VirtualBox

Ticket #14173: VBoxStartup.log

File VBoxStartup.log, 383.5 KB (added by MTaylor, 9 years ago)
Line 
11350.174c: Log file opened: 4.3.22r98236 g_hStartupLog=0000000000000010 g_uNtVerCombined=0x63258000
21350.174c: \SystemRoot\System32\ntdll.dll:
31350.174c: CreationTime: 2015-04-15T10:06:25.214939600Z
41350.174c: LastWriteTime: 2015-03-23T21:59:25.551884100Z
51350.174c: ChangeTime: 2015-04-21T15:47:25.685369300Z
61350.174c: FileAttributes: 0x20
71350.174c: Size: 0x1a7540
81350.174c: NT Headers: 0xd8
91350.174c: Timestamp: 0x550f4336
101350.174c: Machine: 0x8664 - amd64
111350.174c: Timestamp: 0x550f4336
121350.174c: Image Version: 6.3
131350.174c: SizeOfImage: 0x1ac000 (1753088)
141350.174c: Resource Dir: 0x148000 LB 0x62450
151350.174c: ProductName: Microsoft® Windows® Operating System
161350.174c: ProductVersion: 6.3.9600.17736
171350.174c: FileVersion: 6.3.9600.17736 (winblue_r9.150322-1500)
181350.174c: FileDescription: NT Layer DLL
191350.174c: \SystemRoot\System32\kernel32.dll:
201350.174c: CreationTime: 2014-11-22T00:59:56.007275600Z
211350.174c: LastWriteTime: 2014-10-29T04:09:24.572407200Z
221350.174c: ChangeTime: 2015-01-16T22:46:33.690559800Z
231350.174c: FileAttributes: 0x20
241350.174c: Size: 0x13fc30
251350.174c: NT Headers: 0xf8
261350.174c: Timestamp: 0x545054ca
271350.174c: Machine: 0x8664 - amd64
281350.174c: Timestamp: 0x545054ca
291350.174c: Image Version: 6.3
301350.174c: SizeOfImage: 0x13e000 (1302528)
311350.174c: Resource Dir: 0x12e000 LB 0x518
321350.174c: ProductName: Microsoft® Windows® Operating System
331350.174c: ProductVersion: 6.3.9600.17415
341350.174c: FileVersion: 6.3.9600.17415 (winblue_r4.141028-1500)
351350.174c: FileDescription: Windows NT BASE API Client DLL
361350.174c: \SystemRoot\System32\KernelBase.dll:
371350.174c: CreationTime: 2014-11-22T01:00:07.318778000Z
381350.174c: LastWriteTime: 2014-10-29T03:55:08.402989600Z
391350.174c: ChangeTime: 2015-01-16T22:46:33.799939100Z
401350.174c: FileAttributes: 0x20
411350.174c: Size: 0x114a90
421350.174c: NT Headers: 0xf0
431350.174c: Timestamp: 0x54505737
441350.174c: Machine: 0x8664 - amd64
451350.174c: Timestamp: 0x54505737
461350.174c: Image Version: 6.3
471350.174c: SizeOfImage: 0x115000 (1134592)
481350.174c: Resource Dir: 0x110000 LB 0x3528
491350.174c: ProductName: Microsoft® Windows® Operating System
501350.174c: ProductVersion: 6.3.9600.17415
511350.174c: FileVersion: 6.3.9600.17415 (winblue_r4.141028-1500)
521350.174c: FileDescription: Windows NT BASE API Client DLL
531350.174c: \SystemRoot\System32\apisetschema.dll:
541350.174c: CreationTime: 2013-08-22T12:13:09.745625900Z
551350.174c: LastWriteTime: 2013-08-22T12:35:12.091034400Z
561350.174c: ChangeTime: 2015-01-16T22:14:50.016670300Z
571350.174c: FileAttributes: 0x20
581350.174c: Size: 0x11360
591350.174c: NT Headers: 0xd0
601350.174c: Timestamp: 0x52160049
611350.174c: Machine: 0x8664 - amd64
621350.174c: Timestamp: 0x52160049
631350.174c: Image Version: 6.3
641350.174c: SizeOfImage: 0x13000 (77824)
651350.174c: Resource Dir: 0x11000 LB 0x3f8
661350.174c: ProductName: Microsoft® Windows® Operating System
671350.174c: ProductVersion: 6.3.9600.16384
681350.174c: FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
691350.174c: FileDescription: ApiSet Schema DLL
701350.174c: NtOpenDirectoryObject failed on \Driver: 0xc0000022
711350.174c: supR3HardenedWinFindAdversaries: 0x80
721350.174c: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
731350.174c: CreationTime: 2014-11-19T19:21:59.598461000Z
741350.174c: LastWriteTime: 2015-04-08T19:16:50.570168500Z
751350.174c: ChangeTime: 2015-04-08T19:16:50.570168500Z
761350.174c: FileAttributes: 0x20
771350.174c: Size: 0x1fad8
781350.174c: NT Headers: 0xd8
791350.174c: Timestamp: 0x541caaaf
801350.174c: Machine: 0x8664 - amd64
811350.174c: Timestamp: 0x541caaaf
821350.174c: Image Version: 6.1
831350.174c: SizeOfImage: 0x23000 (143360)
841350.174c: Resource Dir: 0x22000 LB 0x3f0
851350.174c: ProductName: Malwarebytes Anti-Malware
861350.174c: ProductVersion: 0.2.13.0
871350.174c: FileVersion: 0.2.13.0
881350.174c: FileDescription: Malwarebytes Anti-Malware
891350.174c: \SystemRoot\System32\drivers\mwac.sys:
901350.174c: CreationTime: 2014-11-19T19:21:47.520846400Z
911350.174c: LastWriteTime: 2014-11-21T14:14:26.000000000Z
921350.174c: ChangeTime: 2015-01-16T21:50:27.533798800Z
931350.174c: FileAttributes: 0x20
941350.174c: Size: 0xfad8
951350.174c: NT Headers: 0xe0
961350.174c: Timestamp: 0x53a0f444
971350.174c: Machine: 0x8664 - amd64
981350.174c: Timestamp: 0x53a0f444
991350.174c: Image Version: 6.2
1001350.174c: SizeOfImage: 0x13000 (77824)
1011350.174c: Resource Dir: 0x11000 LB 0x3e0
1021350.174c: ProductName: Malwarebytes Web Access Control
1031350.174c: ProductVersion: 1.0.6.0
1041350.174c: FileVersion: 1.0.6.0
1051350.174c: FileDescription: Malwarebytes Web Access Control
1061350.174c: \SystemRoot\System32\drivers\mbamchameleon.sys:
1071350.174c: CreationTime: 2014-11-19T19:21:47.533840700Z
1081350.174c: LastWriteTime: 2014-11-21T14:14:12.000000000Z
1091350.174c: ChangeTime: 2015-01-16T21:50:27.120865600Z
1101350.174c: FileAttributes: 0x20
1111350.174c: Size: 0x16cd8
1121350.174c: NT Headers: 0xe0
1131350.174c: Timestamp: 0x53f2136a
1141350.174c: Machine: 0x8664 - amd64
1151350.174c: Timestamp: 0x53f2136a
1161350.174c: Image Version: 6.1
1171350.174c: SizeOfImage: 0x1a000 (106496)
1181350.174c: Resource Dir: 0x18000 LB 0xbd0
1191350.174c: ProductName: Malwarebytes Chameleon
1201350.174c: ProductVersion: 1.1.4.0
1211350.174c: FileVersion: 1.1.4.0
1221350.174c: FileDescription: Malwarebytes Chameleon Protection Driver
1231350.174c: \SystemRoot\System32\drivers\mbam.sys:
1241350.174c: CreationTime: 2014-11-19T19:21:47.512850200Z
1251350.174c: LastWriteTime: 2014-11-21T14:14:08.000000000Z
1261350.174c: ChangeTime: 2015-01-16T21:50:27.104285200Z
1271350.174c: FileAttributes: 0x20
1281350.174c: Size: 0x64d8
1291350.174c: NT Headers: 0xd8
1301350.174c: Timestamp: 0x540754e1
1311350.174c: Machine: 0x8664 - amd64
1321350.174c: Timestamp: 0x540754e1
1331350.174c: Image Version: 6.1
1341350.174c: SizeOfImage: 0xa000 (40960)
1351350.174c: Resource Dir: 0x8000 LB 0x3d0
1361350.174c: ProductName: Malwarebytes Anti-Malware
1371350.174c: ProductVersion: 0.1.15.0
1381350.174c: FileVersion: 0.1.15.0
1391350.174c: FileDescription: Malwarebytes Anti-Malware
1401350.174c: Calling main()
1411350.174c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
1421350.174c: SUPR3HardenedMain: Respawn #1
1431350.174c: System32: \Device\HarddiskVolume2\Windows\System32
1441350.174c: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
1451350.174c: KnownDllPath: C:\WINDOWS\system32
1461350.174c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
1471350.174c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
1481350.174c: supR3HardNtEnableThreadCreation:
1491350.174c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff842d48eb0 pvNtTerminateThread=00007ff842dc16f0
1501350.174c: supR3HardenedWinDoReSpawn(1): New child 14d0.3130 [kernel32].
1511350.174c: supR3HardNtChildGatherData: PebBaseAddress=00007ff7df59a000 cbPeb=0x388
1521350.174c: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff842d30000 uNtDllChildAddr=00007ff842d30000
1531350.174c: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff842d48eb0
1541350.174c: supR3HardenedWinSetupChildInit: Start child.
1551350.174c: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
1561350.174c: supR3HardNtChildPurify: Startup delay kludge #1/0: 521 ms, 61 sleeps
1571350.174c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
1581350.174c: *0000000000000000-ffffffffff6effff 0x0001/0x0000 0x0000000
1591350.174c: *0000000000910000-00000000008effff 0x0004/0x0004 0x0020000
1601350.174c: *0000000000930000-0000000000920fff 0x0002/0x0002 0x0040000
1611350.174c: 000000000093f000-000000000093dfff 0x0001/0x0000 0x0000000
1621350.174c: *0000000000940000-0000000000843fff 0x0000/0x0004 0x0020000
1631350.174c: 0000000000a3c000-0000000000a38fff 0x0104/0x0004 0x0020000
1641350.174c: 0000000000a3f000-0000000000a3dfff 0x0004/0x0004 0x0020000
1651350.174c: *0000000000a40000-0000000000a3bfff 0x0002/0x0002 0x0040000
1661350.174c: 0000000000a44000-0000000000a37fff 0x0001/0x0000 0x0000000
1671350.174c: *0000000000a50000-0000000000a4dfff 0x0004/0x0004 0x0020000
1681350.174c: 0000000000a52000-ffffffff814c3fff 0x0001/0x0000 0x0000000
1691350.174c: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
1701350.174c: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
1711350.174c: 000000007fff0000-ffff800920a6ffff 0x0001/0x0000 0x0000000
1721350.174c: *00007ff7df570000-00007ff7df54cfff 0x0002/0x0002 0x0040000
1731350.174c: 00007ff7df593000-00007ff7df58bfff 0x0001/0x0000 0x0000000
1741350.174c: *00007ff7df59a000-00007ff7df598fff 0x0004/0x0004 0x0020000
1751350.174c: 00007ff7df59b000-00007ff7df597fff 0x0001/0x0000 0x0000000
1761350.174c: *00007ff7df59e000-00007ff7df59bfff 0x0004/0x0004 0x0020000
1771350.174c: 00007ff7df5a0000-00007ff7de94ffff 0x0001/0x0000 0x0000000
1781350.174c: *00007ff7e01f0000-00007ff7e01eefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1791350.174c: 00007ff7e01f1000-00007ff7e016cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1801350.174c: 00007ff7e0275000-00007ff7e0273fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1811350.174c: 00007ff7e0276000-00007ff7e0238fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1821350.174c: 00007ff7e02b3000-00007ff7e02b1fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1831350.174c: 00007ff7e02b4000-00007ff7e02b2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1841350.174c: 00007ff7e02b5000-00007ff7e02b2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1851350.174c: 00007ff7e02b7000-00007ff7e02b5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1861350.174c: 00007ff7e02b8000-00007ff7e02b6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1871350.174c: 00007ff7e02b9000-00007ff7e02b4fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1881350.174c: 00007ff7e02bd000-00007ff7e0283fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1891350.174c: 00007ff7e02f6000-00007ff77d8bbfff 0x0001/0x0000 0x0000000
1901350.174c: *00007ff842d30000-00007ff842d2efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1911350.174c: 00007ff842d31000-00007ff842c04fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1921350.174c: 00007ff842e5d000-00007ff842e56fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1931350.174c: 00007ff842e63000-00007ff842e55fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1941350.174c: 00007ff842e70000-00007ff842e6efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1951350.174c: 00007ff842e71000-00007ff842e6dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1961350.174c: 00007ff842e74000-00007ff842e72fff 0x0010/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1971350.174c: 00007ff842e75000-00007ff842e0dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1981350.174c: 00007ff842edc000-00007ff085dd7fff 0x0001/0x0000 0x0000000
1991350.174c: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
2001350.174c: VirtualBox.exe: timestamp 0x54dcccba (rc=VINF_SUCCESS)
2011350.174c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
2021350.174c: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
2031350.174c: supR3HardNtChildPurify: Done after 548 ms and 0 fixes (loop #0).
20414d0.3130: Log file opened: 4.3.22r98236 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x63258000
20514d0.3130: supR3HardenedVmProcessInit: uNtDllAddr=00007ff842d30000
2061350.174c: supR3HardNtEnableThreadCreation:
20714d0.3130: ntdll.dll: timestamp 0x550f4336 (rc=VINF_SUCCESS)
20814d0.3130: New simple heap: #1 0000000000b60000 LB 0x400000 (for 1753088 allocation)
20914d0.3130: System32: \Device\HarddiskVolume2\Windows\System32
21014d0.3130: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
21114d0.3130: KnownDllPath: C:\WINDOWS\system32
21214d0.3130: supR3HardenedVmProcessInit: Opening vboxdrv stub...
21314d0.3130: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
21414d0.3130: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
21514d0.3130: Registered Dll notification callback with NTDLL.
