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll [avoiding WinVerifyTrust]
1844ff4.644: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
1845ff4.644: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [avoiding WinVerifyTrust]
1846ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
1847ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1848ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1849ff4.644: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.16384_none_34a8918f959016ea\comctl32.dll)
1850ff4.644: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.16384_none_34a8918f959016ea\comctl32.dll
1851ff4.644: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
1852ff4.644: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll [avoiding WinVerifyTrust]
1853ff4.644: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [avoiding WinVerifyTrust]
1854ff4.644: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll [avoiding WinVerifyTrust]
1855ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1856ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'combase.dll'.
1857ff4.644: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\SHCore.dll)
1858ff4.644: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\SHCore.dll
1859ff4.644: supR3HardenedDllNotificationCallback: load 00007ffb4d0c0000 LB 0x00171000 C:\WINDOWS\system32\USER32.dll [fFlags=0x0]
1860ff4.644: supR3HardenedDllNotificationCallback: load 00007ffb4b780000 LB 0x00144000 C:\WINDOWS\system32\GDI32.dll [fFlags=0x0]
1861ff4.644: supR3HardenedDllNotificationCallback: load 00007ffb27180000 LB 0x00009000 C:\WINDOWS\SYSTEM32\DCIMAN32.dll [fFlags=0x0]
1862ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll [avoiding WinVerifyTrust]
1863ff4.644: supR3HardenedDllNotificationCallback: load 00007ffb27190000 LB 0x000f4000 C:\WINDOWS\SYSTEM32\DDRAW.dll [fFlags=0x0]
1864ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll [avoiding WinVerifyTrust]
1865ff4.644: supR3HardenedDllNotificationCallback: load 00007ffb37770000 LB 0x0002c000 C:\WINDOWS\SYSTEM32\GLU32.dll [fFlags=0x0]
1866ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
1867ff4.644: supR3HardenedDllNotificationCallback: load 00007ffb27870000 LB 0x00121000 C:\WINDOWS\SYSTEM32\OPENGL32.dll [fFlags=0x0]
1868ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1869ff4.644: supR3HardenedDllNotificationCallback: load 00007ffb4b540000 LB 0x001d6000 C:\WINDOWS\SYSTEM32\combase.dll [fFlags=0x0]
1870ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [avoiding WinVerifyTrust]
1871ff4.644: supR3HardenedDllNotificationCallback: load 00007ffb4cee0000 LB 0x00178000 C:\WINDOWS\system32\ole32.dll [fFlags=0x0]
1872ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1873ff4.644: supR3HardenedDllNotificationCallback: load 0000000058b30000 LB 0x002de000 C:\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [fFlags=0x0]
1874ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1875ff4.644: supR3HardenedDllNotificationCallback: load 00007ffb4d6b0000 LB 0x00051000 C:\WINDOWS\system32\SHLWAPI.dll [fFlags=0x0]
1876ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [avoiding WinVerifyTrust]
1877ff4.644: supR3HardenedDllNotificationCallback: load 00007ffb4ad30000 LB 0x000a1000 C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.16384_none_34a8918f959016ea\COMCTL32.dll [fFlags=0x0]
1878ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.16384_none_34a8918f959016ea\comctl32.dll [avoiding WinVerifyTrust]
1879ff4.644: supR3HardenedDllNotificationCallback: load 00007ffb4ba20000 LB 0x0140f000 C:\WINDOWS\system32\SHELL32.dll [fFlags=0x0]
1880ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1881ff4.644: supR3HardenedDllNotificationCallback: load 00007ffb49090000 LB 0x0009f000 C:\WINDOWS\SYSTEM32\SHCORE.DLL [fFlags=0x0]
1882ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SHCore.dll [avoiding WinVerifyTrust]
1883ff4.644: supR3HardenedDllNotificationCallback: load 00007ffb4d710000 LB 0x0009e000 C:\WINDOWS\system32\COMDLG32.dll [fFlags=0x0]
1884ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1885ff4.644: supR3HardenedDllNotificationCallback: load 00007ffb4b1d0000 LB 0x000c1000 C:\WINDOWS\system32\OLEAUT32.dll [fFlags=0x0]
1886ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1887ff4.644: supR3HardenedDllNotificationCallback: load 00007ffb4d7b0000 LB 0x00139000 C:\WINDOWS\system32\MSCTF.dll [fFlags=0x0]
1888ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msctf.dll [avoiding WinVerifyTrust]
1889ff4.644: supR3HardenedDllNotificationCallback: load 00007ffb4b490000 LB 0x00034000 C:\WINDOWS\system32\IMM32.dll [fFlags=0x0]
1890ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
1891ff4.644: supR3HardenedDllNotificationCallback: load 00007ffb4ade0000 LB 0x0004a000 C:\WINDOWS\SYSTEM32\cfgmgr32.dll [fFlags=0x0]
1892ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [avoiding WinVerifyTrust]
1893ff4.644: supR3HardenedDllNotificationCallback: load 00007ffb49970000 LB 0x00026000 C:\WINDOWS\SYSTEM32\DEVOBJ.dll [fFlags=0x0]
1894ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll [avoiding WinVerifyTrust]
1895ff4.644: supR3HardenedDllNotificationCallback: load 00007ffb44190000 LB 0x0002a000 C:\WINDOWS\SYSTEM32\WINMMBASE.dll [fFlags=0x0]
1896ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
1897ff4.644: supR3HardenedDllNotificationCallback: load 00007ffb441e0000 LB 0x0001f000 C:\WINDOWS\SYSTEM32\WINMM.dll [fFlags=0x0]
1898ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1899ff4.644: supR3HardenedDllNotificationCallback: load 00007ffb443a0000 LB 0x0007b000 C:\WINDOWS\SYSTEM32\WINSPOOL.DRV [fFlags=0x0]
1900ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
1901ff4.644: supR3HardenedDllNotificationCallback: load 00000000581c0000 LB 0x00969000 C:\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [fFlags=0x0]
1902ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
1903ff4.644: supR3HardenedDllNotificationCallback: load 00000000580b0000 LB 0x00105000 C:\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll [fFlags=0x0]
1904ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
1905ff4.644: supR3HardenedDllNotificationCallback: load 0000000057fd0000 LB 0x000dc000 C:\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll [fFlags=0x0]
1906ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
1907ff4.644: supR3HardenedDllNotificationCallback: load 00007ffb263c0000 LB 0x00873000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
1908ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
1909ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1910ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1911ff4.644: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [lacks WinVerifyTrust]
1912ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1913ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1914ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1915ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1916ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1917ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1918ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1919ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1920ff4.644: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1921ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
1922ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4ae30000 'C:\WINDOWS\system32\crypt32.dll'
1923ff4.644: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\SHCore.dll'
1924ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000504 pwszName=\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.16384_none_34a8918f959016ea\comctl32.dll
1925ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000104b970
1926ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000104b970
1927ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0B6F85C85728A0522988F3BA15B32993C5E6F65A
1928ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
1929ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4ae30000 'C:\WINDOWS\system32\crypt32.dll'
1930ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-shell~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.16384_none_34a8918f959016ea\comctl32.dll'
1931ff4.644: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1932ff4.644: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.16384_none_34a8918f959016ea\comctl32.dll'
1933ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000050c pwszName=\Device\HarddiskVolume2\Windows\System32\dciman32.dll
1934ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000104b970
1935ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000104b970
1936ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F7054D7E2435C8185055FC10D72A003A1DA9E42A
1937ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
1938ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4ae30000 'C:\WINDOWS\system32\crypt32.dll'
1939ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-windows~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\dciman32.dll'
1940ff4.644: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1941ff4.644: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\dciman32.dll'
1942ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
1943ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4ae30000 'C:\WINDOWS\system32\crypt32.dll'
1944ff4.644: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll'
1945ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
1946ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4ae30000 'C:\WINDOWS\system32\crypt32.dll'
1947ff4.644: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll'
1948ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000464 pwszName=\Device\HarddiskVolume2\Windows\System32\winspool.drv
1949ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000104b970
1950ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000104b970
1951ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=301C08682DA17C67E9303CDB8A53D6714879AAB6
1952ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
1953ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4ae30000 'C:\WINDOWS\system32\crypt32.dll'
1954ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_458_for_KB2975719~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume2\Windows\System32\winspool.drv'
1955ff4.644: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1956ff4.644: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\winspool.drv'
1957ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000041c pwszName=\Device\HarddiskVolume2\Windows\System32\glu32.dll
1958ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000104b970
1959ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000104b970
1960ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3E2A9E0BA990B5B324512157B6832A46A7F5FC7E
1961ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
1962ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4ae30000 'C:\WINDOWS\system32\crypt32.dll'
1963ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-windows~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\glu32.dll'
1964ff4.644: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1965ff4.644: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll'
1966ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000038c pwszName=\Device\HarddiskVolume2\Windows\System32\ddraw.dll
1967ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000104b970
1968ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000104b970
1969ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=31DF65C62254C7AE52D40C6878D7F8B35E0367A8
1970ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
1971ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4ae30000 'C:\WINDOWS\system32\crypt32.dll'
1972ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-windows~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\ddraw.dll'
1973ff4.644: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1974ff4.644: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ddraw.dll'
1975ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
1976ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4ae30000 'C:\WINDOWS\system32\crypt32.dll'
1977ff4.644: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\combase.dll'
1978ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
1979ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4ae30000 'C:\WINDOWS\system32\crypt32.dll'
1980ff4.644: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
1981ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000484 pwszName=\Device\HarddiskVolume2\Windows\System32\comctl32.dll
1982ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000104b970
1983ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000104b970
1984ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0B6F85C85728A0522988F3BA15B32993C5E6F65A
1985ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
1986ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4ae30000 'C:\WINDOWS\system32\crypt32.dll'
1987ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-shell~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\comctl32.dll'
1988ff4.644: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1989ff4.644: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\comctl32.dll'
1990ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
1991ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4ae30000 'C:\WINDOWS\system32\crypt32.dll'
1992ff4.644: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
1993ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
1994ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4ae30000 'C:\WINDOWS\system32\crypt32.dll'
1995ff4.644: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\devobj.dll'
1996ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
1997ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4ae30000 'C:\WINDOWS\system32\crypt32.dll'
1998ff4.644: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll'
1999ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
2000ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2001ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b490000 'C:\WINDOWS\system32\imm32.dll'
2002ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb263c0000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
2003ff4.644: SUPR3HardenedMain: Calling TrustedMain (00007ffb263c1ca0)...
2004ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2005ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2006ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb441e0000 'C:\WINDOWS\system32\winmm.dll'
2007ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000644 pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2008ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000104b970
2009ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000104b970
2010ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4235D21C52BC6FC9D5B6A7B3CE61ED85F804B2B7
2011ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
2012ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2013ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
2014ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4ae30000 'C:\WINDOWS\system32\crypt32.dll'
2015ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2550_for_KB2919355~31bf3856ad364e35~amd64~~6.3.1.14.cat'; file='\Device\HarddiskVolume2\Windows\System32\uxtheme.dll'
2016ff4.644: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2017ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2018ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
2019ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'gdi32.dll'.
2020ff4.644: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll)WinVerifyTrust
2021ff4.644: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2022ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2023ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2024ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2025ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2026ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2027ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2028ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2029ff4.644: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2030ff4.644: supR3HardenedDllNotificationCallback: load 00007ffb499a0000 LB 0x00121000 C:\WINDOWS\system32\uxtheme.dll [fFlags=0x0]
2031ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2032ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb499a0000 'C:\WINDOWS\system32\uxtheme.dll'
2033ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2034ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2035ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb499a0000 'C:\WINDOWS\system32\uxtheme.dll'
2036ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2037ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2038ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb499a0000 'C:\WINDOWS\system32\uxtheme.dll'
2039ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2040ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2041ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb499a0000 'C:\WINDOWS\system32\uxtheme.dll'
2042ff4.644: \Device\HarddiskVolume2\Program Files (x86)\Raptr\ltc_help64-90151.dll: Owner is administrators group.
2043ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
2044ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
2045ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
2046ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'shell32.dll'.
2047ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'wintrust.dll'.
2048ff4.644: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files (x86)\Raptr\ltc_help64-90151.dll)WinVerifyTrust
2049ff4.644: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files (x86)\Raptr\ltc_help64-90151.dll
2050ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wintrust.dll'...
2051ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'wintrust.dll' -> '\Device\HarddiskVolume2\Windows\System32\wintrust.dll' [rcNtRedir=0xc0150008]
2052ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
2053ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
2054ff4.644: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2055ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2056ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2057ff4.644: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2058ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2059ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2060ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files (x86)\Raptr\ltc_help64-90151.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2061ff4.644: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files (x86)\Raptr\ltc_help64-90151.dll
2062ff4.644: supR3HardenedDllNotificationCallback: load 00007ffb27d40000 LB 0x00025000 C:\Program Files (x86)\Raptr\ltc_help64-90151.dll [fFlags=0x0]
2063ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files (x86)\Raptr\ltc_help64-90151.dll
2064ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb27d40000 'C:\Program Files (x86)\Raptr\ltc_help64-90151.dll'
2065ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2066ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'user32.dll'.
2067ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'gdi32.dll'.
2068ff4.644: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dwmapi.dll)
2069ff4.644: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
2070ff4.644: supR3HardenedDllNotificationCallback: load 00007ffb48ec0000 LB 0x00020000 C:\WINDOWS\system32\dwmapi.dll [fFlags=0x0]
2071ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
2072ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcrt.dll'.
2073ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
2074ff4.644: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll)
2075ff4.644: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll
2076ff4.644: supR3HardenedDllNotificationCallback: load 00007ffb49960000 LB 0x0000a000 C:\WINDOWS\SYSTEM32\kernel.appcore.dll [fFlags=0x0]
2077ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll [avoiding WinVerifyTrust]
2078ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2079ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2080ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2081ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2082ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2083ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2084ff4.644: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2085ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2086ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2087ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2088ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2089ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
2090ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4ae30000 'C:\WINDOWS\system32\crypt32.dll'
2091ff4.644: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll'
2092ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
2093ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4ae30000 'C:\WINDOWS\system32\crypt32.dll'
2094ff4.644: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll'
2095ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2096ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2097ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4ba20000 'C:\WINDOWS\system32\shell32.dll'
2098ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2099ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2100ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b8d0000 'C:\WINDOWS\system32\kernel32.dll'
2101ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2102ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2103ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb499a0000 'C:\WINDOWS\system32\uxtheme.dll'
2104ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2105ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2106ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb499a0000 'C:\WINDOWS\system32\uxtheme.dll'
2107ff4.644: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll)
2108ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2109ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\WINDOWS\system32\wintab32.dll'
2110ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\user32.dll'
2111ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2112ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2113ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb499a0000 'C:\WINDOWS\system32\uxtheme.dll'
2114ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\user32.dll'
2115ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4ce30000 'C:\WINDOWS\system32\advapi32.dll'
2116ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
2117ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4ae30000 'C:\WINDOWS\system32\crypt32.dll'
2118ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2119ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
2120ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'profapi.dll'.