21614d0.3130: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
21714d0.3130: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
21814d0.3130: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801:<flags> [calling]
21914d0.3130: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
22014d0.3130: supR3HardenedDllNotificationCallback: load 00007ff840000000 LB 0x00115000 C:\WINDOWS\system32\KERNELBASE.dll [fFlags=0x0]
22114d0.3130: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
22214d0.3130: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
22314d0.3130: supR3HardenedDllNotificationCallback: load 00007ff841cb0000 LB 0x0013e000 C:\WINDOWS\system32\KERNEL32.DLL [fFlags=0x0]
22414d0.3130: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
22514d0.3130: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff841cb0000 'C:\WINDOWS\system32\KERNEL32.DLL'
22614d0.3130: supR3HardenedDllNotificationCallback: load 00007ff7e01f0000 LB 0x00106000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
22714d0.3130: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
22814d0.3130: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
22914d0.3130: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
23014d0.3130: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff842d48eb0 pvNtTerminateThread=00007ff842dc16f0
2311350.174c: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 54 ms.
23214d0.3130: \SystemRoot\System32\ntdll.dll:
23314d0.3130: CreationTime: 2015-04-15T10:06:25.214939600Z
23414d0.3130: LastWriteTime: 2015-03-23T21:59:25.551884100Z
23514d0.3130: ChangeTime: 2015-04-21T15:47:25.685369300Z
23614d0.3130: FileAttributes: 0x20
23714d0.3130: Size: 0x1a7540
23814d0.3130: NT Headers: 0xd8
23914d0.3130: Timestamp: 0x550f4336
24014d0.3130: Machine: 0x8664 - amd64
24114d0.3130: Timestamp: 0x550f4336
24214d0.3130: Image Version: 6.3
24314d0.3130: SizeOfImage: 0x1ac000 (1753088)
24414d0.3130: Resource Dir: 0x148000 LB 0x62450
24514d0.3130: ProductName: Microsoft® Windows® Operating System
24614d0.3130: ProductVersion: 6.3.9600.17736
24714d0.3130: FileVersion: 6.3.9600.17736 (winblue_r9.150322-1500)
24814d0.3130: FileDescription: NT Layer DLL
24914d0.3130: \SystemRoot\System32\kernel32.dll:
25014d0.3130: CreationTime: 2014-11-22T00:59:56.007275600Z
25114d0.3130: LastWriteTime: 2014-10-29T04:09:24.572407200Z
25214d0.3130: ChangeTime: 2015-01-16T22:46:33.690559800Z
25314d0.3130: FileAttributes: 0x20
25414d0.3130: Size: 0x13fc30
25514d0.3130: NT Headers: 0xf8
25614d0.3130: Timestamp: 0x545054ca
25714d0.3130: Machine: 0x8664 - amd64
25814d0.3130: Timestamp: 0x545054ca
25914d0.3130: Image Version: 6.3
26014d0.3130: SizeOfImage: 0x13e000 (1302528)
26114d0.3130: Resource Dir: 0x12e000 LB 0x518
26214d0.3130: ProductName: Microsoft® Windows® Operating System
26314d0.3130: ProductVersion: 6.3.9600.17415
26414d0.3130: FileVersion: 6.3.9600.17415 (winblue_r4.141028-1500)
26514d0.3130: FileDescription: Windows NT BASE API Client DLL
26614d0.3130: \SystemRoot\System32\KernelBase.dll:
26714d0.3130: CreationTime: 2014-11-22T01:00:07.318778000Z
26814d0.3130: LastWriteTime: 2014-10-29T03:55:08.402989600Z
26914d0.3130: ChangeTime: 2015-01-16T22:46:33.799939100Z
27014d0.3130: FileAttributes: 0x20
27114d0.3130: Size: 0x114a90
27214d0.3130: NT Headers: 0xf0
27314d0.3130: Timestamp: 0x54505737
27414d0.3130: Machine: 0x8664 - amd64
27514d0.3130: Timestamp: 0x54505737
27614d0.3130: Image Version: 6.3
27714d0.3130: SizeOfImage: 0x115000 (1134592)
27814d0.3130: Resource Dir: 0x110000 LB 0x3528
27914d0.3130: ProductName: Microsoft® Windows® Operating System
28014d0.3130: ProductVersion: 6.3.9600.17415
28114d0.3130: FileVersion: 6.3.9600.17415 (winblue_r4.141028-1500)
28214d0.3130: FileDescription: Windows NT BASE API Client DLL
28314d0.3130: \SystemRoot\System32\apisetschema.dll:
28414d0.3130: CreationTime: 2013-08-22T12:13:09.745625900Z
28514d0.3130: LastWriteTime: 2013-08-22T12:35:12.091034400Z
28614d0.3130: ChangeTime: 2015-01-16T22:14:50.016670300Z
28714d0.3130: FileAttributes: 0x20
28814d0.3130: Size: 0x11360
28914d0.3130: NT Headers: 0xd0
29014d0.3130: Timestamp: 0x52160049
29114d0.3130: Machine: 0x8664 - amd64
29214d0.3130: Timestamp: 0x52160049
29314d0.3130: Image Version: 6.3
29414d0.3130: SizeOfImage: 0x13000 (77824)
29514d0.3130: Resource Dir: 0x11000 LB 0x3f8
29614d0.3130: ProductName: Microsoft® Windows® Operating System
29714d0.3130: ProductVersion: 6.3.9600.16384
29814d0.3130: FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
29914d0.3130: FileDescription: ApiSet Schema DLL
30014d0.3130: NtOpenDirectoryObject failed on \Driver: 0xc0000022
30114d0.3130: supR3HardenedWinFindAdversaries: 0x80
30214d0.3130: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
30314d0.3130: CreationTime: 2014-11-19T19:21:59.598461000Z
30414d0.3130: LastWriteTime: 2015-04-08T19:16:50.570168500Z
30514d0.3130: ChangeTime: 2015-04-08T19:16:50.570168500Z
30614d0.3130: FileAttributes: 0x20
30714d0.3130: Size: 0x1fad8
30814d0.3130: NT Headers: 0xd8
30914d0.3130: Timestamp: 0x541caaaf
31014d0.3130: Machine: 0x8664 - amd64
31114d0.3130: Timestamp: 0x541caaaf
31214d0.3130: Image Version: 6.1
31314d0.3130: SizeOfImage: 0x23000 (143360)
31414d0.3130: Resource Dir: 0x22000 LB 0x3f0
31514d0.3130: ProductName: Malwarebytes Anti-Malware
31614d0.3130: ProductVersion: 0.2.13.0
31714d0.3130: FileVersion: 0.2.13.0
31814d0.3130: FileDescription: Malwarebytes Anti-Malware
31914d0.3130: \SystemRoot\System32\drivers\mwac.sys:
32014d0.3130: CreationTime: 2014-11-19T19:21:47.520846400Z
32114d0.3130: LastWriteTime: 2014-11-21T14:14:26.000000000Z
32214d0.3130: ChangeTime: 2015-01-16T21:50:27.533798800Z
32314d0.3130: FileAttributes: 0x20
32414d0.3130: Size: 0xfad8
32514d0.3130: NT Headers: 0xe0
32614d0.3130: Timestamp: 0x53a0f444
32714d0.3130: Machine: 0x8664 - amd64
32814d0.3130: Timestamp: 0x53a0f444
32914d0.3130: Image Version: 6.2
33014d0.3130: SizeOfImage: 0x13000 (77824)
33114d0.3130: Resource Dir: 0x11000 LB 0x3e0
33214d0.3130: ProductName: Malwarebytes Web Access Control
33314d0.3130: ProductVersion: 1.0.6.0
33414d0.3130: FileVersion: 1.0.6.0
33514d0.3130: FileDescription: Malwarebytes Web Access Control
33614d0.3130: \SystemRoot\System32\drivers\mbamchameleon.sys:
33714d0.3130: CreationTime: 2014-11-19T19:21:47.533840700Z
33814d0.3130: LastWriteTime: 2014-11-21T14:14:12.000000000Z
33914d0.3130: ChangeTime: 2015-01-16T21:50:27.120865600Z
34014d0.3130: FileAttributes: 0x20
34114d0.3130: Size: 0x16cd8
34214d0.3130: NT Headers: 0xe0
34314d0.3130: Timestamp: 0x53f2136a
34414d0.3130: Machine: 0x8664 - amd64
34514d0.3130: Timestamp: 0x53f2136a
34614d0.3130: Image Version: 6.1
34714d0.3130: SizeOfImage: 0x1a000 (106496)
34814d0.3130: Resource Dir: 0x18000 LB 0xbd0
34914d0.3130: ProductName: Malwarebytes Chameleon
35014d0.3130: ProductVersion: 1.1.4.0
35114d0.3130: FileVersion: 1.1.4.0
35214d0.3130: FileDescription: Malwarebytes Chameleon Protection Driver
35314d0.3130: \SystemRoot\System32\drivers\mbam.sys:
35414d0.3130: CreationTime: 2014-11-19T19:21:47.512850200Z
35514d0.3130: LastWriteTime: 2014-11-21T14:14:08.000000000Z
35614d0.3130: ChangeTime: 2015-01-16T21:50:27.104285200Z
35714d0.3130: FileAttributes: 0x20
35814d0.3130: Size: 0x64d8
35914d0.3130: NT Headers: 0xd8
36014d0.3130: Timestamp: 0x540754e1
36114d0.3130: Machine: 0x8664 - amd64
36214d0.3130: Timestamp: 0x540754e1
36314d0.3130: Image Version: 6.1
36414d0.3130: SizeOfImage: 0xa000 (40960)
36514d0.3130: Resource Dir: 0x8000 LB 0x3d0
36614d0.3130: ProductName: Malwarebytes Anti-Malware
36714d0.3130: ProductVersion: 0.1.15.0
36814d0.3130: FileVersion: 0.1.15.0
36914d0.3130: FileDescription: Malwarebytes Anti-Malware
37014d0.3130: Calling main()
37114d0.3130: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
37214d0.3130: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
37314d0.3130: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
37414d0.3130: SUPR3HardenedMain: Respawn #2
37514d0.3130: supR3HardNtEnableThreadCreation:
37614d0.3130: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff842d48eb0 pvNtTerminateThread=00007ff842dc16f0
37714d0.3130: supR3HardenedWinDoReSpawn(2): New child 1ab0.30a4 [kernel32].
37814d0.3130: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
37914d0.3130: supR3HardNtChildGatherData: PebBaseAddress=00007ff7df7ae000 cbPeb=0x388
38014d0.3130: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff842d30000 uNtDllChildAddr=00007ff842d30000
38114d0.3130: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff842d48eb0
38214d0.3130: supR3HardenedWinSetupChildInit: Start child.
38314d0.3130: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
38414d0.3130: supR3HardNtChildPurify: Startup delay kludge #1/0: 513 ms, 61 sleeps
38514d0.3130: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
38614d0.3130: *0000000000000000-ffffffffff83ffff 0x0001/0x0000 0x0000000
38714d0.3130: *00000000007c0000-000000000079ffff 0x0004/0x0004 0x0020000
38814d0.3130: *00000000007e0000-00000000007d0fff 0x0002/0x0002 0x0040000
38914d0.3130: 00000000007ef000-00000000007edfff 0x0001/0x0000 0x0000000
39014d0.3130: *00000000007f0000-00000000006f3fff 0x0000/0x0004 0x0020000
39114d0.3130: 00000000008ec000-00000000008e8fff 0x0104/0x0004 0x0020000
39214d0.3130: 00000000008ef000-00000000008edfff 0x0004/0x0004 0x0020000
39314d0.3130: *00000000008f0000-00000000008ebfff 0x0002/0x0002 0x0040000
39414d0.3130: 00000000008f4000-00000000008e7fff 0x0001/0x0000 0x0000000
39514d0.3130: *0000000000900000-00000000008fdfff 0x0004/0x0004 0x0020000
39614d0.3130: 0000000000902000-ffffffff81223fff 0x0001/0x0000 0x0000000
39714d0.3130: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
39814d0.3130: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
39914d0.3130: 000000007fff0000-ffff80092085ffff 0x0001/0x0000 0x0000000
40014d0.3130: *00007ff7df780000-00007ff7df75cfff 0x0002/0x0002 0x0040000
40114d0.3130: 00007ff7df7a3000-00007ff7df799fff 0x0001/0x0000 0x0000000
40214d0.3130: *00007ff7df7ac000-00007ff7df7a9fff 0x0004/0x0004 0x0020000
40314d0.3130: *00007ff7df7ae000-00007ff7df7acfff 0x0004/0x0004 0x0020000
40414d0.3130: 00007ff7df7af000-00007ff7ded6dfff 0x0001/0x0000 0x0000000
40514d0.3130: *00007ff7e01f0000-00007ff7e01eefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
40614d0.3130: 00007ff7e01f1000-00007ff7e016cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
40714d0.3130: 00007ff7e0275000-00007ff7e0273fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
40814d0.3130: 00007ff7e0276000-00007ff7e0238fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
40914d0.3130: 00007ff7e02b3000-00007ff7e02b1fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
41014d0.3130: 00007ff7e02b4000-00007ff7e02b2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
41114d0.3130: 00007ff7e02b5000-00007ff7e02b2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
41214d0.3130: 00007ff7e02b7000-00007ff7e02b5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
41314d0.3130: 00007ff7e02b8000-00007ff7e02b6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
41414d0.3130: 00007ff7e02b9000-00007ff7e02b4fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
41514d0.3130: 00007ff7e02bd000-00007ff7e0283fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
41614d0.3130: 00007ff7e02f6000-00007ff77d8bbfff 0x0001/0x0000 0x0000000
41714d0.3130: *00007ff842d30000-00007ff842d2efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
41814d0.3130: 00007ff842d31000-00007ff842c04fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
41914d0.3130: 00007ff842e5d000-00007ff842e56fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
42014d0.3130: 00007ff842e63000-00007ff842e55fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
42114d0.3130: 00007ff842e70000-00007ff842e6efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
42214d0.3130: 00007ff842e71000-00007ff842e6dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
42314d0.3130: 00007ff842e74000-00007ff842e72fff 0x0010/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
42414d0.3130: 00007ff842e75000-00007ff842e0dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
42514d0.3130: 00007ff842edc000-00007ff085dd7fff 0x0001/0x0000 0x0000000
42614d0.3130: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
42714d0.3130: VirtualBox.exe: timestamp 0x54dcccba (rc=VINF_SUCCESS)
42814d0.3130: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
42914d0.3130: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
43014d0.3130: supR3HardNtChildPurify: Done after 534 ms and 0 fixes (loop #0).