2121ff4.644: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\userenv.dll)WinVerifyTrust
2122ff4.644: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll
2123ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
2124ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
2125ff4.644: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll
2126ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2127ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2128ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2129ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2130ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2131ff4.644: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
2132ff4.644: supR3HardenedDllNotificationCallback: load 00007ffb4a340000 LB 0x0001e000 C:\WINDOWS\system32\userenv.dll [fFlags=0x0]
2133ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
2134ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a340000 'C:\WINDOWS\system32\userenv.dll'
2135ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2136ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2137ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b8d0000 'C:\WINDOWS\system32\kernel32.dll'
2138ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2139ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
2140ff4.644: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clbcatq.dll)
2141ff4.644: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
2142ff4.644: supR3HardenedDllNotificationCallback: load 00007ffb4d240000 LB 0x000a4000 C:\WINDOWS\SYSTEM32\clbcatq.dll [fFlags=0x0]
2143ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll [avoiding WinVerifyTrust]
2144ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2145ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2146ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2147ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2148ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
2149ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4ae30000 'C:\WINDOWS\system32\crypt32.dll'
2150ff4.644: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\clbcatq.dll'
2151ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
2152ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2153ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2154ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b1d0000 'C:\Windows\System32\oleaut32.dll'
2155ff4.644: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\sxs.dll)
2156ff4.644: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sxs.dll
2157ff4.644: supR3HardenedDllNotificationCallback: load 00007ffb4ab40000 LB 0x00097000 C:\WINDOWS\SYSTEM32\sxs.dll [fFlags=0x0]
2158ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\sxs.dll [avoiding WinVerifyTrust]
2159ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000006dc pwszName=\Device\HarddiskVolume2\Windows\System32\sxs.dll
2160ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000104b970
2161ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000104b970
2162ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=687F47861CE02066FB64E8228B3C4D091FA20854
2163ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
2164ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4ae30000 'C:\WINDOWS\system32\crypt32.dll'
2165ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntph.cat'; file='\Device\HarddiskVolume2\Windows\System32\sxs.dll'
2166ff4.644: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2167ff4.644: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sxs.dll'
2168ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2169ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\OLEAUT32.dll (Input=OLEAUT32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2170ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b1d0000 'C:\WINDOWS\system32\OLEAUT32.dll'
2171ff4.644: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll)
2172ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2173ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\WINDOWS\system32\wintab32.dll'
2174ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b780000 'C:\WINDOWS\system32\gdi32.dll'
2175ff4.16c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
2176ff4.16c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2177ff4.16c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2178ff4.16c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2179ff4.16c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
2180ff4.16c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
2181ff4.16c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
2182ff4.16c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'.
2183ff4.16c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll)WinVerifyTrust
2184ff4.16c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
2185ff4.16c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2186ff4.16c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2187ff4.16c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2188ff4.16c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2189ff4.16c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2190ff4.16c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2191ff4.16c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2192ff4.16c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2193ff4.16c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2194ff4.16c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2195ff4.16c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2196ff4.16c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2197ff4.16c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2198ff4.16c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2199ff4.16c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2200ff4.16c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
2201ff4.16c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2202ff4.16c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2203ff4.16c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
2204ff4.16c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2205ff4.16c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
2206ff4.16c8: supR3HardenedDllNotificationCallback: load 00007ffb25ec0000 LB 0x004f6000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
2207ff4.16c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
2208ff4.16c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb25ec0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
2209ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\user32.dll'
2210ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2211ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2212ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4ba20000 'C:\WINDOWS\system32\shell32.dll'
2213ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2214ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\ole32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2215ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4cee0000 'C:\WINDOWS\system32\ole32.dll'
2216ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msctf.dll
2217ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2218ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d7b0000 'C:\WINDOWS\system32\MSCTF.dll'
2219ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2220ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2221ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4ba20000 'C:\WINDOWS\system32\shell32.dll'
2222ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2223ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2224ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4ba20000 'C:\WINDOWS\system32\shell32.dll'
2225ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2226ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2227ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4cee0000 'C:\WINDOWS\system32\ole32.dll'
2228ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2229ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2230ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b1d0000 'C:\WINDOWS\system32\OLEAUT32.dll'
2231ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000aac pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2232ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000104b970
2233ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000104b970
2234ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7236FDED02E3449B6CA92FB6E4246EBF9068E8BF
2235ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
2236ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4ae30000 'C:\WINDOWS\system32\crypt32.dll'
2237ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_110_for_KB2962409~31bf3856ad364e35~amd64~~6.3.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll'
2238ff4.644: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2239ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2240ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
2241ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
2242ff4.644: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll)WinVerifyTrust
2243ff4.644: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2244ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
2245ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
2246ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ad0 pwszName=\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2247ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000104b970
2248ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000104b970
2249ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C8CF4605B4B026F3426876C8B971F3B65D680FCA
2250ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
2251ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4ae30000 'C:\WINDOWS\system32\crypt32.dll'
2252ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-admin~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll'
2253ff4.644: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2254ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2255ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'ws2_32.dll'.
2256ff4.644: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll)WinVerifyTrust
2257ff4.644: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2258ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2259ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2260ff4.644: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2261ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2262ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2263ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2264ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2265ff4.644: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2266ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2267ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2268ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2269ff4.644: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2270ff4.644: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2271ff4.644: supR3HardenedDllNotificationCallback: load 00007ffb42c60000 LB 0x0007f000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [fFlags=0x0]
2272ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2273ff4.644: supR3HardenedDllNotificationCallback: load 00007ffb40c80000 LB 0x0000f000 C:\WINDOWS\system32\wbem\wbemprox.dll [fFlags=0x0]
2274ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2275ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2276ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b010000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
2277ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb40c80000 'C:\WINDOWS\system32\wbem\wbemprox.dll'
2278ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b00 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2279ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000104b970
2280ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000104b970
2281ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CAF9F72D1022230646E0EDB101D9050122FBB222
2282ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
2283ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
2284ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2285ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4ae30000 'C:\WINDOWS\system32\crypt32.dll'
2286ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_110_for_KB2962409~31bf3856ad364e35~amd64~~6.3.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll'
2287ff4.644: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2288ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2289ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
2290ff4.644: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll)WinVerifyTrust
2291ff4.644: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2292ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2293ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2294ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2295ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2296ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2297ff4.644: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2298ff4.644: supR3HardenedDllNotificationCallback: load 00007ffb405d0000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [fFlags=0x0]
2299ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2300ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb405d0000 'C:\WINDOWS\system32\wbem\wbemsvc.dll'
2301ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2302ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b010000 'api-ms-win-core-localization-l1-2-0.dll'
2303ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2304ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b010000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
2305ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b0c pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2306ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000104b970
2307ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000104b970
2308ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3F29F8F4F858A7AFDF4CD047A78948C26E8333B6
2309ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
2310ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4ae30000 'C:\WINDOWS\system32\crypt32.dll'
2311ff4.644: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-admin~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll'
2312ff4.644: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2313ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2314ff4.644: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
2315ff4.644: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll)WinVerifyTrust
2316ff4.644: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2317ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
2318ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
2319ff4.644: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2320ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2321ff4.644: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2322ff4.644: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
2323ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2324ff4.644: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2325ff4.644: supR3HardenedDllNotificationCallback: load 00007ffb40790000 LB 0x000e4000 C:\WINDOWS\system32\wbem\fastprox.dll [fFlags=0x0]
2326ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2327ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb40790000 'C:\WINDOWS\system32\wbem\fastprox.dll'
2328ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2329ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2330ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b1d0000 'C:\WINDOWS\system32\OLEAUT32.dll'
2331ff4.644: supR3HardenedMonitor_LdrLoadDll: 'C:\WINDOWS\system32\comctl32.dll' -> 'C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.16384_none_34a8918f959016ea\comctl32.dll' [redir]
2332ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.16384_none_34a8918f959016ea\comctl32.dll
2333ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.16384_none_34a8918f959016ea\comctl32.dll (Input=C:\WINDOWS\system32\comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2334ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4ad30000 'C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.16384_none_34a8918f959016ea\comctl32.dll'
2335ff4.644: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2336ff4.644: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\SYSTEM32\WINMM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2337ff4.644: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb441e0000 'C:\WINDOWS\SYSTEM32\WINMM.dll'
2338ff4.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
2339ff4.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2340ff4.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
2341ff4.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2342ff4.454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll)WinVerifyTrust
2343ff4.454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2344ff4.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2345ff4.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2346ff4.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
2347ff4.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
2348ff4.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
2349ff4.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
2350ff4.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2351ff4.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
2352ff4.454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll)WinVerifyTrust
2353ff4.454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
2354ff4.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2355ff4.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2356ff4.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2357ff4.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2358ff4.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2359ff4.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2360ff4.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2361ff4.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2362ff4.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2363ff4.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2364ff4.454: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2365ff4.454: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
2366ff4.454: supR3HardenedDllNotificationCallback: load 0000000057ec0000 LB 0x00109000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
2367ff4.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
2368ff4.454: supR3HardenedDllNotificationCallback: load 00007ffb22310000 LB 0x00260000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
2369ff4.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2370ff4.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22310000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
2371ff4.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
2372ff4.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
2373ff4.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4ae30000 'C:\WINDOWS\system32\crypt32.dll'
2374ff4.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2375ff4.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'.