4311ab0.30a4: Log file opened: 4.3.22r98236 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x63258000
4321ab0.30a4: supR3HardenedVmProcessInit: uNtDllAddr=00007ff842d30000
4331ab0.30a4: ntdll.dll: timestamp 0x550f4336 (rc=VINF_SUCCESS)
4341ab0.30a4: New simple heap: #1 0000000000a10000 LB 0x400000 (for 1753088 allocation)
43514d0.3130: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000b60000 LB 0x400000)
43614d0.3130: supR3HardNtEnableThreadCreation:
4371ab0.30a4: System32: \Device\HarddiskVolume2\Windows\System32
4381ab0.30a4: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
4391ab0.30a4: KnownDllPath: C:\WINDOWS\system32
4401ab0.30a4: supR3HardenedVmProcessInit: Opening vboxdrv...
4411ab0.30a4: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
4421ab0.30a4: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
4431ab0.30a4: Registered Dll notification callback with NTDLL.
4441ab0.30a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
4451ab0.30a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
4461ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801:<flags> [calling]
4471ab0.30a4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
4481ab0.30a4: supR3HardenedDllNotificationCallback: load 00007ff840000000 LB 0x00115000 C:\WINDOWS\system32\KERNELBASE.dll [fFlags=0x0]
4491ab0.30a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
4501ab0.30a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
4511ab0.30a4: supR3HardenedDllNotificationCallback: load 00007ff841cb0000 LB 0x0013e000 C:\WINDOWS\system32\KERNEL32.DLL [fFlags=0x0]
4521ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
4531ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff841cb0000 'C:\WINDOWS\system32\KERNEL32.DLL'
4541ab0.30a4: supR3HardenedDllNotificationCallback: load 00007ff7e01f0000 LB 0x00106000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
4551ab0.30a4: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
4561ab0.30a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
4571ab0.30a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4581ab0.30a4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff842d48eb0 pvNtTerminateThread=00007ff842dc16f0
45914d0.3130: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 57 ms.
4601ab0.30a4: \SystemRoot\System32\ntdll.dll:
4611ab0.30a4: CreationTime: 2015-04-15T10:06:25.214939600Z
4621ab0.30a4: LastWriteTime: 2015-03-23T21:59:25.551884100Z
4631ab0.30a4: ChangeTime: 2015-04-21T15:47:25.685369300Z
4641ab0.30a4: FileAttributes: 0x20
4651ab0.30a4: Size: 0x1a7540
4661ab0.30a4: NT Headers: 0xd8
4671ab0.30a4: Timestamp: 0x550f4336
4681ab0.30a4: Machine: 0x8664 - amd64
4691ab0.30a4: Timestamp: 0x550f4336
4701ab0.30a4: Image Version: 6.3
4711ab0.30a4: SizeOfImage: 0x1ac000 (1753088)
4721ab0.30a4: Resource Dir: 0x148000 LB 0x62450
4731ab0.30a4: ProductName: Microsoft® Windows® Operating System
4741ab0.30a4: ProductVersion: 6.3.9600.17736
4751ab0.30a4: FileVersion: 6.3.9600.17736 (winblue_r9.150322-1500)
4761ab0.30a4: FileDescription: NT Layer DLL
4771ab0.30a4: \SystemRoot\System32\kernel32.dll:
4781ab0.30a4: CreationTime: 2014-11-22T00:59:56.007275600Z
4791ab0.30a4: LastWriteTime: 2014-10-29T04:09:24.572407200Z
4801ab0.30a4: ChangeTime: 2015-01-16T22:46:33.690559800Z
4811ab0.30a4: FileAttributes: 0x20
4821ab0.30a4: Size: 0x13fc30
4831ab0.30a4: NT Headers: 0xf8
4841ab0.30a4: Timestamp: 0x545054ca
4851ab0.30a4: Machine: 0x8664 - amd64
4861ab0.30a4: Timestamp: 0x545054ca
4871ab0.30a4: Image Version: 6.3
4881ab0.30a4: SizeOfImage: 0x13e000 (1302528)
4891ab0.30a4: Resource Dir: 0x12e000 LB 0x518
4901ab0.30a4: ProductName: Microsoft® Windows® Operating System
4911ab0.30a4: ProductVersion: 6.3.9600.17415
4921ab0.30a4: FileVersion: 6.3.9600.17415 (winblue_r4.141028-1500)
4931ab0.30a4: FileDescription: Windows NT BASE API Client DLL
4941ab0.30a4: \SystemRoot\System32\KernelBase.dll:
4951ab0.30a4: CreationTime: 2014-11-22T01:00:07.318778000Z
4961ab0.30a4: LastWriteTime: 2014-10-29T03:55:08.402989600Z
4971ab0.30a4: ChangeTime: 2015-01-16T22:46:33.799939100Z
4981ab0.30a4: FileAttributes: 0x20
4991ab0.30a4: Size: 0x114a90
5001ab0.30a4: NT Headers: 0xf0
5011ab0.30a4: Timestamp: 0x54505737
5021ab0.30a4: Machine: 0x8664 - amd64
5031ab0.30a4: Timestamp: 0x54505737
5041ab0.30a4: Image Version: 6.3
5051ab0.30a4: SizeOfImage: 0x115000 (1134592)
5061ab0.30a4: Resource Dir: 0x110000 LB 0x3528
5071ab0.30a4: ProductName: Microsoft® Windows® Operating System
5081ab0.30a4: ProductVersion: 6.3.9600.17415
5091ab0.30a4: FileVersion: 6.3.9600.17415 (winblue_r4.141028-1500)
5101ab0.30a4: FileDescription: Windows NT BASE API Client DLL
5111ab0.30a4: \SystemRoot\System32\apisetschema.dll:
5121ab0.30a4: CreationTime: 2013-08-22T12:13:09.745625900Z
5131ab0.30a4: LastWriteTime: 2013-08-22T12:35:12.091034400Z
5141ab0.30a4: ChangeTime: 2015-01-16T22:14:50.016670300Z
5151ab0.30a4: FileAttributes: 0x20
5161ab0.30a4: Size: 0x11360
5171ab0.30a4: NT Headers: 0xd0
5181ab0.30a4: Timestamp: 0x52160049
5191ab0.30a4: Machine: 0x8664 - amd64
5201ab0.30a4: Timestamp: 0x52160049
5211ab0.30a4: Image Version: 6.3
5221ab0.30a4: SizeOfImage: 0x13000 (77824)
5231ab0.30a4: Resource Dir: 0x11000 LB 0x3f8
5241ab0.30a4: ProductName: Microsoft® Windows® Operating System
5251ab0.30a4: ProductVersion: 6.3.9600.16384
5261ab0.30a4: FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
5271ab0.30a4: FileDescription: ApiSet Schema DLL
5281ab0.30a4: NtOpenDirectoryObject failed on \Driver: 0xc0000022
5291ab0.30a4: supR3HardenedWinFindAdversaries: 0x80
5301ab0.30a4: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
5311ab0.30a4: CreationTime: 2014-11-19T19:21:59.598461000Z
5321ab0.30a4: LastWriteTime: 2015-04-08T19:16:50.570168500Z
5331ab0.30a4: ChangeTime: 2015-04-08T19:16:50.570168500Z
5341ab0.30a4: FileAttributes: 0x20
5351ab0.30a4: Size: 0x1fad8
5361ab0.30a4: NT Headers: 0xd8
5371ab0.30a4: Timestamp: 0x541caaaf
5381ab0.30a4: Machine: 0x8664 - amd64
5391ab0.30a4: Timestamp: 0x541caaaf
5401ab0.30a4: Image Version: 6.1
5411ab0.30a4: SizeOfImage: 0x23000 (143360)
5421ab0.30a4: Resource Dir: 0x22000 LB 0x3f0
5431ab0.30a4: ProductName: Malwarebytes Anti-Malware
5441ab0.30a4: ProductVersion: 0.2.13.0
5451ab0.30a4: FileVersion: 0.2.13.0
5461ab0.30a4: FileDescription: Malwarebytes Anti-Malware
5471ab0.30a4: \SystemRoot\System32\drivers\mwac.sys:
5481ab0.30a4: CreationTime: 2014-11-19T19:21:47.520846400Z
5491ab0.30a4: LastWriteTime: 2014-11-21T14:14:26.000000000Z
5501ab0.30a4: ChangeTime: 2015-01-16T21:50:27.533798800Z
5511ab0.30a4: FileAttributes: 0x20
5521ab0.30a4: Size: 0xfad8
5531ab0.30a4: NT Headers: 0xe0
5541ab0.30a4: Timestamp: 0x53a0f444
5551ab0.30a4: Machine: 0x8664 - amd64
5561ab0.30a4: Timestamp: 0x53a0f444
5571ab0.30a4: Image Version: 6.2
5581ab0.30a4: SizeOfImage: 0x13000 (77824)
5591ab0.30a4: Resource Dir: 0x11000 LB 0x3e0
5601ab0.30a4: ProductName: Malwarebytes Web Access Control
5611ab0.30a4: ProductVersion: 1.0.6.0
5621ab0.30a4: FileVersion: 1.0.6.0
5631ab0.30a4: FileDescription: Malwarebytes Web Access Control
5641ab0.30a4: \SystemRoot\System32\drivers\mbamchameleon.sys:
5651ab0.30a4: CreationTime: 2014-11-19T19:21:47.533840700Z
5661ab0.30a4: LastWriteTime: 2014-11-21T14:14:12.000000000Z
5671ab0.30a4: ChangeTime: 2015-01-16T21:50:27.120865600Z
5681ab0.30a4: FileAttributes: 0x20
5691ab0.30a4: Size: 0x16cd8
5701ab0.30a4: NT Headers: 0xe0
5711ab0.30a4: Timestamp: 0x53f2136a
5721ab0.30a4: Machine: 0x8664 - amd64
5731ab0.30a4: Timestamp: 0x53f2136a
5741ab0.30a4: Image Version: 6.1
5751ab0.30a4: SizeOfImage: 0x1a000 (106496)
5761ab0.30a4: Resource Dir: 0x18000 LB 0xbd0
5771ab0.30a4: ProductName: Malwarebytes Chameleon
5781ab0.30a4: ProductVersion: 1.1.4.0
5791ab0.30a4: FileVersion: 1.1.4.0
5801ab0.30a4: FileDescription: Malwarebytes Chameleon Protection Driver
5811ab0.30a4: \SystemRoot\System32\drivers\mbam.sys:
5821ab0.30a4: CreationTime: 2014-11-19T19:21:47.512850200Z
5831ab0.30a4: LastWriteTime: 2014-11-21T14:14:08.000000000Z
5841ab0.30a4: ChangeTime: 2015-01-16T21:50:27.104285200Z
5851ab0.30a4: FileAttributes: 0x20
5861ab0.30a4: Size: 0x64d8
5871ab0.30a4: NT Headers: 0xd8
5881ab0.30a4: Timestamp: 0x540754e1
5891ab0.30a4: Machine: 0x8664 - amd64
5901ab0.30a4: Timestamp: 0x540754e1
5911ab0.30a4: Image Version: 6.1
5921ab0.30a4: SizeOfImage: 0xa000 (40960)
5931ab0.30a4: Resource Dir: 0x8000 LB 0x3d0
5941ab0.30a4: ProductName: Malwarebytes Anti-Malware
5951ab0.30a4: ProductVersion: 0.1.15.0
5961ab0.30a4: FileVersion: 0.1.15.0
5971ab0.30a4: FileDescription: Malwarebytes Anti-Malware
5981ab0.30a4: Calling main()
5991ab0.30a4: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
6001ab0.30a4: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
6011ab0.30a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
6021ab0.30a4: SUPR3HardenedMain: Final process, opening VBoxDrv...
6031ab0.30a4: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000a10000 LB 0x400000)
6041ab0.30a4: supR3HardNtEnableThreadCreation:
6051ab0.30a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
6061ab0.30a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
6071ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6081ab0.30a4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
6091ab0.30a4: supR3HardenedDllNotificationCallback: load 00007ff835c20000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
6101ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
6111ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
6121ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6131ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff835c20000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
6141ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
6151ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6161ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff835c20000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
6171ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff835c20000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
6181ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6191ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'crypt32.dll'.
6201ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'msasn1.dll'.
6211ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
6221ab0.30a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
6231ab0.30a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
6241ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6251ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6261ab0.30a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
6271ab0.30a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
6281ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
6291ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
6301ab0.30a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
6311ab0.30a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
6321ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
6331ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
6341ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6351ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'msasn1.dll'.
6361ab0.30a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
6371ab0.30a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
6381ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6391ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6401ab0.30a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
6411ab0.30a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
6421ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
6431ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
6441ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
6451ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6461ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6471ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6481ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6491ab0.30a4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
6501ab0.30a4: supR3HardenedDllNotificationCallback: load 00007ff842130000 LB 0x000aa000 C:\WINDOWS\system32\msvcrt.dll [fFlags=0x0]
6511ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6521ab0.30a4: supR3HardenedDllNotificationCallback: load 00007ff83ff30000 LB 0x00011000 C:\WINDOWS\system32\MSASN1.dll [fFlags=0x0]
6531ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
6541ab0.30a4: supR3HardenedDllNotificationCallback: load 00007ff8401d0000 LB 0x001df000 C:\WINDOWS\system32\CRYPT32.dll [fFlags=0x0]
6551ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
6561ab0.30a4: supR3HardenedDllNotificationCallback: load 00007ff841fe0000 LB 0x00141000 C:\WINDOWS\system32\RPCRT4.dll [fFlags=0x0]
6571ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
6581ab0.30a4: supR3HardenedDllNotificationCallback: load 00007ff840120000 LB 0x00051000 C:\WINDOWS\system32\Wintrust.dll [fFlags=0x0]
6591ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
6601ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff840120000 'C:\WINDOWS\system32\Wintrust.dll'
6611ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
6621ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6631ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff840120000 'C:\Windows\System32\WINTRUST.DLL'
6641ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
6651ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6661ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff840120000 'C:\Windows\System32\WINTRUST.DLL'
6671ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
6681ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6691ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff840120000 'C:\Windows\System32\WINTRUST.DLL'
6701ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
6711ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6721ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff840120000 'C:\Windows\System32\WINTRUST.DLL'
6731ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
6741ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6751ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff840120000 'C:\Windows\System32\WINTRUST.DLL'
6761ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
6771ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6781ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff840120000 'C:\Windows\System32\WINTRUST.DLL'
6791ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
6801ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff840120000 'C:\Windows\System32\WINTRUST.DLL'
6811ab0.30a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
6821ab0.30a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
6831ab0.30a4: supR3HardenedDllNotificationCallback: load 00007ff83f7c0000 LB 0x00020000 C:\WINDOWS\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
6841ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
6851ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcrypt.dll'.
6861ab0.30a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
6871ab0.30a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
6881ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
6891ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
6901ab0.30a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
6911ab0.30a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
6921ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6931ab0.30a4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6941ab0.30a4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
6951ab0.30a4: supR3HardenedDllNotificationCallback: load 00007ff83fa10000 LB 0x00026000 C:\WINDOWS\SYSTEM32\bcrypt.dll [fFlags=0x0]
6961ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
6971ab0.30a4: supR3HardenedDllNotificationCallback: load 00007ff83f390000 LB 0x00036000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
6981ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6991ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
7001ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
7011ab0.30a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
7021ab0.30a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
7031ab0.30a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
7041ab0.30a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
7051ab0.30a4: supR3HardenedDllNotificationCallback: load 00007ff83fd50000 LB 0x00063000 C:\WINDOWS\SYSTEM32\bcryptPrimitives.dll [fFlags=0x0]
7061ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
7071ab0.30a4: supR3HardenedDllNotificationCallback: load 00007ff83fdc0000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
7081ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
7091ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
7101ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
7111ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
7121ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
7131ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7141ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff841cb0000 'C:\WINDOWS\system32\kernel32.dll'
7151ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
7161ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff840120000 'C:\Windows\System32\WINTRUST.DLL'
7171ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
7181ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
7191ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\CRYPT32.dll'
7201ab0.30a4: supR3HardenedDllNotificationCallback: load 00007ff840770000 LB 0x00016000 C:\WINDOWS\system32\imagehlp.dll [fFlags=0x0]
7211ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
7221ab0.30a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
7231ab0.30a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
7241ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7251ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
7261ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
7271ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
7281ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7291ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
7301ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'bcrypt.dll'.
7311ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ntasn1.dll'.
7321ab0.30a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ncrypt.dll)
7331ab0.30a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ncrypt.dll
7341ab0.30a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntasn1.dll)
7351ab0.30a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntasn1.dll
7361ab0.30a4: supR3HardenedDllNotificationCallback: load 00007ff83f9a0000 LB 0x00037000 C:\WINDOWS\SYSTEM32\NTASN1.dll [fFlags=0x0]
7371ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntasn1.dll [lacks WinVerifyTrust]
7381ab0.30a4: supR3HardenedDllNotificationCallback: load 00007ff83f9e0000 LB 0x00025000 C:\WINDOWS\SYSTEM32\ncrypt.dll [fFlags=0x0]
7391ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
7401ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
7411ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntasn1.dll'...
7421ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\ntasn1.dll' [rcNtRedir=0xc0150008]
7431ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntasn1.dll [lacks WinVerifyTrust]
7441ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
7451ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
7461ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
7471ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7481ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83fd50000 'C:\WINDOWS\system32\bcryptprimitives.dll'
7491ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
7501ab0.30a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
7511ab0.30a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
7521ab0.30a4: supR3HardenedDllNotificationCallback: load 00007ff8425c0000 LB 0x00059000 C:\WINDOWS\SYSTEM32\sechost.dll [fFlags=0x0]
7531ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
7541ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
7551ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
7561ab0.30a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
7571ab0.30a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
7581ab0.30a4: supR3HardenedDllNotificationCallback: load 00007ff83f030000 LB 0x00024000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0]
7591ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
7601ab0.30a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
7611ab0.30a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
7621ab0.30a4: supR3HardenedDllNotificationCallback: load 00007ff83fe80000 LB 0x00015000 C:\WINDOWS\SYSTEM32\profapi.dll [fFlags=0x0]
7631ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
7641ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
7651ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'crypt32.dll'.
7661ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'wldap32.dll'.
7671ab0.30a4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
7681ab0.30a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
7691ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
7701ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
7711ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
7721ab0.30a4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\Wldap32.dll)
7731ab0.30a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\Wldap32.dll
7741ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
7751ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
7761ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
7771ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
7781ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
7791ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
7801ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
7811ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
7821ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
7831ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
7841ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
7851ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
7861ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
7871ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
7881ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
7891ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
7901ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
7911ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
7921ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7931ab0.30a4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7941ab0.30a4: supR3HardenedDllNotificationCallback: load 00007ff842560000 LB 0x0005c000 C:\WINDOWS\system32\WLDAP32.dll [fFlags=0x0]
7951ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
7961ab0.30a4: supR3HardenedDllNotificationCallback: load 00007ff83bc00000 LB 0x00039000 C:\WINDOWS\system32\cryptnet.dll [fFlags=0x0]
7971ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7981ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7991ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
8001ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83bc00000 'C:\WINDOWS\system32\cryptnet.dll'
8011ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8021ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
8031ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83bc00000 'C:\WINDOWS\system32\cryptnet.dll'
8041ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8051ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
8061ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83bc00000 'C:\WINDOWS\system32\cryptnet.dll'
8071ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8081ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
8091ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83bc00000 'C:\WINDOWS\system32\cryptnet.dll'
8101ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8111ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
8121ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83bc00000 'C:\WINDOWS\system32\cryptnet.dll'
8131ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8141ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
8151ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83bc00000 'C:\WINDOWS\system32\cryptnet.dll'
8161ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8171ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83bc00000 'C:\WINDOWS\system32\cryptnet.dll'
8181ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8191ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83bc00000 'C:\WINDOWS\system32\cryptnet.dll'
8201ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8211ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83bc00000 'C:\WINDOWS\system32\cryptnet.dll'
8221ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8231ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83bc00000 'C:\WINDOWS\system32\cryptnet.dll'
8241ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8251ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83bc00000 'C:\WINDOWS\system32\cryptnet.dll'
8261ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83bc00000 'C:\WINDOWS\system32\cryptnet.dll'
8271ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8281ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83bc00000 'C:\Windows\System32\cryptnet.dll'
8291ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8301ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'sechost.dll'.
8311ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'rpcrt4.dll'.
8321ab0.30a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
8331ab0.30a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
8341ab0.30a4: supR3HardenedDllNotificationCallback: load 00007ff840540000 LB 0x000aa000 C:\WINDOWS\SYSTEM32\advapi32.dll [fFlags=0x0]
8351ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
8361ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8371ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8381ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8391ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
8401ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
8411ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume2\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
8421ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
8431ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8441ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8451ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8461ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8471ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
8481ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
8491ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8501ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
8511ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
8521ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000f39050
8531ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f39050
8541ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0C388B9F1A03B08C9E0419963B4B8BEF1136190E
8551ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
8561ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8571ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff841fe0000 'C:\WINDOWS\system32\rpcrt4.dll'
8581ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
8591ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff840120000 'C:\Windows\System32\WINTRUST.DLL'
8601ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
8611ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff840120000 'C:\Windows\System32\WINTRUST.DLL'
8621ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
8631ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff840120000 'C:\Windows\System32\WINTRUST.DLL'
8641ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
8651ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff840120000 'C:\Windows\System32\WINTRUST.DLL'
8661ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
8671ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff840120000 'C:\Windows\System32\WINTRUST.DLL'
8681ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
8691ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8701ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff840120000 'C:\Windows\System32\WINTRUST.DLL'
8711ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
8721ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff840120000 'C:\Windows\System32\WINTRUST.DLL'
8731ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8741ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8751ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
8761ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
8771ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8781ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
8791ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_31_for_KB3045999~31bf3856ad364e35~amd64~~6.3.1.3.cat'; file='\SystemRoot\System32\ntdll.dll'
8801ab0.30a4: g_pfnWinVerifyTrust=00007ff840121050
8811ab0.30a4: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
8821ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8831ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8841ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
8851ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
8861ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8871ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
8881ab0.30a4: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
8891ab0.30a4: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
8901ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8911ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8921ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
8931ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
8941ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8951ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
8961ab0.30a4: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
8971ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8981ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8991ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
9001ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
9011ab0.30a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
9021ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000378 pwszName=\Device\HarddiskVolume2\Windows\System32\Wldap32.dll
9031ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000f39050
9041ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f39050
9051ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BBC3979054487C3D01C936AC44608445F3BDB24A
9061ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9071ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
9081ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
9091ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1991_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
9101ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
9111ab0.30a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
9121ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000374 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll
9131ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000f39050
9141ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f39050
9151ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CFA081F787F20E906CEFF5631F4EC1F5B874BBA5
9161ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9171ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
9181ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
9191ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1991_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
9201ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
9211ab0.30a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
9221ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9231ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
9241ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
9251ab0.30a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
9261ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9271ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
9281ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
9291ab0.30a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
9301ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9311ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
9321ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
9331ab0.30a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll'
9341ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9351ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
9361ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
9371ab0.30a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ntasn1.dll'
9381ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9391ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
9401ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
9411ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9421ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
9431ab0.30a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
9441ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9451ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9461ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
9471ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
9481ab0.30a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
9491ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9501ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
9511ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
9521ab0.30a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll'
9531ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9541ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
9551ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
9561ab0.30a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
9571ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9581ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
9591ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
9601ab0.30a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
9611ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9621ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
9631ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
9641ab0.30a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
9651ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
9661ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
9671ab0.30a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
9681ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
9691ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
9701ab0.30a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
9711ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
9721ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
9731ab0.30a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
9741ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
9751ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
9761ab0.30a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
9771ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
9781ab0.30a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
9791ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
9801ab0.30a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe'
9811ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
9821ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
9831ab0.30a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
9841ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
9851ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
9861ab0.30a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
9871ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
9881ab0.30a4: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
9891ab0.30a4: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
9901ab0.30a4: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
9911ab0.30a4: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
9921ab0.30a4: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
9931ab0.30a4: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
9941ab0.30a4: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
9951ab0.30a4: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
9961ab0.30a4: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
9971ab0.30a4: supR3HardenedWinIsDesiredRootCA: Adding 0x91e3728b8b40d000 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO Certification Authority
9981ab0.30a4: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
9991ab0.30a4: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
10001ab0.30a4: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
10011ab0.30a4: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
10021ab0.30a4: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
10031ab0.30a4: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
10041ab0.30a4: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
10051ab0.30a4: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
10061ab0.30a4: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
10071ab0.30a4: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
10081ab0.30a4: supR3HardenedWinIsDesiredRootCA: Adding 0xff3891b54348328 C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Secure Server Certification Authority
10091ab0.30a4: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
10101ab0.30a4: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
10111ab0.30a4: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
10121ab0.30a4: supR3HardenedWinIsDesiredRootCA: Adding 0xabd0695c5d11d15e C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
10131ab0.30a4: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
10141ab0.30a4: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
10151ab0.30a4: supR3HardenedWinIsDesiredRootCA: Adding 0x35f812d09650dc00 C=FR, O=Certplus, CN=Class 2 Primary CA
10161ab0.30a4: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
10171ab0.30a4: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
10181ab0.30a4: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
10191ab0.30a4: supR3HardenedWinIsDesiredRootCA: Adding 0x6e2ba21058eedf00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN - DATACorp SGC
10201ab0.30a4: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
10211ab0.30a4: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
10221ab0.30a4: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
10231ab0.30a4: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
10241ab0.30a4: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
10251ab0.30a4: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
10261ab0.30a4: supR3HardenedWinIsDesiredRootCA: Adding 0x20b7075b3689b600 C=IL, O=StartCom Ltd., CN=StartCom Certification Authority G2
10271ab0.30a4: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
10281ab0.30a4: supR3HardenedWinIsDesiredRootCA: Adding 0xab549401526569d3 L=Internet, O=VeriSign, Inc., OU=VeriSign Commercial Software Publishers CA
10291ab0.30a4: supR3HardenedWinIsDesiredRootCA: Adding 0x92ac5ed85c2d0e9b C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2007 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G4
10301ab0.30a4: supR3HardenedWinIsDesiredRootCA: Adding 0x1f78fc529cbacb00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
10311ab0.30a4: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
10321ab0.30a4: supR3HardenedWinIsDesiredRootCA: Adding 0xa8b43f38c3f7b100 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware
10331ab0.30a4: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
10341ab0.30a4: supR3HardenedWinIsDesiredRootCA: Adding 0x592fec16e99fad00 C=US, ST=California, L=Temecula, O=OPTO 22, OU=Engineering, CN=Opto 22 Engineering CA, Email=kjohnson@opto22.com
10351ab0.30a4: supR3HardenedWinIsDesiredRootCA: Adding 0xeb8391d13825ca00 DC=com, DC=OPTO22, CN=Opto22 CA
10361ab0.30a4: supR3HardenedWinIsDesiredRootCA: Adding 0x4edea3f0a48c8500 DC=com, DC=OPTO22, CN=000mx2
10371ab0.30a4: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=49
10381ab0.30a4: SUPR3HardenedMain: Load Runtime...
10391ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
10401ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
10411ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
10421ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
10431ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
10441ab0.30a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll)WinVerifyTrust
10451ab0.30a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
10461ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
10471ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
10481ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
10491ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
10501ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
10511ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
10521ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
10531ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'nsi.dll'.
10541ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'.
10551ab0.30a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll)WinVerifyTrust
10561ab0.30a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
10571ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
10581ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
10591ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
10601ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
10611ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
10621ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
10631ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
10641ab0.30a4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\nsi.dll'.
10651ab0.30a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll)
10661ab0.30a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll
10671ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
10681ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
10691ab0.30a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll)WinVerifyTrust
10701ab0.30a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
10711ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
10721ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
10731ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
10741ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
10751ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
10761ab0.30a4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
10771ab0.30a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll)
10781ab0.30a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
10791ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10801ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
10811ab0.30a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll)WinVerifyTrust
10821ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
10831ab0.30a4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
10841ab0.30a4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
10851ab0.30a4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
10861ab0.30a4: supR3HardenedDllNotificationCallback: load 000000005f6a0000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
10871ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
10881ab0.30a4: supR3HardenedDllNotificationCallback: load 000000005f600000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
10891ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
10901ab0.30a4: supR3HardenedDllNotificationCallback: load 00007ff840760000 LB 0x00009000 C:\WINDOWS\system32\NSI.dll [fFlags=0x0]
10911ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll [avoiding WinVerifyTrust]
10921ab0.30a4: supR3HardenedDllNotificationCallback: load 00007ff8403b0000 LB 0x0005a000 C:\WINDOWS\system32\WS2_32.dll [fFlags=0x0]
10931ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
10941ab0.30a4: supR3HardenedDllNotificationCallback: load 00007ff81a960000 LB 0x00531000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
10951ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
10961ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
10971ab0.30a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'
10981ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
10991ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
11001ab0.30a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\nsi.dll'
11011ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
11021ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11031ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a960000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11041ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
11051ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11061ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a960000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11071ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
11081ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11091ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a960000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11101ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
11111ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11121ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a960000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11131ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
11141ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11151ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a960000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11161ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
11171ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11181ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a960000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11191ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a960000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11201ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a960000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11211ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a960000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11221ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a960000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11231ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a960000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11241ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a960000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11251ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a960000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11261ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
11271ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11281ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a960000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11291ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a960000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11301ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a960000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11311ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a960000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11321ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a960000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11331ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a960000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11341ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a960000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11351ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a960000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11361ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a960000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11371ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a960000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11381ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a960000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11391ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a960000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11401ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a960000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11411ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a960000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11421ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a960000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11431ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a960000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11441ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
11451ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11461ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a960000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11471ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a960000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11481ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a960000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11491ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a960000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11501ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff840120000 'C:\WINDOWS\system32\Wintrust.dll'
11511ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
11521ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
11531ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
11541ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
11551ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11561ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
11571ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
11581ab0.30a4: SUPR3HardenedMain: Load TrustedMain...