2376ff4.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'nsi.dll'.
2377ff4.1864: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\netcfgx.dll)WinVerifyTrust
2378ff4.1864: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\netcfgx.dll
2379ff4.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2380ff4.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2381ff4.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
2382ff4.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2383ff4.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2384ff4.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2385ff4.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2386ff4.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2387ff4.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\netcfgx.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2388ff4.1864: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\netcfgx.dll
2389ff4.1864: supR3HardenedDllNotificationCallback: load 00007ffb277f0000 LB 0x00079000 C:\Windows\System32\netcfgx.dll [fFlags=0x0]
2390ff4.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\netcfgx.dll
2391ff4.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb277f0000 'C:\Windows\System32\netcfgx.dll'
2392ff4.1864: supR3HardenedDllNotificationCallback: load 00007ffb4b2b0000 LB 0x001d4000 C:\WINDOWS\system32\SETUPAPI.dll [fFlags=0x0]
2393ff4.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'cfgmgr32.dll'.
2394ff4.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
2395ff4.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
2396ff4.1864: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll)
2397ff4.1864: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2398ff4.1b14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2399ff4.1b14: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2400ff4.1b14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2401ff4.1b14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2402ff4.1b14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
2403ff4.1b14: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
2404ff4.1b14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2405ff4.1b14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
2406ff4.1b14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4ae30000 'C:\WINDOWS\system32\crypt32.dll'
2407ff4.1b14: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\setupapi.dll'
2408ff4.1b14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
2409ff4.1b14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2410ff4.1b14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2411ff4.1b14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2412ff4.1b14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2413ff4.1b14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll)WinVerifyTrust
2414ff4.1b14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2415ff4.1b14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2416ff4.1b14: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2417ff4.1b14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2418ff4.1b14: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2419ff4.1b14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2420ff4.1b14: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2421ff4.1b14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2422ff4.1b14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2423ff4.1b14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2424ff4.1b14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2425ff4.1b14: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2426ff4.1b14: supR3HardenedDllNotificationCallback: load 00007ffb445a0000 LB 0x00009000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
2427ff4.1b14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2428ff4.1b14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb445a0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
2429ff4.1914: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
2430ff4.1914: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2431ff4.1914: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2432ff4.1914: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll)WinVerifyTrust
2433ff4.1914: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2434ff4.1914: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2435ff4.1914: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2436ff4.1914: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2437ff4.1914: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2438ff4.1914: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2439ff4.1914: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2440ff4.1914: supR3HardenedDllNotificationCallback: load 00007ffb44590000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
2441ff4.1914: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2442ff4.1914: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb44590000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
2443ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
2444ff4.20c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2445ff4.20c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxoglhostcrutil.dll'.
2446ff4.20c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2447ff4.20c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxvmm.dll'.
2448ff4.20c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxoglrenderspu.dll'.
2449ff4.20c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
2450ff4.20c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ole32.dll'.
2451ff4.20c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'oleaut32.dll'.
2452ff4.20c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.dll)WinVerifyTrust
2453ff4.20c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.dll
2454ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2455ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2456ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2457ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2458ff4.20c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2459ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2460ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2461ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglrenderspu.dll'...
2462ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglrenderspu.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxoglrenderspu.dll' [rcNtRedir=0xc0150008]
2463ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
2464ff4.20c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2465ff4.20c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxoglhostcrutil.dll'.
2466ff4.20c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2467ff4.20c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2468ff4.20c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
2469ff4.20c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
2470ff4.20c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll)WinVerifyTrust
2471ff4.20c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll
2472ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2473ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2474ff4.20c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2475ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2476ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2477ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglhostcrutil.dll'...
2478ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglhostcrutil.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxoglhostcrutil.dll' [rcNtRedir=0xc0150008]
2479ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2480ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2481ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2482ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2483ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2484ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2485ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2486ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2487ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglhostcrutil.dll'...
2488ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglhostcrutil.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxoglhostcrutil.dll' [rcNtRedir=0xc0150008]
2489ff4.20c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll'.
2490ff4.20c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2491ff4.20c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2492ff4.20c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'shlwapi.dll'.
2493ff4.20c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
2494ff4.20c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll)
2495ff4.20c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll
2496ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2497ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2498ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2499ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2500ff4.20c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2501ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
2502ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
2503ff4.20c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2504ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2505ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2506ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2507ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2508ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
2509ff4.20c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2510ff4.20c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2511ff4.20c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'shlwapi.dll'.
2512ff4.20c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
2513ff4.20c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll)WinVerifyTrust
2514ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2515ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2516ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2517ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2518ff4.20c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2519ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
2520ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
2521ff4.20c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2522ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2523ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2524ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2525ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2526ff4.20c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2527ff4.20c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.dll
2528ff4.20c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll [avoiding WinVerifyTrust]
2529ff4.20c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll
2530ff4.20c: supR3HardenedDllNotificationCallback: load 00007ffb3f390000 LB 0x00032000 C:\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll [fFlags=0x0]
2531ff4.20c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll [avoiding WinVerifyTrust]
2532ff4.20c: supR3HardenedDllNotificationCallback: load 00007ffb39700000 LB 0x00027000 C:\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll [fFlags=0x0]
2533ff4.20c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll
2534ff4.20c: supR3HardenedDllNotificationCallback: load 00007ffb27aa0000 LB 0x00127000 C:\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.DLL [fFlags=0x0]
2535ff4.20c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.dll
2536ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb27aa0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.DLL'
2537ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
2538ff4.20c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll'
2539ff4.20c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll
2540ff4.20c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2541ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb39700000 'C:\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll'
2542ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
2543ff4.20c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2544ff4.20c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxoglhostcrutil.dll'.
2545ff4.20c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll)WinVerifyTrust
2546ff4.20c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll
2547ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglhostcrutil.dll'...
2548ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglhostcrutil.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxoglhostcrutil.dll' [rcNtRedir=0xc0150008]
2549ff4.20c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll
2550ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2551ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2552ff4.20c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
2553ff4.20c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2554ff4.20c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll
2555ff4.20c: supR3HardenedDllNotificationCallback: load 00007ffb44460000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll [fFlags=0x0]
2556ff4.20c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll
2557ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb44460000 'C:\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll'
2558ff4.20c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
2559ff4.20c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32/opengl32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2560ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb27870000 'C:\WINDOWS\system32/opengl32.dll'
2561ff4.20c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
2562ff4.20c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\OPENGL32.dll (Input=OPENGL32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2563ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb27870000 'C:\WINDOWS\system32\OPENGL32.dll'
2564ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b780000 'C:\WINDOWS\system32\gdi32.dll'
2565ff4.20c: \Device\HarddiskVolume2\Windows\System32\atig6pxx.dll: Owner is administrators group.
2566ff4.20c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ccc pwszName=\Device\HarddiskVolume2\Windows\System32\atig6pxx.dll
2567ff4.20c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000104b970
2568ff4.20c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000104b970
2569ff4.20c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9B8E70A57B678B5E29AE8E7B2B20BFB2715CC5DE
2570ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
2571ff4.20c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem128.CAT'; file='\Device\HarddiskVolume2\Windows\System32\atig6pxx.dll'
2572ff4.20c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2573ff4.20c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
2574ff4.20c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
2575ff4.20c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
2576ff4.20c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\atig6pxx.dll)WinVerifyTrust
2577ff4.20c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\atig6pxx.dll
2578ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2579ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2580ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2581ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2582ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2583ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2584ff4.20c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\atig6pxx.dll (Input=atig6pxx.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2585ff4.20c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\atig6pxx.dll
2586ff4.20c: supR3HardenedDllNotificationCallback: load 00007ffb40d00000 LB 0x00018000 C:\WINDOWS\system32\atig6pxx.dll [fFlags=0x0]
2587ff4.20c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\atig6pxx.dll
2588ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb40d00000 'C:\WINDOWS\system32\atig6pxx.dll'
2589ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b780000 'C:\WINDOWS\system32\gdi32.dll'
2590ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b780000 'C:\WINDOWS\system32\gdi32.dll'
2591ff4.20c: \Device\HarddiskVolume2\Windows\System32\atio6axx.dll: Owner is administrators group.
2592ff4.20c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000cdc pwszName=\Device\HarddiskVolume2\Windows\System32\atio6axx.dll
2593ff4.20c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000104b970
2594ff4.20c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000104b970
2595ff4.20c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=93CCC54AFD59A3A10E6E0161DCE478BD32A38F5B
2596ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
2597ff4.20c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem128.CAT'; file='\Device\HarddiskVolume2\Windows\System32\atio6axx.dll'
2598ff4.20c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2599ff4.20c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
2600ff4.20c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
2601ff4.20c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'version.dll'.
2602ff4.20c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
2603ff4.20c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'setupapi.dll'.
2604ff4.20c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\atio6axx.dll)WinVerifyTrust
2605ff4.20c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\atio6axx.dll
2606ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2607ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2608ff4.20c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2609ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2610ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2611ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
2612ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume2\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
2613ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
2614ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4ae30000 'C:\WINDOWS\system32\crypt32.dll'
2615ff4.20c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
2616ff4.20c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\version.dll)WinVerifyTrust
2617ff4.20c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\version.dll
2618ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2619ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2620ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2621ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2622ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2623ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2624ff4.20c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\atio6axx.dll (Input=atio6axx.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2625ff4.20c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\atio6axx.dll
2626ff4.20c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll
2627ff4.20c: supR3HardenedDllNotificationCallback: load 00007ffb48480000 LB 0x0000a000 C:\WINDOWS\SYSTEM32\VERSION.dll [fFlags=0x0]
2628ff4.20c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll
2629ff4.20c: supR3HardenedDllNotificationCallback: load 0000000056370000 LB 0x01b44000 C:\WINDOWS\system32\atio6axx.dll [fFlags=0x0]
2630ff4.20c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\atio6axx.dll
2631ff4.20c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2632ff4.20c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2633ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb441e0000 'C:\WINDOWS\system32\winmm.dll'
2634ff4.20c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
2635ff4.20c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2636ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb48ec0000 'C:\WINDOWS\system32\dwmapi.dll'
2637ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000056370000 'C:\WINDOWS\system32\atio6axx.dll'
2638ff4.20c: \Device\HarddiskVolume2\Windows\System32\atiadlxx.dll: Owner is administrators group.
2639ff4.20c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d74 pwszName=\Device\HarddiskVolume2\Windows\System32\atiadlxx.dll
2640ff4.20c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000104b970
2641ff4.20c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000104b970
2642ff4.20c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=07C941F609B787BC21361E0E44D33938546775EF
2643ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
2644ff4.20c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem128.CAT'; file='\Device\HarddiskVolume2\Windows\System32\atiadlxx.dll'
2645ff4.20c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2646ff4.20c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
2647ff4.20c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
2648ff4.20c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'shell32.dll'.
2649ff4.20c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
2650ff4.20c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'propsys.dll'.
2651ff4.20c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
2652ff4.20c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'userenv.dll'.
2653ff4.20c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'wtsapi32.dll'.
2654ff4.20c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'setupapi.dll'.
2655ff4.20c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'psapi.dll'.
2656ff4.20c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'ws2_32.dll'.
2657ff4.20c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'iphlpapi.dll'.
2658ff4.20c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\atiadlxx.dll)WinVerifyTrust
2659ff4.20c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\atiadlxx.dll
2660ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
2661ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
2662ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
2663ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4ae30000 'C:\WINDOWS\system32\crypt32.dll'
2664ff4.20c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
2665ff4.20c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winnsi.dll'.
2666ff4.20c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL)WinVerifyTrust
2667ff4.20c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2668ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2669ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2670ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'psapi.dll'...
2671ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: 'psapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\psapi.dll' [rcNtRedir=0xc0150008]
2672ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
2673ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
2674ff4.20c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\winnsi.dll'.
2675ff4.20c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
2676ff4.20c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
2677ff4.20c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winnsi.dll)
2678ff4.20c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winnsi.dll
2679ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2680ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2681ff4.20c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
2682ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2683ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2684ff4.20c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
2685ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2686ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2687ff4.20c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2688ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
2689ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4ae30000 'C:\WINDOWS\system32\crypt32.dll'
2690ff4.20c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\psapi.dll)WinVerifyTrust
2691ff4.20c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\psapi.dll
2692ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2693ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2694ff4.20c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2695ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wtsapi32.dll'...
2696ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: 'wtsapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wtsapi32.dll' [rcNtRedir=0xc0150008]
2697ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
2698ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4ae30000 'C:\WINDOWS\system32\crypt32.dll'
2699ff4.20c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2700ff4.20c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wtsapi32.dll)WinVerifyTrust
2701ff4.20c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wtsapi32.dll
2702ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'...
2703ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume2\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008]
2704ff4.20c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
2705ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2706ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2707ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
2708ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume2\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
2709ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2710ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2711ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
2712ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4ae30000 'C:\WINDOWS\system32\crypt32.dll'
2713ff4.20c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2714ff4.20c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
2715ff4.20c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
2716ff4.20c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'combase.dll'.