11591ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
11601ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
11611ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
11621ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
11631ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
11641ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
11651ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qtguivbox4.dll'.
11661ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qtnetworkvbox4.dll'.
11671ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qtopenglvbox4.dll'.
11681ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'user32.dll'.
11691ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'gdi32.dll'.
11701ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
11711ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
11721ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
11731ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
11741ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'comdlg32.dll'.
11751ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'winmm.dll'.
11761ab0.30a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll)WinVerifyTrust
11771ab0.30a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
11781ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
11791ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
11801ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
11811ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
11821ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
11831ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcrt.dll'.
11841ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'user32.dll'.
11851ab0.30a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll)WinVerifyTrust
11861ab0.30a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll
11871ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
11881ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
11891ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000554 pwszName=\Device\HarddiskVolume2\Windows\System32\comdlg32.dll
11901ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000f39050
11911ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f39050
11921ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A8D428FD3A844AF383E2EA2C23013320CECD6296
11931ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
11941ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
11951ab0.30a4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
11961ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'gdi32.dll'.
11971ab0.30a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
11981ab0.30a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
11991ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12001ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12011ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
12021ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
12031ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
12041ab0.30a4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll'.
12051ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
12061ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'devobj.dll'.
12071ab0.30a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmmbase.dll)
12081ab0.30a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmmbase.dll
12091ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
12101ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
12111ab0.30a4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\devobj.dll'.
12121ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12131ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'cfgmgr32.dll'.
12141ab0.30a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\devobj.dll)
12151ab0.30a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devobj.dll
12161ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12171ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12181ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12191ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
12201ab0.30a4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
12211ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'user32.dll'.
12221ab0.30a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
12231ab0.30a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
12241ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12251ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12261ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
12271ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
12281ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
12291ab0.30a4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'.
12301ab0.30a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll)
12311ab0.30a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
12321ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12331ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12341ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
12351ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
12361ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1358_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'
12371ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12381ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12391ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'.
12401ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
12411ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
12421ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'.
12431ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
12441ab0.30a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comdlg32.dll)WinVerifyTrust
12451ab0.30a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
12461ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
12471ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
12481ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
12491ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
12501ab0.30a4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'.
12511ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12521ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #55 'user32.dll'.
12531ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #57 'shlwapi.dll'.
12541ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #59 'gdi32.dll'.
12551ab0.30a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll)
12561ab0.30a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
12571ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
12581ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
12591ab0.30a4: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\comctl32.dll'.
12601ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
12611ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
12621ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
12631ab0.30a4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\comctl32.dll)
12641ab0.30a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comctl32.dll
12651ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12661ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
12671ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
12681ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12691ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12701ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
12711ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
12721ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
12731ab0.30a4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'.
12741ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
12751ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'user32.dll'.
12761ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'gdi32.dll'.
12771ab0.30a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll)
12781ab0.30a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
12791ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12801ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12811ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12821ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
12831ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
12841ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12851ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12861ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
12871ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12881ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12891ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12901ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12911ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
12921ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12931ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
12941ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
12951ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
12961ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
12971ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
12981ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12991ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13001ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
13011ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
13021ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
13031ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
13041ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13051ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13061ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
13071ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13081ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13091ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
13101ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
13111ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
13121ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'combase.dll'.
13131ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
13141ab0.30a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll)WinVerifyTrust
13151ab0.30a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
13161ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
13171ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
13181ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
13191ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
13201ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
13211ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
13221ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
13231ab0.30a4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
13241ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
13251ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
13261ab0.30a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\combase.dll)
13271ab0.30a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\combase.dll
13281ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13291ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13301ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
13311ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
13321ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13331ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13341ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
13351ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
13361ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
13371ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
13381ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'gdi32.dll'.
13391ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'user32.dll'.
13401ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'combase.dll'.
13411ab0.30a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ole32.dll)WinVerifyTrust
13421ab0.30a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
13431ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
13441ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
13451ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll [redoing WinVerifyTrust]
13461ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
13471ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
13481ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [lacks WinVerifyTrust]
13491ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13501ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13511ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
13521ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13531ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13541ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
13551ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
13561ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
13571ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13581ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13591ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
13601ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
13611ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
13621ab0.30a4: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll'
13631ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
13641ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
13651ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
13661ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13671ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13681ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
13691ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
13701ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
13711ab0.30a4: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
13721ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13731ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13741ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [redoing WinVerifyTrust]
13751ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
13761ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
13771ab0.30a4: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll'
13781ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtopenglvbox4.dll'...
13791ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtopenglvbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtopenglvbox4.dll' [rcNtRedir=0xc0150008]
13801ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
13811ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
13821ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
13831ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
13841ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qtguivbox4.dll'.
13851ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
13861ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'.
13871ab0.30a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll)WinVerifyTrust
13881ab0.30a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
13891ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtnetworkvbox4.dll'...
13901ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtnetworkvbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtnetworkvbox4.dll' [rcNtRedir=0xc0150008]
13911ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
13921ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
13931ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
13941ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
13951ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
13961ab0.30a4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll'.
13971ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
13981ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
13991ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
14001ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
14011ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
14021ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
14031ab0.30a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll)
14041ab0.30a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
14051ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
14061ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
14071ab0.30a4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll'.
14081ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
14091ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'comdlg32.dll'.
14101ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'.
14111ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
14121ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
14131ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
14141ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
14151ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
14161ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'advapi32.dll'.
14171ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shell32.dll'.
14181ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'qtcorevbox4.dll'.
14191ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp100.dll'.
14201ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcr100.dll'.
14211ab0.30a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll)
14221ab0.30a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
14231ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14241ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14251ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
14261ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
14271ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
14281ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
14291ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
14301ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
14311ab0.30a4: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\opengl32.dll'.
14321ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14331ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
14341ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
14351ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
14361ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
14371ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
14381ab0.30a4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll)
14391ab0.30a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll
14401ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14411ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14421ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
14431ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
14441ab0.30a4: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\ddraw.dll'.
14451ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14461ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'user32.dll'.
14471ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'gdi32.dll'.
14481ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'dciman32.dll'.
14491ab0.30a4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ddraw.dll)
14501ab0.30a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ddraw.dll
14511ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
14521ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
14531ab0.30a4: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
14541ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14551ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
14561ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
14571ab0.30a4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\glu32.dll)
14581ab0.30a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll
14591ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
14601ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
14611ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
14621ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
14631ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
14641ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
14651ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
14661ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
14671ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
14681ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
14691ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
14701ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
14711ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
14721ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
14731ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
14741ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
14751ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [lacks WinVerifyTrust]
14761ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
14771ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
14781ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
14791ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
14801ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
14811ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
14821ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14831ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14841ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
14851ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
14861ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
14871ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
14881ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
14891ab0.30a4: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\winspool.drv'.
14901ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14911ab0.30a4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\winspool.drv)
14921ab0.30a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winspool.drv
14931ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
14941ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
14951ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
14961ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
14971ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
14981ab0.30a4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
14991ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
15001ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'msctf.dll'.
15011ab0.30a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\imm32.dll)
15021ab0.30a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll
15031ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
15041ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
15051ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
15061ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
15071ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
15081ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
15091ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15101ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15111ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
15121ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
15131ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
15141ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
15151ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
15161ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
15171ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
15181ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
15191ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
15201ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
15211ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
15221ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
15231ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
15241ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
15251ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
15261ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15271ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15281ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
15291ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume2\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
15301ab0.30a4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msctf.dll'.
15311ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
15321ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
15331ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
15341ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'imm32.dll'.
15351ab0.30a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msctf.dll)
15361ab0.30a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll
15371ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15381ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15391ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15401ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15411ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15421ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15431ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
15441ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
15451ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
15461ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15471ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15481ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
15491ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
15501ab0.30a4: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\dciman32.dll'.
15511ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
15521ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
15531ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
15541ab0.30a4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\dciman32.dll)
15551ab0.30a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dciman32.dll
15561ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15571ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15581ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15591ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15601ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15611ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15621ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15631ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15641ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15651ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15661ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15671ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15681ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
15691ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
15701ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
15711ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15721ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15731ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15741ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15751ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
15761ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15771ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15781ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
15791ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ws2_32.dll'.
15801ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qtcorevbox4.dll'.
15811ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcr100.dll'.
15821ab0.30a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll)WinVerifyTrust
15831ab0.30a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
15841ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
15851ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
15861ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [redoing WinVerifyTrust]
15871ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
15881ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
15891ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
15901ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
15911ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
15921ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [lacks WinVerifyTrust]
15931ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
15941ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
15951ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
15961ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
15971ab0.30a4: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll'
15981ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
15991ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
16001ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [redoing WinVerifyTrust]
16011ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
16021ab0.30a4: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll'
16031ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
16041ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
16051ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
16061ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
16071ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
16081ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
16091ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
16101ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
16111ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
16121ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
16131ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
16141ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000578 pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll
16151ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000f39050
16161ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f39050
16171ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2C6D4490D969C3233E8843AD4B11DB3F390C0B16
16181ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
16191ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
16201ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1537_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
16211ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16221ab0.30a4: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
16231ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
16241ab0.30a4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
16251ab0.30a4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
16261ab0.30a4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
16271ab0.30a4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
16281ab0.30a4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
16291ab0.30a4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
16301ab0.30a4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
16311ab0.30a4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
16321ab0.30a4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll [avoiding WinVerifyTrust]
16331ab0.30a4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
16341ab0.30a4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [avoiding WinVerifyTrust]
16351ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
16361ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
16371ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
16381ab0.30a4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17415_none_34aa3313958e7a52\comctl32.dll)
16391ab0.30a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17415_none_34aa3313958e7a52\comctl32.dll
16401ab0.30a4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
16411ab0.30a4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll [avoiding WinVerifyTrust]
16421ab0.30a4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [avoiding WinVerifyTrust]
16431ab0.30a4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll [avoiding WinVerifyTrust]
16441ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16451ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'combase.dll'.
16461ab0.30a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\SHCore.dll)
16471ab0.30a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\SHCore.dll
16481ab0.30a4: supR3HardenedDllNotificationCallback: load 00007ff841e60000 LB 0x00177000 C:\WINDOWS\system32\USER32.dll [fFlags=0x0]
16491ab0.30a4: supR3HardenedDllNotificationCallback: load 00007ff8405f0000 LB 0x00151000 C:\WINDOWS\system32\GDI32.dll [fFlags=0x0]
16501ab0.30a4: supR3HardenedDllNotificationCallback: load 00007ff836130000 LB 0x00009000 C:\WINDOWS\SYSTEM32\DCIMAN32.dll [fFlags=0x0]
16511ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll [avoiding WinVerifyTrust]
16521ab0.30a4: supR3HardenedDllNotificationCallback: load 00007ff821280000 LB 0x000f8000 C:\WINDOWS\SYSTEM32\DDRAW.dll [fFlags=0x0]
16531ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll [avoiding WinVerifyTrust]
16541ab0.30a4: supR3HardenedDllNotificationCallback: load 00007ff8312b0000 LB 0x0002e000 C:\WINDOWS\SYSTEM32\GLU32.dll [fFlags=0x0]
16551ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
16561ab0.30a4: supR3HardenedDllNotificationCallback: load 00007ff823410000 LB 0x0012b000 C:\WINDOWS\SYSTEM32\OPENGL32.dll [fFlags=0x0]
16571ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
16581ab0.30a4: supR3HardenedDllNotificationCallback: load 00007ff842b10000 LB 0x00211000 C:\WINDOWS\SYSTEM32\combase.dll [fFlags=0x0]
16591ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [avoiding WinVerifyTrust]
16601ab0.30a4: supR3HardenedDllNotificationCallback: load 00007ff842620000 LB 0x00194000 C:\WINDOWS\system32\ole32.dll [fFlags=0x0]
16611ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
16621ab0.30a4: supR3HardenedDllNotificationCallback: load 000000005f320000 LB 0x002de000 C:\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [fFlags=0x0]
16631ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
16641ab0.30a4: supR3HardenedDllNotificationCallback: load 00007ff841e00000 LB 0x00054000 C:\WINDOWS\system32\SHLWAPI.dll [fFlags=0x0]
16651ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [avoiding WinVerifyTrust]
16661ab0.30a4: supR3HardenedDllNotificationCallback: load 00007ff83a150000 LB 0x000a4000 C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17415_none_34aa3313958e7a52\COMCTL32.dll [fFlags=0x0]
16671ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17415_none_34aa3313958e7a52\comctl32.dll [avoiding WinVerifyTrust]
16681ab0.30a4: supR3HardenedDllNotificationCallback: load 00007ff840790000 LB 0x01518000 C:\WINDOWS\system32\SHELL32.dll [fFlags=0x0]
16691ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
16701ab0.30a4: supR3HardenedDllNotificationCallback: load 00007ff83e4e0000 LB 0x000b2000 C:\WINDOWS\SYSTEM32\SHCORE.DLL [fFlags=0x0]
16711ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SHCore.dll [avoiding WinVerifyTrust]
16721ab0.30a4: supR3HardenedDllNotificationCallback: load 00007ff840480000 LB 0x000b6000 C:\WINDOWS\system32\COMDLG32.dll [fFlags=0x0]
16731ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
16741ab0.30a4: supR3HardenedDllNotificationCallback: load 00007ff842970000 LB 0x000c1000 C:\WINDOWS\system32\OLEAUT32.dll [fFlags=0x0]
16751ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
16761ab0.30a4: supR3HardenedDllNotificationCallback: load 00007ff8421e0000 LB 0x00152000 C:\WINDOWS\system32\MSCTF.dll [fFlags=0x0]
16771ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msctf.dll [avoiding WinVerifyTrust]
16781ab0.30a4: supR3HardenedDllNotificationCallback: load 00007ff842340000 LB 0x00036000 C:\WINDOWS\system32\IMM32.dll [fFlags=0x0]
16791ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
16801ab0.30a4: supR3HardenedDllNotificationCallback: load 00007ff840180000 LB 0x0004f000 C:\WINDOWS\SYSTEM32\cfgmgr32.dll [fFlags=0x0]
16811ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [avoiding WinVerifyTrust]
16821ab0.30a4: supR3HardenedDllNotificationCallback: load 00007ff83ec70000 LB 0x00028000 C:\WINDOWS\SYSTEM32\DEVOBJ.dll [fFlags=0x0]
16831ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll [avoiding WinVerifyTrust]
16841ab0.30a4: supR3HardenedDllNotificationCallback: load 00007ff8392f0000 LB 0x0002a000 C:\WINDOWS\SYSTEM32\WINMMBASE.dll [fFlags=0x0]
16851ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
16861ab0.30a4: supR3HardenedDllNotificationCallback: load 00007ff839320000 LB 0x00022000 C:\WINDOWS\SYSTEM32\WINMM.dll [fFlags=0x0]
16871ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
16881ab0.30a4: supR3HardenedDllNotificationCallback: load 00007ff837a00000 LB 0x00082000 C:\WINDOWS\SYSTEM32\WINSPOOL.DRV [fFlags=0x0]
16891ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
16901ab0.30a4: supR3HardenedDllNotificationCallback: load 000000005e9b0000 LB 0x00969000 C:\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [fFlags=0x0]
16911ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
16921ab0.30a4: supR3HardenedDllNotificationCallback: load 000000005e8a0000 LB 0x00105000 C:\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll [fFlags=0x0]
16931ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
16941ab0.30a4: supR3HardenedDllNotificationCallback: load 000000005e7c0000 LB 0x000dc000 C:\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll [fFlags=0x0]
16951ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
16961ab0.30a4: supR3HardenedDllNotificationCallback: load 00007ff80d500000 LB 0x00875000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
16971ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
16981ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
16991ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
17001ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [lacks WinVerifyTrust]
17011ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17021ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17031ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17041ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17051ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17061ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17071ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
17081ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
17091ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
17101ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
17111ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
17121ab0.30a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\SHCore.dll'
17131ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003ec pwszName=\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17415_none_34aa3313958e7a52\comctl32.dll
17141ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000f39050
17151ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f39050
17161ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D2439957F4F4E64F3771B4CC408D22259C95DE82
17171ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
17181ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
17191ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1358_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17415_none_34aa3313958e7a52\comctl32.dll'
17201ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17211ab0.30a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17415_none_34aa3313958e7a52\comctl32.dll'
17221ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000570 pwszName=\Device\HarddiskVolume2\Windows\System32\dciman32.dll
17231ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000f39050
17241ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f39050
17251ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=090BF7C2666F3FF583BB59D31C1CC1CF305DE9C0
17261ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
17271ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
17281ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3032323~31bf3856ad364e35~amd64~~6.3.1.3.cat'; file='\Device\HarddiskVolume2\Windows\System32\dciman32.dll'
17291ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17301ab0.30a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\dciman32.dll'
17311ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
17321ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
17331ab0.30a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll'
17341ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
17351ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
17361ab0.30a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll'
17371ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000588 pwszName=\Device\HarddiskVolume2\Windows\System32\winspool.drv
17381ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000f39050
17391ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f39050
17401ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2F29C5E10B41703F37F876FBDAF2EA1AEB908918
17411ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
17421ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
17431ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1242_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume2\Windows\System32\winspool.drv'
17441ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17451ab0.30a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\winspool.drv'
17461ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000057c pwszName=\Device\HarddiskVolume2\Windows\System32\glu32.dll
17471ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000f39050
17481ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f39050
17491ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=832AE7EFDC6DDBE1A3371D29771A385D19CE3E5A
17501ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
17511ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
17521ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1537_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume2\Windows\System32\glu32.dll'
17531ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17541ab0.30a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll'
17551ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000056c pwszName=\Device\HarddiskVolume2\Windows\System32\ddraw.dll
17561ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000f39050
17571ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f39050
17581ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=46F3EC55D7EDCC524FCBA343C275D945026CBC93
17591ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
17601ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
17611ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1534_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume2\Windows\System32\ddraw.dll'
17621ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17631ab0.30a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ddraw.dll'
17641ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
17651ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
17661ab0.30a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\combase.dll'
17671ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
17681ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
17691ab0.30a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
17701ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000580 pwszName=\Device\HarddiskVolume2\Windows\System32\comctl32.dll
17711ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000f39050
17721ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f39050
17731ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D2439957F4F4E64F3771B4CC408D22259C95DE82
17741ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
17751ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
17761ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1358_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume2\Windows\System32\comctl32.dll'
17771ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17781ab0.30a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\comctl32.dll'
17791ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
17801ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
17811ab0.30a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
17821ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
17831ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
17841ab0.30a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\devobj.dll'
17851ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
17861ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
17871ab0.30a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll'
17881ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
17891ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17901ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff842340000 'C:\WINDOWS\system32\imm32.dll'
17911ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80d500000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
17921ab0.30a4: SUPR3HardenedMain: Calling TrustedMain (00007ff80d501ca0)...