2717ff4.20c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\propsys.dll)WinVerifyTrust
2718ff4.20c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\propsys.dll
2719ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2720ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2721ff4.20c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2722ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
2723ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
2724ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2725ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2726ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2727ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2728ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
2729ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
2730ff4.20c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll
2731ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2732ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2733ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2734ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2735ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2736ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2737ff4.20c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\atiadlxx.dll (Input=atiadlxx.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2738ff4.20c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\atiadlxx.dll
2739ff4.20c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
2740ff4.20c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wtsapi32.dll
2741ff4.20c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2742ff4.20c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll [avoiding WinVerifyTrust]
2743ff4.20c: supR3HardenedDllNotificationCallback: load 00007ffb47cb0000 LB 0x0016f000 C:\WINDOWS\SYSTEM32\PROPSYS.dll [fFlags=0x0]
2744ff4.20c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
2745ff4.20c: supR3HardenedDllNotificationCallback: load 00007ffb49570000 LB 0x00011000 C:\WINDOWS\SYSTEM32\WTSAPI32.dll [fFlags=0x0]
2746ff4.20c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wtsapi32.dll
2747ff4.20c: supR3HardenedDllNotificationCallback: load 00007ffb4d500000 LB 0x00007000 C:\WINDOWS\system32\PSAPI.DLL [fFlags=0x0]
2748ff4.20c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\psapi.dll
2749ff4.20c: supR3HardenedDllNotificationCallback: load 00007ffb47a30000 LB 0x0000a000 C:\WINDOWS\SYSTEM32\WINNSI.DLL [fFlags=0x0]
2750ff4.20c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll [avoiding WinVerifyTrust]
2751ff4.20c: supR3HardenedDllNotificationCallback: load 00007ffb47a40000 LB 0x00029000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
2752ff4.20c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2753ff4.20c: supR3HardenedDllNotificationCallback: load 00007ffb47e80000 LB 0x00137000 C:\WINDOWS\system32\atiadlxx.dll [fFlags=0x0]
2754ff4.20c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\atiadlxx.dll
2755ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb47e80000 'C:\WINDOWS\system32\atiadlxx.dll'
2756ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
2757ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4ae30000 'C:\WINDOWS\system32\crypt32.dll'
2758ff4.20c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\winnsi.dll'
2759ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b780000 'C:\WINDOWS\system32\gdi32.dll'
2760ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b780000 'C:\WINDOWS\system32\gdi32.dll'
2761ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b780000 'C:\WINDOWS\system32\gdi32.dll'
2762ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b780000 'C:\WINDOWS\system32\gdi32.dll'
2763ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b780000 'C:\WINDOWS\system32\gdi32.dll'
2764ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b780000 'C:\WINDOWS\system32\gdi32.dll'
2765ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b780000 'C:\WINDOWS\system32\gdi32.dll'
2766ff4.20c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2767ff4.20c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2768ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b780000 'C:\WINDOWS\system32\gdi32.dll'
2769ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b780000 'C:\WINDOWS\system32\gdi32.dll'
2770ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b780000 'C:\WINDOWS\system32\gdi32.dll'
2771ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b780000 'C:\WINDOWS\system32\gdi32.dll'
2772ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b780000 'C:\WINDOWS\system32\gdi32.dll'
2773ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b780000 'C:\WINDOWS\system32\gdi32.dll'
2774ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b780000 'C:\WINDOWS\system32\gdi32.dll'
2775ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b780000 'C:\WINDOWS\system32\gdi32.dll'
2776ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2777ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2778ff4.20c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
2779ff4.20c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\USER32.DLL (Input=USER32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2780ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2781ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2782ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2783ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2784ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2785ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2786ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2787ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2788ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2789ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2790ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2791ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2792ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2793ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2794ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2795ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2796ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2797ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2798ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2799ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2800ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2801ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2802ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2803ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2804ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2805ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2806ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2807ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2808ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2809ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2810ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2811ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2812ff4.20c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
2813ff4.20c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\USER32.DLL (Input=USER32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2814ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2815ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2816ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2817ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2818ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2819ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2820ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2821ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2822ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2823ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2824ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2825ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2826ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2827ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2828ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2829ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2830ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b780000 'C:\WINDOWS\system32\gdi32.dll'
2831ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b780000 'C:\WINDOWS\system32\gdi32.dll'
2832ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b780000 'C:\WINDOWS\system32\gdi32.dll'
2833ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b780000 'C:\WINDOWS\system32\gdi32.dll'
2834ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b780000 'C:\WINDOWS\system32\gdi32.dll'
2835ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b780000 'C:\WINDOWS\system32\gdi32.dll'
2836ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b780000 'C:\WINDOWS\system32\gdi32.dll'
2837ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b780000 'C:\WINDOWS\system32\gdi32.dll'
2838ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b780000 'C:\WINDOWS\system32\gdi32.dll'
2839ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b780000 'C:\WINDOWS\system32\gdi32.dll'
2840ff4.20c: \Device\HarddiskVolume2\Windows\System32\atig6txx.dll: Owner is administrators group.
2841ff4.20c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000dd4 pwszName=\Device\HarddiskVolume2\Windows\System32\atig6txx.dll
2842ff4.20c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000104b970
2843ff4.20c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000104b970
2844ff4.20c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=403704C8D283FE3A48F25BD096A96D394B962EBD
2845ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
2846ff4.20c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem128.CAT'; file='\Device\HarddiskVolume2\Windows\System32\atig6txx.dll'
2847ff4.20c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2848ff4.20c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
2849ff4.20c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
2850ff4.20c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'version.dll'.
2851ff4.20c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\atig6txx.dll)WinVerifyTrust
2852ff4.20c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\atig6txx.dll
2853ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
2854ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume2\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
2855ff4.20c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll
2856ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2857ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2858ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2859ff4.20c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2860ff4.20c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\atig6txx.dll (Input=atig6txx.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2861ff4.20c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\atig6txx.dll
2862ff4.20c: supR3HardenedDllNotificationCallback: load 00007ffb396d0000 LB 0x00029000 C:\WINDOWS\system32\atig6txx.dll [fFlags=0x0]
2863ff4.20c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\atig6txx.dll
2864ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb396d0000 'C:\WINDOWS\system32\atig6txx.dll'
2865ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b780000 'C:\WINDOWS\system32\gdi32.dll'
2866ff4.20c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
2867ff4.20c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
2868ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb48ec0000 'C:\WINDOWS\system32\dwmapi.dll'
2869ff4.20c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
2870ff4.20c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
2871ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb48ec0000 'C:\WINDOWS\system32\dwmapi.dll'
2872ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2873ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2874ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b780000 'C:\WINDOWS\system32\gdi32.dll'
2875ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b780000 'C:\WINDOWS\system32\gdi32.dll'
2876ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b780000 'C:\WINDOWS\system32\gdi32.dll'
2877ff4.20c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
2878ff4.20c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
2879ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb48ec0000 'C:\WINDOWS\system32\dwmapi.dll'
2880ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b780000 'C:\WINDOWS\system32\gdi32.dll'
2881ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b780000 'C:\WINDOWS\system32\gdi32.dll'
2882ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b780000 'C:\WINDOWS\system32\gdi32.dll'
2883ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b780000 'C:\WINDOWS\system32\gdi32.dll'
2884ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b780000 'C:\WINDOWS\system32\gdi32.dll'
2885ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b780000 'C:\WINDOWS\system32\gdi32.dll'
2886ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b780000 'C:\WINDOWS\system32\gdi32.dll'
2887ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b780000 'C:\WINDOWS\system32\gdi32.dll'
2888ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b780000 'C:\WINDOWS\system32\gdi32.dll'
2889ff4.20c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2890ff4.20c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2891ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b780000 'C:\WINDOWS\system32\gdi32.dll'
2892ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b780000 'C:\WINDOWS\system32\gdi32.dll'
2893ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b780000 'C:\WINDOWS\system32\gdi32.dll'
2894ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b780000 'C:\WINDOWS\system32\gdi32.dll'
2895ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b780000 'C:\WINDOWS\system32\gdi32.dll'
2896ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b780000 'C:\WINDOWS\system32\gdi32.dll'
2897ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2898ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2899ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2900ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2901ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2902ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2903ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2904ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2905ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2906ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2907ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2908ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2909ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2910ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2911ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2912ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2913ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2914ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2915ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2916ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2917ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2918ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2919ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2920ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2921ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2922ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2923ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2924ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2925ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2926ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2927ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2928ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2929ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2930ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2931ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2932ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2933ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2934ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2935ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2936ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2937ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2938ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2939ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2940ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2941ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2942ff4.20c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