17931ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
17941ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17951ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff839320000 'C:\WINDOWS\system32\winmm.dll'
17961ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000590 pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll
17971ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000f39050
17981ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f39050
17991ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=011C79DEF7FEEC81838000B9664073BAE4A7CB92
18001ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
18011ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18021ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
18031ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
18041ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1357_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume2\Windows\System32\uxtheme.dll'
18051ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18061ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18071ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
18081ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'gdi32.dll'.
18091ab0.30a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll)WinVerifyTrust
18101ab0.30a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
18111ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18121ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18131ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18141ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18151ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18161ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18171ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
18181ab0.30a4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
18191ab0.30a4: supR3HardenedDllNotificationCallback: load 00007ff83eaf0000 LB 0x00129000 C:\WINDOWS\system32\uxtheme.dll [fFlags=0x0]
18201ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
18211ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83eaf0000 'C:\WINDOWS\system32\uxtheme.dll'
18221ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
18231ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
18241ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83eaf0000 'C:\WINDOWS\system32\uxtheme.dll'
18251ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
18261ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
18271ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83eaf0000 'C:\WINDOWS\system32\uxtheme.dll'
18281ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
18291ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
18301ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83eaf0000 'C:\WINDOWS\system32\uxtheme.dll'
18311ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000498 pwszName=\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
18321ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000f39050
18331ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f39050
18341ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2E44A2AC53DCA307CA985CD7B698D342049C4465
18351ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
18361ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
18371ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2947_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\ink\tiptsf.dll'
18381ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18391ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18401ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
18411ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'user32.dll'.
18421ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'combase.dll'.
18431ab0.30a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\ink\tiptsf.dll)WinVerifyTrust
18441ab0.30a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
18451ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
18461ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
18471ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll
18481ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18491ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18501ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
18511ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
18521ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18531ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18541ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
18551ab0.30a4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
18561ab0.30a4: supR3HardenedDllNotificationCallback: load 00007ff8331d0000 LB 0x000ab000 C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll [fFlags=0x0]
18571ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
18581ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8331d0000 'C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll'
18591ab0.30a4: \Device\HarddiskVolume2\Program Files (x86)\TeamViewer\Version9\tv_x64.dll: Owner is administrators group.
18601ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
18611ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'version.dll'.
18621ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'comctl32.dll'.
18631ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
18641ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
18651ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'shell32.dll'.
18661ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
18671ab0.30a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files (x86)\TeamViewer\Version9\tv_x64.dll)WinVerifyTrust
18681ab0.30a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files (x86)\TeamViewer\Version9\tv_x64.dll
18691ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
18701ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
18711ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
18721ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
18731ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
18741ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
18751ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18761ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18771ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
18781ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18791ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18801ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
18811ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
18821ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comctl32.dll
18831ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
18841ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume2\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
18851ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
18861ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
18871ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
18881ab0.30a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\version.dll)WinVerifyTrust
18891ab0.30a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\version.dll
18901ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18911ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18921ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files (x86)\TeamViewer\Version9\tv_x64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
18931ab0.30a4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files (x86)\TeamViewer\Version9\tv_x64.dll
18941ab0.30a4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll
18951ab0.30a4: supR3HardenedDllNotificationCallback: load 00007ff83c950000 LB 0x0000a000 C:\WINDOWS\SYSTEM32\VERSION.dll [fFlags=0x0]
18961ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll
18971ab0.30a4: supR3HardenedDllNotificationCallback: load 00007ff81f400000 LB 0x00048000 C:\Program Files (x86)\TeamViewer\Version9\tv_x64.dll [fFlags=0x0]
18981ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files (x86)\TeamViewer\Version9\tv_x64.dll
18991ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f400000 'C:\Program Files (x86)\TeamViewer\Version9\tv_x64.dll'
19001ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
19011ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
19021ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff840540000 'C:\WINDOWS\system32\advapi32.dll'
19031ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19041ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'user32.dll'.
19051ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'gdi32.dll'.
19061ab0.30a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dwmapi.dll)
19071ab0.30a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
19081ab0.30a4: supR3HardenedDllNotificationCallback: load 00007ff83e2e0000 LB 0x00021000 C:\WINDOWS\system32\dwmapi.dll [fFlags=0x0]
19091ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
19101ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcrt.dll'.
19111ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
19121ab0.30a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll)
19131ab0.30a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll
19141ab0.30a4: supR3HardenedDllNotificationCallback: load 00007ff83ecc0000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\kernel.appcore.dll [fFlags=0x0]
19151ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll [avoiding WinVerifyTrust]
19161ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
19171ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
19181ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19191ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19201ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
19211ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
19221ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19231ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19241ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19251ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19261ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
19271ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
19281ab0.30a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll'
19291ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
19301ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
19311ab0.30a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll'
19321ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
19331ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
19341ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff840790000 'C:\WINDOWS\system32\shell32.dll'
19351ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
19361ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
19371ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff841cb0000 'C:\WINDOWS\system32\kernel32.dll'
19381ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
19391ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
19401ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83eaf0000 'C:\WINDOWS\system32\uxtheme.dll'
19411ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
19421ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
19431ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83eaf0000 'C:\WINDOWS\system32\uxtheme.dll'
19441ab0.30a4: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll; rcNtGetDll=0x0
19451ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
19461ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\WINDOWS\system32\wintab32.dll'
19471ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff841e60000 'C:\WINDOWS\system32\user32.dll'
19481ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
19491ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
19501ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83eaf0000 'C:\WINDOWS\system32\uxtheme.dll'
19511ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff841e60000 'C:\WINDOWS\system32\user32.dll'
19521ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff840540000 'C:\WINDOWS\system32\advapi32.dll'
19531ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
19541ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
19551ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19561ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
19571ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'profapi.dll'.
19581ab0.30a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\userenv.dll)WinVerifyTrust
19591ab0.30a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll
19601ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
19611ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
19621ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll
19631ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
19641ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
19651ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19661ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19671ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
19681ab0.30a4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
19691ab0.30a4: supR3HardenedDllNotificationCallback: load 00007ff83f4a0000 LB 0x00021000 C:\WINDOWS\system32\userenv.dll [fFlags=0x0]
19701ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
19711ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f4a0000 'C:\WINDOWS\system32\userenv.dll'
19721ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
19731ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
19741ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff841cb0000 'C:\WINDOWS\system32\kernel32.dll'
19751ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19761ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
19771ab0.30a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clbcatq.dll)
19781ab0.30a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
19791ab0.30a4: supR3HardenedDllNotificationCallback: load 00007ff842a40000 LB 0x000b6000 C:\WINDOWS\SYSTEM32\clbcatq.dll [fFlags=0x0]
19801ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll [avoiding WinVerifyTrust]
19811ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
19821ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
19831ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19841ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19851ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
19861ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
19871ab0.30a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\clbcatq.dll'
19881ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
19891ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
19901ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
19911ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff842970000 'C:\Windows\System32\oleaut32.dll'
19921ab0.30a4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\sxs.dll)
19931ab0.30a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sxs.dll
19941ab0.30a4: supR3HardenedDllNotificationCallback: load 00007ff83fdd0000 LB 0x00099000 C:\WINDOWS\SYSTEM32\sxs.dll [fFlags=0x0]
19951ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\sxs.dll [avoiding WinVerifyTrust]
19961ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000740 pwszName=\Device\HarddiskVolume2\Windows\System32\sxs.dll
19971ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000f39050
19981ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f39050
19991ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CE9E354C30F5B2A6EDC3DE9416DF14533BE89816
20001ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
20011ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
20021ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_68_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume2\Windows\System32\sxs.dll'
20031ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20041ab0.30a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sxs.dll'
20051ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
20061ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\OLEAUT32.dll (Input=OLEAUT32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20071ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff842970000 'C:\WINDOWS\system32\OLEAUT32.dll'
20081ab0.30a4: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll; rcNtGetDll=0x0
20091ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20101ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\WINDOWS\system32\wintab32.dll'
20111ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8405f0000 'C:\WINDOWS\system32\gdi32.dll'
20121ab0.33d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
20131ab0.33d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
20141ab0.33d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
20151ab0.33d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
20161ab0.33d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
20171ab0.33d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
20181ab0.33d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
20191ab0.33d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'.
20201ab0.33d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll)WinVerifyTrust
20211ab0.33d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
20221ab0.33d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
20231ab0.33d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
20241ab0.33d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
20251ab0.33d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
20261ab0.33d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
20271ab0.33d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
20281ab0.33d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
20291ab0.33d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
20301ab0.33d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
20311ab0.33d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
20321ab0.33d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
20331ab0.33d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
20341ab0.33d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
20351ab0.33d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
20361ab0.33d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
20371ab0.33d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
20381ab0.33d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
20391ab0.33d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
20401ab0.33d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
20411ab0.33d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
20421ab0.33d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
20431ab0.33d4: supR3HardenedDllNotificationCallback: load 00007ff81a460000 LB 0x004f8000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
20441ab0.33d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
20451ab0.33d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a460000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
20461ab0.322c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
20471ab0.322c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
20481ab0.322c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
20491ab0.322c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
20501ab0.322c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
20511ab0.322c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll)WinVerifyTrust
20521ab0.322c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
20531ab0.322c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
20541ab0.322c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
20551ab0.322c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
20561ab0.322c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
20571ab0.322c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxPuelMain.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20581ab0.322c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
20591ab0.322c: supR3HardenedDllNotificationCallback: load 00007ff836020000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL [fFlags=0x0]
20601ab0.322c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
20611ab0.322c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff836020000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxPuelMain.DLL'
20621ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff841e60000 'C:\WINDOWS\system32\user32.dll'
20631ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
20641ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20651ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff840790000 'C:\WINDOWS\system32\shell32.dll'
20661ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
20671ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\ole32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
20681ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff842620000 'C:\WINDOWS\system32\ole32.dll'
20691ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msctf.dll
20701ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msctf.dll (Input=msctf.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
20711ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8421e0000 'C:\WINDOWS\system32\msctf.dll'
20721ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a50 pwszName=\Device\HarddiskVolume2\Windows\System32\oleacc.dll
20731ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000f39050
20741ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f39050
20751ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3EA90B8085DA7E4B980883F7A985A08EB765E955
20761ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
20771ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
20781ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20791ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
20801ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1536_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume2\Windows\System32\oleacc.dll'
20811ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20821ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20831ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
20841ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'user32.dll'.
20851ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'combase.dll'.
20861ab0.30a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleacc.dll)WinVerifyTrust
20871ab0.30a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleacc.dll
20881ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
20891ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
20901ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll
20911ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20921ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20931ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
20941ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
20951ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20961ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20971ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\oleacc.dll (Input=oleacc.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20981ab0.30a4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleacc.dll
20991ab0.30a4: supR3HardenedDllNotificationCallback: load 00007ff83c8e0000 LB 0x0006a000 C:\WINDOWS\system32\oleacc.dll [fFlags=0x0]
21001ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleacc.dll
21011ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83c8e0000 'C:\WINDOWS\system32\oleacc.dll'
21021ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
21031ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\OLEAUT32.DLL (Input=OLEAUT32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21041ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff842970000 'C:\WINDOWS\system32\OLEAUT32.DLL'
21051ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleacc.dll
21061ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\oleacc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21071ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83c8e0000 'C:\WINDOWS\system32\oleacc.dll'
21081ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
21091ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qtguivbox4.dll'.
21101ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qtcorevbox4.dll'.
21111ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcr100.dll'.
21121ab0.30a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\accessible\qtaccessiblewidgets4.dll)WinVerifyTrust
21131ab0.30a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\accessible\qtaccessiblewidgets4.dll
21141ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
21151ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
21161ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
21171ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
21181ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
21191ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
21201ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
21211ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
21221ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\accessible\qtaccessiblewidgets4.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21231ab0.30a4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\accessible\qtaccessiblewidgets4.dll
21241ab0.30a4: supR3HardenedDllNotificationCallback: load 00007ff830bb0000 LB 0x0003b000 C:\Program Files\Oracle\VirtualBox\accessible\qtaccessiblewidgets4.dll [fFlags=0x0]
21251ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\accessible\qtaccessiblewidgets4.dll
21261ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff830bb0000 'C:\Program Files\Oracle\VirtualBox\accessible\qtaccessiblewidgets4.dll'
21271ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msctf.dll
21281ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
21291ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8421e0000 'C:\WINDOWS\system32\MSCTF.dll'
21301ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
21311ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21321ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff841cb0000 'C:\WINDOWS\system32\kernel32.dll'
21331ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83eaf0000 'C:\WINDOWS\system32\uxtheme.dll'
21341ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
21351ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dwmapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21361ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83e2e0000 'C:\WINDOWS\system32\dwmapi.dll'
21371ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff841e60000 'C:\WINDOWS\system32\user32.dll'
21381ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff841e60000 'C:\WINDOWS\system32\user32.dll'
21391ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
21401ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21411ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff842620000 'C:\WINDOWS\system32\ole32.dll'
21421ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
21431ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21441ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff842970000 'C:\WINDOWS\system32\OLEAUT32.dll'
21451ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b28 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
21461ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000f39050
21471ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f39050
21481ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=423F3447A3399AF560C707709A03AE5E23FA1CAD
21491ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
21501ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
21511ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_746_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll'
21521ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21531ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21541ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
21551ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
21561ab0.30a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll)WinVerifyTrust
21571ab0.30a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
21581ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
21591ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
21601ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b4c pwszName=\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
21611ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000f39050
21621ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f39050
21631ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3E264B83DD0BC4A26011E964C5856C40BC4FD6A4
21641ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
21651ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
21661ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_746_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll'
21671ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21681ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21691ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'ws2_32.dll'.
21701ab0.30a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll)WinVerifyTrust
21711ab0.30a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
21721ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
21731ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
21741ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
21751ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21761ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21771ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
21781ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
21791ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
21801ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
21811ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21821ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21831ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
21841ab0.30a4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
21851ab0.30a4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
21861ab0.30a4: supR3HardenedDllNotificationCallback: load 00007ff8376d0000 LB 0x00082000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [fFlags=0x0]
21871ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
21881ab0.30a4: supR3HardenedDllNotificationCallback: load 00007ff837760000 LB 0x00011000 C:\WINDOWS\system32\wbem\wbemprox.dll [fFlags=0x0]
21891ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
21901ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
21911ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff840000000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
21921ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff837760000 'C:\WINDOWS\system32\wbem\wbemprox.dll'
21931ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b9c pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
21941ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000f39050
21951ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f39050
21961ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=34CAAFAC191912291EB7000AE3D54335A7FD4C18
21971ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
21981ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
21991ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_746_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll'
22001ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
22011ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22021ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
22031ab0.30a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll)WinVerifyTrust
22041ab0.30a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
22051ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
22061ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
22071ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
22081ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22091ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22101ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
22111ab0.30a4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
22121ab0.30a4: supR3HardenedDllNotificationCallback: load 00007ff8366d0000 LB 0x00015000 C:\WINDOWS\system32\wbem\wbemsvc.dll [fFlags=0x0]
22131ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
22141ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8366d0000 'C:\WINDOWS\system32\wbem\wbemsvc.dll'
22151ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
22161ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff840000000 'api-ms-win-core-localization-l1-2-0.dll'
22171ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
22181ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff840000000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
22191ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b50 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
22201ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000f39050
22211ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f39050
22221ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=92F5EA7DEF5292B930D85382B83309F563FFA69F
22231ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
22241ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
22251ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_746_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll'
22261ab0.30a4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
22271ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22281ab0.30a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
22291ab0.30a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll)WinVerifyTrust
22301ab0.30a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
22311ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
22321ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
22331ab0.30a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
22341ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22351ab0.30a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22361ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
22371ab0.30a4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
22381ab0.30a4: supR3HardenedDllNotificationCallback: load 00007ff8366f0000 LB 0x000fb000 C:\WINDOWS\system32\wbem\fastprox.dll [fFlags=0x0]
22391ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
22401ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8366f0000 'C:\WINDOWS\system32\wbem\fastprox.dll'
22411ab0.1844: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
22421ab0.1844: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
22431ab0.1844: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
22441ab0.1844: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
22451ab0.1844: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll)WinVerifyTrust
22461ab0.1844: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
22471ab0.1844: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
22481ab0.1844: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
22491ab0.1844: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
22501ab0.1844: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
22511ab0.1844: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
22521ab0.1844: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
22531ab0.1844: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
22541ab0.1844: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
22551ab0.1844: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll)WinVerifyTrust
22561ab0.1844: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
22571ab0.1844: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
22581ab0.1844: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
22591ab0.1844: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22601ab0.1844: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22611ab0.1844: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
22621ab0.1844: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
22631ab0.1844: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
22641ab0.1844: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
22651ab0.1844: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
22661ab0.1844: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22671ab0.1844: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
22681ab0.1844: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
22691ab0.1844: supR3HardenedDllNotificationCallback: load 000000005e6b0000 LB 0x0010a000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
22701ab0.1844: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
22711ab0.1844: supR3HardenedDllNotificationCallback: load 00007ff81f110000 LB 0x00261000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
22721ab0.1844: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
22731ab0.1844: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f110000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
22741ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
22751ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
22761ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\ole32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
22771ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff842620000 'C:\WINDOWS\system32\ole32.dll'
22781ab0.30a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
22791ab0.30a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
22801ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8331d0000 'C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll'
22811ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
22821ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
22831ab0.2910: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22841ab0.2910: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'.
22851ab0.2910: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'nsi.dll'.
22861ab0.2910: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\netcfgx.dll)WinVerifyTrust
22871ab0.2910: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\netcfgx.dll
22881ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
22891ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
22901ab0.2910: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
22911ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
22921ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
22931ab0.2910: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
22941ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22951ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22961ab0.2910: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\netcfgx.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
22971ab0.2910: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\netcfgx.dll
22981ab0.2910: supR3HardenedDllNotificationCallback: load 00007ff83a250000 LB 0x0007c000 C:\Windows\System32\netcfgx.dll [fFlags=0x0]
22991ab0.2910: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\netcfgx.dll
23001ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83a250000 'C:\Windows\System32\netcfgx.dll'
23011ab0.2910: supR3HardenedDllNotificationCallback: load 00007ff842380000 LB 0x001da000 C:\WINDOWS\system32\SETUPAPI.dll [fFlags=0x0]
23021ab0.2910: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'cfgmgr32.dll'.
23031ab0.2910: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
23041ab0.2910: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
23051ab0.2910: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll)
23061ab0.2910: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
23071ab0.2910: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23081ab0.2910: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\devrtl.dll)
23091ab0.2910: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devrtl.dll
23101ab0.2910: supR3HardenedDllNotificationCallback: load 00007ff83a230000 LB 0x00016000 C:\Windows\System32\devrtl.DLL [fFlags=0x0]
23111ab0.2910: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\devrtl.dll [avoiding WinVerifyTrust]
23121ab0.1748: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000af8 pwszName=\Device\HarddiskVolume2\Windows\System32\devrtl.dll
23131ab0.1748: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000f39050
23141ab0.1748: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f39050
23151ab0.1748: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1BD420FD87C527DD7764DD8C12C3F1C9F0448C71
23161ab0.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23171ab0.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23181ab0.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
23191ab0.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
23201ab0.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23211ab0.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23221ab0.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
23231ab0.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
23241ab0.1748: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
23251ab0.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
23261ab0.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
23271ab0.1748: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1966_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume2\Windows\System32\devrtl.dll'
23281ab0.1748: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
23291ab0.1748: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\devrtl.dll'
23301ab0.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
23311ab0.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
23321ab0.1748: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\setupapi.dll'
23331ab0.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
23341ab0.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
23351ab0.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
23361ab0.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
23371ab0.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
23381ab0.1748: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll)WinVerifyTrust
23391ab0.1748: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
23401ab0.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
23411ab0.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
23421ab0.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
23431ab0.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
23441ab0.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
23451ab0.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
23461ab0.1748: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
23471ab0.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
23481ab0.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
23491ab0.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23501ab0.1748: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
23511ab0.1748: supR3HardenedDllNotificationCallback: load 00007ff835610000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
23521ab0.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
23531ab0.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff835610000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
23541ab0.306c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
23551ab0.306c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
23561ab0.306c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
23571ab0.306c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll)WinVerifyTrust
23581ab0.306c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
23591ab0.306c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
23601ab0.306c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
23611ab0.306c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
23621ab0.306c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
23631ab0.306c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23641ab0.306c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
23651ab0.306c: supR3HardenedDllNotificationCallback: load 00007ff8355a0000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
23661ab0.306c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
23671ab0.306c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8355a0000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
23681ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
23691ab0.9d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
23701ab0.9d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxoglhostcrutil.dll'.
23711ab0.9d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
23721ab0.9d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxvmm.dll'.
23731ab0.9d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxoglrenderspu.dll'.
23741ab0.9d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
23751ab0.9d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ole32.dll'.
23761ab0.9d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'oleaut32.dll'.
23771ab0.9d8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.dll)WinVerifyTrust
23781ab0.9d8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.dll
23791ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
23801ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
23811ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
23821ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
23831ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
23841ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
23851ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglrenderspu.dll'...
23861ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglrenderspu.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxoglrenderspu.dll' [rcNtRedir=0xc0150008]
23871ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
23881ab0.9d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
23891ab0.9d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxoglhostcrutil.dll'.
23901ab0.9d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
23911ab0.9d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
23921ab0.9d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
23931ab0.9d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
23941ab0.9d8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll)WinVerifyTrust
23951ab0.9d8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll
23961ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
23971ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
23981ab0.9d8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
23991ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
24001ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
24011ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglhostcrutil.dll'...
24021ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglhostcrutil.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxoglhostcrutil.dll' [rcNtRedir=0xc0150008]
24031ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
24041ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
24051ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
24061ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
24071ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
24081ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
24091ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
24101ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
24111ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglhostcrutil.dll'...
24121ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglhostcrutil.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxoglhostcrutil.dll' [rcNtRedir=0xc0150008]
24131ab0.9d8: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll'.
24141ab0.9d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
24151ab0.9d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
24161ab0.9d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'shlwapi.dll'.
24171ab0.9d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
24181ab0.9d8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll)
24191ab0.9d8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll
24201ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24211ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
24221ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
24231ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
24241ab0.9d8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
24251ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
24261ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
24271ab0.9d8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
24281ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
24291ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
24301ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24311ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
24321ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
24331ab0.9d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
24341ab0.9d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
24351ab0.9d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'shlwapi.dll'.
24361ab0.9d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
24371ab0.9d8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll)WinVerifyTrust
24381ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24391ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
24401ab0.9d8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
24411ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
24421ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
24431ab0.9d8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
24441ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
24451ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
24461ab0.9d8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
24471ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
24481ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
24491ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24501ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
24511ab0.9d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24521ab0.9d8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.dll
24531ab0.9d8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll [avoiding WinVerifyTrust]
24541ab0.9d8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll
24551ab0.9d8: supR3HardenedDllNotificationCallback: load 00007ff830b70000 LB 0x00033000 C:\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll [fFlags=0x0]
24561ab0.9d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll [avoiding WinVerifyTrust]
24571ab0.9d8: supR3HardenedDllNotificationCallback: load 00007ff830b40000 LB 0x00028000 C:\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll [fFlags=0x0]
24581ab0.9d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll
24591ab0.9d8: supR3HardenedDllNotificationCallback: load 00007ff81f5b0000 LB 0x00128000 C:\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.DLL [fFlags=0x0]
24601ab0.9d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.dll
24611ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f5b0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.DLL'
24621ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
24631ab0.9d8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll'
24641ab0.9d8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-version-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24651ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff840000000 'api-ms-win-core-version-l1-1-0.dll'
24661ab0.9d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll
24671ab0.9d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24681ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff830b40000 'C:\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll'
24691ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
24701ab0.9d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
24711ab0.9d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxoglhostcrutil.dll'.
24721ab0.9d8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll)WinVerifyTrust
24731ab0.9d8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll
24741ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglhostcrutil.dll'...
24751ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglhostcrutil.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxoglhostcrutil.dll' [rcNtRedir=0xc0150008]
24761ab0.9d8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll
24771ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24781ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
24791ab0.9d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24801ab0.9d8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll
24811ab0.9d8: supR3HardenedDllNotificationCallback: load 00007ff832510000 LB 0x0001a000 C:\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll [fFlags=0x0]
24821ab0.9d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll
24831ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff832510000 'C:\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll'
24841ab0.9d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
24851ab0.9d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32/opengl32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24861ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff823410000 'C:\WINDOWS\system32/opengl32.dll'
24871ab0.9d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
24881ab0.9d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\OPENGL32.dll (Input=OPENGL32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24891ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff823410000 'C:\WINDOWS\system32\OPENGL32.dll'
24901ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8405f0000 'C:\WINDOWS\system32\gdi32.dll'
24911ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8405f0000 'C:\WINDOWS\system32\gdi32.dll'
24921ab0.9d8: \Device\HarddiskVolume2\Windows\System32\atig6pxx.dll: Owner is administrators group.
24931ab0.9d8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000cb4 pwszName=\Device\HarddiskVolume2\Windows\System32\atig6pxx.dll
24941ab0.9d8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000f39050
24951ab0.9d8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f39050
24961ab0.9d8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=161017C5F769C658BC691AA2035F101C15D8F012
24971ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
24981ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
24991ab0.9d8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem19.cat'; file='\Device\HarddiskVolume2\Windows\System32\atig6pxx.dll'
25001ab0.9d8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
25011ab0.9d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
25021ab0.9d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
25031ab0.9d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
25041ab0.9d8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\atig6pxx.dll)WinVerifyTrust
25051ab0.9d8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\atig6pxx.dll
25061ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
25071ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
25081ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
25091ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
25101ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
25111ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
25121ab0.9d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\atig6pxx.dll (Input=atig6pxx.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25131ab0.9d8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\atig6pxx.dll
25141ab0.9d8: supR3HardenedDllNotificationCallback: load 00007ff830b20000 LB 0x00018000 C:\WINDOWS\system32\atig6pxx.dll [fFlags=0x0]
25151ab0.9d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\atig6pxx.dll
25161ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff830b20000 'C:\WINDOWS\system32\atig6pxx.dll'
25171ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8405f0000 'C:\WINDOWS\system32\gdi32.dll'
25181ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8405f0000 'C:\WINDOWS\system32\gdi32.dll'
25191ab0.9d8: \Device\HarddiskVolume2\Windows\System32\atio6axx.dll: Owner is administrators group.
25201ab0.9d8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d14 pwszName=\Device\HarddiskVolume2\Windows\System32\atio6axx.dll
25211ab0.9d8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000f39050
25221ab0.9d8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f39050
25231ab0.9d8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8E7F5614A476357E8CABE26E844A619B5913E876
25241ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
25251ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
25261ab0.9d8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem19.cat'; file='\Device\HarddiskVolume2\Windows\System32\atio6axx.dll'
25271ab0.9d8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
25281ab0.9d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
25291ab0.9d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
25301ab0.9d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'version.dll'.
25311ab0.9d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
25321ab0.9d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'setupapi.dll'.
25331ab0.9d8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\atio6axx.dll)WinVerifyTrust
25341ab0.9d8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\atio6axx.dll
25351ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
25361ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
25371ab0.9d8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
25381ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
25391ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
25401ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
25411ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume2\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
25421ab0.9d8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll
25431ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
25441ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
25451ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
25461ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
25471ab0.9d8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
25481ab0.9d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\atio6axx.dll (Input=atio6axx.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25491ab0.9d8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\atio6axx.dll
25501ab0.9d8: supR3HardenedDllNotificationCallback: load 000000005cd00000 LB 0x019a1000 C:\WINDOWS\system32\atio6axx.dll [fFlags=0x0]
25511ab0.9d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\atio6axx.dll
25521ab0.9d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
25531ab0.9d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25541ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff839320000 'C:\WINDOWS\system32\winmm.dll'
25551ab0.9d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
25561ab0.9d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25571ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83e2e0000 'C:\WINDOWS\system32\dwmapi.dll'
25581ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000000005cd00000 'C:\WINDOWS\system32\atio6axx.dll'
25591ab0.9d8: \Device\HarddiskVolume2\Windows\System32\atiadlxx.dll: Owner is administrators group.
25601ab0.9d8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d90 pwszName=\Device\HarddiskVolume2\Windows\System32\atiadlxx.dll
25611ab0.9d8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000f39050
25621ab0.9d8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f39050
25631ab0.9d8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0AE7687CEB6649CF62FAB174524F71BD38B2DEF4
25641ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
25651ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
25661ab0.9d8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem19.cat'; file='\Device\HarddiskVolume2\Windows\System32\atiadlxx.dll'
25671ab0.9d8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
25681ab0.9d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
25691ab0.9d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
25701ab0.9d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'shell32.dll'.
25711ab0.9d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
25721ab0.9d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'propsys.dll'.
25731ab0.9d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
25741ab0.9d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'userenv.dll'.
25751ab0.9d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'wtsapi32.dll'.
25761ab0.9d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'setupapi.dll'.
25771ab0.9d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'psapi.dll'.
25781ab0.9d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'ws2_32.dll'.
25791ab0.9d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'iphlpapi.dll'.
25801ab0.9d8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\atiadlxx.dll)WinVerifyTrust
25811ab0.9d8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\atiadlxx.dll
25821ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
25831ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
25841ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
25851ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
25861ab0.9d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
25871ab0.9d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winnsi.dll'.
25881ab0.9d8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL)WinVerifyTrust
25891ab0.9d8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
25901ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
25911ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
25921ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'psapi.dll'...
25931ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'psapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\psapi.dll' [rcNtRedir=0xc0150008]
25941ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
25951ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
25961ab0.9d8: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\winnsi.dll'.
25971ab0.9d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
25981ab0.9d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
25991ab0.9d8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winnsi.dll)
26001ab0.9d8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winnsi.dll
26011ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
26021ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
26031ab0.9d8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
26041ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
26051ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
26061ab0.9d8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
26071ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
26081ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
26091ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
26101ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
26111ab0.9d8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\psapi.dll)WinVerifyTrust
26121ab0.9d8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\psapi.dll
26131ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
26141ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
26151ab0.9d8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
26161ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wtsapi32.dll'...
26171ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'wtsapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wtsapi32.dll' [rcNtRedir=0xc0150008]
26181ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
26191ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
26201ab0.9d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26211ab0.9d8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wtsapi32.dll)WinVerifyTrust
26221ab0.9d8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wtsapi32.dll
26231ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'...
26241ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume2\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008]
26251ab0.9d8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
26261ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
26271ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
26281ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
26291ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume2\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
26301ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26311ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26321ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
26331ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
26341ab0.9d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26351ab0.9d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
26361ab0.9d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
26371ab0.9d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'combase.dll'.
26381ab0.9d8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\propsys.dll)WinVerifyTrust
26391ab0.9d8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\propsys.dll
26401ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
26411ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
26421ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
26431ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
26441ab0.9d8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
26451ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
26461ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
26471ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
26481ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
26491ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
26501ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
26511ab0.9d8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll
26521ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
26531ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
26541ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
26551ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
26561ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26571ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26581ab0.9d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\atiadlxx.dll (Input=atiadlxx.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26591ab0.9d8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\atiadlxx.dll
26601ab0.9d8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
26611ab0.9d8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wtsapi32.dll
26621ab0.9d8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
26631ab0.9d8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll [avoiding WinVerifyTrust]
26641ab0.9d8: supR3HardenedDllNotificationCallback: load 00007ff83c760000 LB 0x0017f000 C:\WINDOWS\SYSTEM32\PROPSYS.dll [fFlags=0x0]
26651ab0.9d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
26661ab0.9d8: supR3HardenedDllNotificationCallback: load 00007ff83ea00000 LB 0x00012000 C:\WINDOWS\SYSTEM32\WTSAPI32.dll [fFlags=0x0]
26671ab0.9d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wtsapi32.dll
26681ab0.9d8: supR3HardenedDllNotificationCallback: load 00007ff842b00000 LB 0x00007000 C:\WINDOWS\system32\PSAPI.DLL [fFlags=0x0]
26691ab0.9d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\psapi.dll
26701ab0.9d8: supR3HardenedDllNotificationCallback: load 00007ff83c390000 LB 0x0000a000 C:\WINDOWS\SYSTEM32\WINNSI.DLL [fFlags=0x0]
26711ab0.9d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll [avoiding WinVerifyTrust]
26721ab0.9d8: supR3HardenedDllNotificationCallback: load 00007ff83c3b0000 LB 0x0002a000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
26731ab0.9d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
26741ab0.9d8: supR3HardenedDllNotificationCallback: load 00007ff833a50000 LB 0x00128000 C:\WINDOWS\system32\atiadlxx.dll [fFlags=0x0]
26751ab0.9d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\atiadlxx.dll
26761ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff833a50000 'C:\WINDOWS\system32\atiadlxx.dll'
26771ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
26781ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
26791ab0.9d8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\winnsi.dll'
26801ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8405f0000 'C:\WINDOWS\system32\gdi32.dll'
26811ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8405f0000 'C:\WINDOWS\system32\gdi32.dll'
26821ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8405f0000 'C:\WINDOWS\system32\gdi32.dll'
26831ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8405f0000 'C:\WINDOWS\system32\gdi32.dll'
26841ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8405f0000 'C:\WINDOWS\system32\gdi32.dll'
26851ab0.9d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
26861ab0.9d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26871ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8405f0000 'C:\WINDOWS\system32\gdi32.dll'
26881ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8405f0000 'C:\WINDOWS\system32\gdi32.dll'
26891ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff841e60000 'C:\WINDOWS\system32\USER32.DLL'
26901ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff841e60000 'C:\WINDOWS\system32\USER32.DLL'
26911ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff841e60000 'C:\WINDOWS\system32\USER32.DLL'
26921ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff841e60000 'C:\WINDOWS\system32\USER32.DLL'
26931ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff841e60000 'C:\WINDOWS\system32\USER32.DLL'
26941ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff841e60000 'C:\WINDOWS\system32\USER32.DLL'
26951ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff841e60000 'C:\WINDOWS\system32\USER32.DLL'
26961ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff841e60000 'C:\WINDOWS\system32\USER32.DLL'
26971ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff841e60000 'C:\WINDOWS\system32\USER32.DLL'
26981ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff841e60000 'C:\WINDOWS\system32\USER32.DLL'
26991ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8405f0000 'C:\WINDOWS\system32\gdi32.dll'
27001ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8405f0000 'C:\WINDOWS\system32\gdi32.dll'
27011ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8405f0000 'C:\WINDOWS\system32\gdi32.dll'
27021ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8405f0000 'C:\WINDOWS\system32\gdi32.dll'
27031ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8405f0000 'C:\WINDOWS\system32\gdi32.dll'
27041ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8405f0000 'C:\WINDOWS\system32\gdi32.dll'
27051ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8405f0000 'C:\WINDOWS\system32\gdi32.dll'
27061ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8405f0000 'C:\WINDOWS\system32\gdi32.dll'
27071ab0.9d8: \Device\HarddiskVolume2\Windows\System32\atig6txx.dll: Owner is administrators group.
27081ab0.9d8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000dc4 pwszName=\Device\HarddiskVolume2\Windows\System32\atig6txx.dll
27091ab0.9d8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000f39050
27101ab0.9d8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f39050
27111ab0.9d8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5131E6A77BD1CB0A61C3FDD47623989314000B03
27121ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
27131ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
27141ab0.9d8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem19.cat'; file='\Device\HarddiskVolume2\Windows\System32\atig6txx.dll'
27151ab0.9d8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
27161ab0.9d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
27171ab0.9d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
27181ab0.9d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'version.dll'.
27191ab0.9d8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\atig6txx.dll)WinVerifyTrust
27201ab0.9d8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\atig6txx.dll
27211ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
27221ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume2\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
27231ab0.9d8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll
27241ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
27251ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
27261ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
27271ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
27281ab0.9d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\atig6txx.dll (Input=atig6txx.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27291ab0.9d8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\atig6txx.dll
27301ab0.9d8: supR3HardenedDllNotificationCallback: load 00007ff830b00000 LB 0x0001e000 C:\WINDOWS\system32\atig6txx.dll [fFlags=0x0]
27311ab0.9d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\atig6txx.dll
27321ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff830b00000 'C:\WINDOWS\system32\atig6txx.dll'
27331ab0.9d8: \Device\HarddiskVolume2\Windows\System32\aticfx64.dll: Owner is administrators group.
27341ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
27351ab0.9d8: supR3HardNtViCallWinVerifyTrust: WinVerifyTrust failed with 0x800b010a (CERT_E_CHAINING) on '\Device\HarddiskVolume2\Windows\System32\aticfx64.dll'
27361ab0.9d8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000db8 pwszName=\Device\HarddiskVolume2\Windows\System32\aticfx64.dll
27371ab0.9d8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000f39050
27381ab0.9d8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f39050
27391ab0.9d8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1FCA89D4AC1E22D807F853892600E56F58F3213D
27401ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
27411ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
27421ab0.9d8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem19.cat'; file='\Device\HarddiskVolume2\Windows\System32\aticfx64.dll'
27431ab0.9d8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (was CERT_E_CHAINING)
27441ab0.9d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
27451ab0.9d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
27461ab0.9d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'version.dll'.
27471ab0.9d8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\aticfx64.dll)WinVerifyTrust
27481ab0.9d8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\aticfx64.dll
27491ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
27501ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume2\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
27511ab0.9d8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll
27521ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
27531ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
27541ab0.9d8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
27551ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
27561ab0.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
27571ab0.9d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\aticfx64.dll (Input=aticfx64.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27581ab0.9d8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\aticfx64.dll
27591ab0.9d8: supR3HardenedDllNotificationCallback: load 00007ff83cb30000 LB 0x00144000 C:\WINDOWS\system32\aticfx64.dll [fFlags=0x0]
27601ab0.9d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\aticfx64.dll
27611ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83cb30000 'C:\WINDOWS\system32\aticfx64.dll'
27621ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8405f0000 'C:\WINDOWS\system32\gdi32.dll'
27631ab0.9d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
27641ab0.9d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
27651ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83e2e0000 'C:\WINDOWS\system32\dwmapi.dll'
27661ab0.9d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
27671ab0.9d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
27681ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83e2e0000 'C:\WINDOWS\system32\dwmapi.dll'
27691ab0.9d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
27701ab0.9d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
27711ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83e2e0000 'C:\WINDOWS\system32\dwmapi.dll'
27721ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff841e60000 'C:\WINDOWS\system32\USER32.DLL'
27731ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff841e60000 'C:\WINDOWS\system32\USER32.DLL'
27741ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8405f0000 'C:\WINDOWS\system32\gdi32.dll'
27751ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8405f0000 'C:\WINDOWS\system32\gdi32.dll'
27761ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8405f0000 'C:\WINDOWS\system32\gdi32.dll'
27771ab0.9d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
27781ab0.9d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
27791ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83e2e0000 'C:\WINDOWS\system32\dwmapi.dll'
27801ab0.9d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
27811ab0.9d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
27821ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83e2e0000 'C:\WINDOWS\system32\dwmapi.dll'
27831ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83e2e0000 'C:\WINDOWS\system32\dwmapi.dll'
27841ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83e2e0000 'C:\WINDOWS\system32\dwmapi.dll'
27851ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8405f0000 'C:\WINDOWS\system32\gdi32.dll'
27861ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8405f0000 'C:\WINDOWS\system32\gdi32.dll'
27871ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8405f0000 'C:\WINDOWS\system32\gdi32.dll'
27881ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8405f0000 'C:\WINDOWS\system32\gdi32.dll'
27891ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8405f0000 'C:\WINDOWS\system32\gdi32.dll'
27901ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8405f0000 'C:\WINDOWS\system32\gdi32.dll'
27911ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8405f0000 'C:\WINDOWS\system32\gdi32.dll'
27921ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8405f0000 'C:\WINDOWS\system32\gdi32.dll'
27931ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8405f0000 'C:\WINDOWS\system32\gdi32.dll'
27941ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8405f0000 'C:\WINDOWS\system32\gdi32.dll'
27951ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8405f0000 'C:\WINDOWS\system32\gdi32.dll'
27961ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8405f0000 'C:\WINDOWS\system32\gdi32.dll'
27971ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8405f0000 'C:\WINDOWS\system32\gdi32.dll'
27981ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8405f0000 'C:\WINDOWS\system32\gdi32.dll'
27991ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8405f0000 'C:\WINDOWS\system32\gdi32.dll'
28001ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83e2e0000 'C:\WINDOWS\system32\dwmapi.dll'
28011ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83e2e0000 'C:\WINDOWS\system32\dwmapi.dll'
28021ab0.9d8: supR3HardenedDllNotificationCallback: Unload 00007ff830b00000 LB 0x0001e000 C:\WINDOWS\system32\atig6txx.dll [flags=0x0]
28031ab0.9d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\atig6txx.dll
28041ab0.9d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\atig6txx.dll (Input=atig6txx.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28051ab0.9d8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\atig6txx.dll
28061ab0.9d8: supR3HardenedDllNotificationCallback: load 00007ff830b00000 LB 0