2943ff4.20c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\USER32.DLL (Input=USER32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2944ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2945ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2946ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2947ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2948ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
2949ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b780000 'C:\WINDOWS\system32\gdi32.dll'
2950ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b780000 'C:\WINDOWS\system32\gdi32.dll'
2951ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b780000 'C:\WINDOWS\system32\gdi32.dll'
2952ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b780000 'C:\WINDOWS\system32\gdi32.dll'
2953ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b780000 'C:\WINDOWS\system32\gdi32.dll'
2954ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b780000 'C:\WINDOWS\system32\gdi32.dll'
2955ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b780000 'C:\WINDOWS\system32\gdi32.dll'
2956ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b780000 'C:\WINDOWS\system32\gdi32.dll'
2957ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b780000 'C:\WINDOWS\system32\gdi32.dll'
2958ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b780000 'C:\WINDOWS\system32\gdi32.dll'
2959ff4.20c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
2960ff4.20c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
2961ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb48ec0000 'C:\WINDOWS\system32\dwmapi.dll'
2962ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b780000 'C:\WINDOWS\system32\gdi32.dll'
2963ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b780000 'C:\WINDOWS\system32\gdi32.dll'
2964ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b780000 'C:\WINDOWS\system32\gdi32.dll'
2965ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b780000 'C:\WINDOWS\system32\gdi32.dll'
2966ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b780000 'C:\WINDOWS\system32\gdi32.dll'
2967ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b780000 'C:\WINDOWS\system32\gdi32.dll'
2968ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b780000 'C:\WINDOWS\system32\gdi32.dll'
2969ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b780000 'C:\WINDOWS\system32\gdi32.dll'
2970ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b780000 'C:\WINDOWS\system32\gdi32.dll'
2971ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b780000 'C:\WINDOWS\system32\gdi32.dll'
2972ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b780000 'C:\WINDOWS\system32\gdi32.dll'
2973ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b780000 'C:\WINDOWS\system32\gdi32.dll'
2974ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b780000 'C:\WINDOWS\system32\gdi32.dll'
2975ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b780000 'C:\WINDOWS\system32\gdi32.dll'
2976ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b780000 'C:\WINDOWS\system32\gdi32.dll'
2977ff4.20c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
2978ff4.20c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
2979ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb48ec0000 'C:\WINDOWS\system32\dwmapi.dll'
2980ff4.20c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
2981ff4.20c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
2982ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb48ec0000 'C:\WINDOWS\system32\dwmapi.dll'
2983ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb48ec0000 'C:\WINDOWS\system32\dwmapi.dll'
2984ff4.20c: supR3HardenedDllNotificationCallback: Unload 00007ffb396d0000 LB 0x00029000 C:\WINDOWS\system32\atig6txx.dll [flags=0x0]
2985ff4.20c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\atig6txx.dll
2986ff4.20c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\atig6txx.dll (Input=atig6txx.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2987ff4.20c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\atig6txx.dll
2988ff4.20c: supR3HardenedDllNotificationCallback: load 00007ffb396d0000 LB 0x00029000 C:\WINDOWS\system32\atig6txx.dll [fFlags=0x0]
2989ff4.20c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\atig6txx.dll
2990ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb396d0000 'C:\WINDOWS\system32\atig6txx.dll'
2991ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b780000 'C:\WINDOWS\system32\gdi32.dll'
2992ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb48ec0000 'C:\WINDOWS\system32\dwmapi.dll'
2993ff4.20c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2994ff4.20c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Kernel32.dll (Input=Kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2995ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b8d0000 'C:\WINDOWS\system32\Kernel32.dll'
2996ff4.20c: supHardenedWinVerifyImageByHandle: -> -608 (\Device\HarddiskVolume2\Windows\System32\drivers\atikmdag.sys)
2997ff4.20c: Error (rc=0):
2998ff4.20c: supR3HardenedScreenImage/NtCreateSection: rc=Unknown Status -608 (0xfffffda0) fImage=1 fProtect=0x5 fAccess=0x2 \Device\HarddiskVolume2\Windows\System32\drivers\atikmdag.sys:
2999ff4.20c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\atikmdag.sys
3000ff4.20c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status -608 (0xfffffda0)) on \Device\HarddiskVolume2\Windows\System32\drivers\atikmdag.sys [lacks WinVerifyTrust]
3001ff4.20c: Error (rc=0):
3002ff4.20c: supR3HardenedScreenImage/NtCreateSection: cached rc=Unknown Status -608 (0xfffffda0) fImage=1 fProtect=0x2 fAccess=0x5 cHits=1 \Device\HarddiskVolume2\Windows\System32\drivers\atikmdag.sys
3003ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb48ec0000 'C:\WINDOWS\system32\dwmapi.dll'
3004ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb48ec0000 'C:\WINDOWS\system32\dwmapi.dll'
3005ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
3006ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
3007ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b780000 'C:\WINDOWS\system32\gdi32.dll'
3008ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b780000 'C:\WINDOWS\system32\gdi32.dll'
3009ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
3010ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d0c0000 'C:\WINDOWS\system32\USER32.DLL'
3011ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b780000 'C:\WINDOWS\system32\gdi32.dll'
3012ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b780000 'C:\WINDOWS\system32\gdi32.dll'
3013ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb48ec0000 'C:\WINDOWS\system32\dwmapi.dll'
3014ff4.20c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
3015ff4.20c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\OPENGL32.DLL (Input=OPENGL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3016ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb27870000 'C:\WINDOWS\system32\OPENGL32.DLL'
3017ff4.20c: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\perf.dll': 0 (NtPath=\??\C:\WINDOWS\system32\perf.dll; Input=perf.dll)
3018ff4.20c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\perf.dll (Input=perf.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3019ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\WINDOWS\system32\perf.dll'
3020ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb48ec0000 'C:\WINDOWS\system32\dwmapi.dll'
3021ff4.20c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
3022ff4.20c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\OPENGL32.dll (Input=OPENGL32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3023ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb27870000 'C:\WINDOWS\system32\OPENGL32.dll'
3024ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb27870000 'C:\WINDOWS\system32\OPENGL32.dll'
3025ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb27870000 'C:\WINDOWS\system32\OPENGL32.dll'
3026ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb27870000 'C:\WINDOWS\system32\OPENGL32.dll'
3027ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb27870000 'C:\WINDOWS\system32\OPENGL32.dll'
3028ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb27870000 'C:\WINDOWS\system32\OPENGL32.dll'
3029ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb27870000 'C:\WINDOWS\system32\OPENGL32.dll'
3030ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb27870000 'C:\WINDOWS\system32\OPENGL32.dll'
3031ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb48ec0000 'C:\WINDOWS\system32\dwmapi.dll'
3032ff4.20c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
3033ff4.20c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3034ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb48ec0000 'C:\WINDOWS\system32\dwmapi.dll'
3035ff4.72c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
3036ff4.72c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
3037ff4.72c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
3038ff4.72c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
3039ff4.72c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll)WinVerifyTrust
3040ff4.72c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
3041ff4.72c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3042ff4.72c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3043ff4.72c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
3044ff4.72c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
3045ff4.72c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
3046ff4.72c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3047ff4.72c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
3048ff4.72c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3049ff4.72c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
3050ff4.72c: supR3HardenedDllNotificationCallback: load 00007ffb444d0000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
3051ff4.72c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
3052ff4.72c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb444d0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
3053ff4.704: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
3054ff4.704: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
3055ff4.704: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
3056ff4.704: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
3057ff4.704: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll)WinVerifyTrust
3058ff4.704: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
3059ff4.704: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3060ff4.704: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3061ff4.704: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
3062ff4.704: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
3063ff4.704: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
3064ff4.704: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3065ff4.704: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
3066ff4.704: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3067ff4.704: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
3068ff4.704: supR3HardenedDllNotificationCallback: load 00007ffb431e0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
3069ff4.704: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
3070ff4.704: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb431e0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
3071ff4.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
3072ff4.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
3073ff4.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
3074ff4.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
3075ff4.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
3076ff4.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
3077ff4.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
3078ff4.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
3079ff4.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
3080ff4.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
3081ff4.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
3082ff4.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
3083ff4.1864: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll)WinVerifyTrust
3084ff4.1864: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
3085ff4.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
3086ff4.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
3087ff4.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
3088ff4.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
3089ff4.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
3090ff4.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
3091ff4.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
3092ff4.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
3093ff4.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
3094ff4.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
3095ff4.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3096ff4.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3097ff4.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
3098ff4.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
3099ff4.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
3100ff4.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
3101ff4.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
3102ff4.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
3103ff4.1864: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll)WinVerifyTrust
3104ff4.1864: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
3105ff4.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
3106ff4.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
3107ff4.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3108ff4.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3109ff4.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
3110ff4.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
3111ff4.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
3112ff4.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3113ff4.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
3114ff4.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
3115ff4.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
3116ff4.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
3117ff4.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
3118ff4.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
3119ff4.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'newdev.dll'.
3120ff4.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
3121ff4.1864: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll)WinVerifyTrust
3122ff4.1864: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
3123ff4.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3124ff4.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3125ff4.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
3126ff4.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
3127ff4.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
3128ff4.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3129ff4.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
3130ff4.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
3131ff4.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
3132ff4.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
3133ff4.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'newdev.dll'...
3134ff4.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'newdev.dll' -> '\Device\HarddiskVolume2\Windows\System32\newdev.dll' [rcNtRedir=0xc0150008]
3135ff4.1864: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000027b8 pwszName=\Device\HarddiskVolume2\Windows\System32\newdev.dll
3136ff4.1864: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000104b970
3137ff4.1864: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000104b970
3138ff4.1864: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EAD431E57FCC787ED701559E9AF2ACC33D2DCED0
3139ff4.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
3140ff4.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4ae30000 'C:\WINDOWS\system32\crypt32.dll'
3141ff4.1864: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1722_for_KB2919355~31bf3856ad364e35~amd64~~6.3.1.14.cat'; file='\Device\HarddiskVolume2\Windows\System32\newdev.dll'
3142ff4.1864: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3143ff4.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3144ff4.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
3145ff4.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
3146ff4.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
3147ff4.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'uxtheme.dll'.
3148ff4.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'cfgmgr32.dll'.
3149ff4.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'setupapi.dll'.
3150ff4.1864: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\newdev.dll)WinVerifyTrust
3151ff4.1864: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\newdev.dll
3152ff4.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
3153ff4.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
3154ff4.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
3155ff4.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3156ff4.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3157ff4.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3158ff4.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3159ff4.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3160ff4.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
3161ff4.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
3162ff4.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
3163ff4.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
3164ff4.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
3165ff4.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
3166ff4.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
3167ff4.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uxtheme.dll'...
3168ff4.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'uxtheme.dll' -> '\Device\HarddiskVolume2\Windows\System32\uxtheme.dll' [rcNtRedir=0xc0150008]
3169ff4.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
3170ff4.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
3171ff4.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3172ff4.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3173ff4.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
3174ff4.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
3175ff4.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3176ff4.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3177ff4.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3178ff4.1864: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
3179ff4.1864: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
3180ff4.1864: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
3181ff4.1864: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\newdev.dll
3182ff4.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3183ff4.1864: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\devrtl.dll)
3184ff4.1864: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devrtl.dll
3185ff4.1864: supR3HardenedDllNotificationCallback: load 00007ffb42f10000 LB 0x00014000 C:\WINDOWS\SYSTEM32\devrtl.DLL [fFlags=0x0]
3186ff4.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\devrtl.dll [avoiding WinVerifyTrust]
3187ff4.1864: supR3HardenedDllNotificationCallback: load 00007ffb42f80000 LB 0x00054000 C:\WINDOWS\SYSTEM32\newdev.dll [fFlags=0x0]
3188ff4.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\newdev.dll
3189ff4.1864: supR3HardenedDllNotificationCallback: load 00007ffb27790000 LB 0x0005f000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
3190ff4.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
3191ff4.1864: supR3HardenedDllNotificationCallback: load 00007ffb39690000 LB 0x00034000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
3192ff4.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
3193ff4.1864: supR3HardenedDllNotificationCallback: load 00007ffb1dfd0000 LB 0x008ca000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
3194ff4.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
3195ff4.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1dfd0000 'C:\Program Files\Oracle\VirtualBox/VBoxDD.DLL'
3196ff4.1864: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000027dc pwszName=\Device\HarddiskVolume2\Windows\System32\devrtl.dll
3197ff4.1864: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000104b970
3198ff4.1864: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000104b970
3199ff4.1864: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6059B260D211680DF083154CCCE38DE8412914CF
3200ff4.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3201ff4.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3202ff4.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
3203ff4.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4ae30000 'C:\WINDOWS\system32\crypt32.dll'
3204ff4.1864: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-CoreSystem-Base-Package~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\devrtl.dll'
3205ff4.1864: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3206ff4.1864: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\devrtl.dll'
3207ff4.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
3208ff4.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
3209ff4.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3210ff4.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb25ec0000 'C:\Program Files\Oracle\VirtualBox/VBoxC.DLL'
3211ff4.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
3212ff4.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
3213ff4.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3214ff4.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb39690000 'C:\Program Files\Oracle\VirtualBox/VBoxDD2.DLL'
3215ff4.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
3216ff4.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
3217ff4.1b24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a140000 'C:\WINDOWS\system32\rsaenh.dll'
3218ff4.1b24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
3219ff4.1b24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
3220ff4.1b24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
3221ff4.1b24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll)WinVerifyTrust
3222ff4.1b24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
3223ff4.1b24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3224ff4.1b24: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3225ff4.1b24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
3226ff4.1b24: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
3227ff4.1b24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
3228ff4.1b24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3229ff4.1b24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
3230ff4.1b24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3231ff4.1b24: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
3232ff4.1b24: supR3HardenedDllNotificationCallback: load 00007ffb423f0000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
3233ff4.1b24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
3234ff4.1b24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb423f0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
3235ff4.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb22310000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
3236ff4.1864: supR3HardenedDllNotificationCallback: Unload 00007ffb1dfd0000 LB 0x008ca000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [flags=0x0]
3237ff4.1864: supR3HardenedDllNotificationCallback: Unload 00007ffb27790000 LB 0x0005f000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [flags=0x0]
3238ff4.1864: supR3HardenedDllNotificationCallback: Unload 00007ffb42f80000 LB 0x00054000 C:\WINDOWS\SYSTEM32\newdev.dll [flags=0x0]
3239ff4.1864: supR3HardenedDllNotificationCallback: Unload 00007ffb42f10000 LB 0x00014000 C:\WINDOWS\SYSTEM32\devrtl.DLL [flags=0x0]
3240ff4.1864: supR3HardenedDllNotificationCallback: Unload 00007ffb39690000 LB 0x00034000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [flags=0x0]
3241ff4.e50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb48ec0000 'C:\WINDOWS\system32\dwmapi.dll'
3242ff4.1b24: supR3HardenedDllNotificationCallback: Unload 00007ffb423f0000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [flags=0x0]
3243ff4.704: supR3HardenedDllNotificationCallback: Unload 00007ffb431e0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [flags=0x0]
3244ff4.72c: supR3HardenedDllNotificationCallback: Unload 00007ffb444d0000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [flags=0x0]
3245ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb48ec0000 'C:\WINDOWS\system32\dwmapi.dll'
3246ff4.20c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb48ec0000 'C:\WINDOWS\system32\dwmapi.dll'
3247ff4.20c: supR3HardenedDllNotificationCallback: Unload 00007ffb44460000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll [flags=0x0]
3248ff4.20c: supR3HardenedDllNotificationCallback: Unload 00007ffb27aa0000 LB 0x00127000 C:\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.DLL [flags=0x0]
3249ff4.20c: supR3HardenedDllNotificationCallback: Unload 00007ffb39700000 LB 0x00027000 C:\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll [flags=0x0]
3250ff4.20c: supR3HardenedDllNotificationCallback: Unload 00007ffb3f390000 LB 0x00032000 C:\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll [flags=0x0]
3251ff4.1914: supR3HardenedDllNotificationCallback: Unload 00007ffb44590000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [flags=0x0]
3252ff4.1b14: supR3HardenedDllNotificationCallback: Unload 00007ffb445a0000 LB 0x00009000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [flags=0x0]
3253ff4.644: supR3HardenedDllNotificationCallback: Unload 00007ffb277f0000 LB 0x00079000 C:\Windows\System32\netcfgx.dll [flags=0x0]
3254ff4.644: supR3HardenedDllNotificationCallback: Unload 00007ffb40790000 LB 0x000e4000 C:\WINDOWS\system32\wbem\fastprox.dll [flags=0x0]
3255ff4.644: supR3HardenedDllNotificationCallback: Unload 00007ffb405d0000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [flags=0x0]
3256ff4.644: supR3HardenedDllNotificationCallback: Unload 00007ffb40c80000 LB 0x0000f000 C:\WINDOWS\system32\wbem\wbemprox.dll [flags=0x0]
3257ff4.644: supR3HardenedDllNotificationCallback: Unload 00007ffb42c60000 LB 0x0007f000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [flags=0x0]
3258ff4.644: supR3HardenedDllNotificationCallback: Unload 00007ffb25ec0000 LB 0x004f6000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [flags=0x0]
3259ff4.644: Terminating the normal way: rcExit=0
326013d8.19c4: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 5532 ms, the end);
3261490.13a8: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 6216 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy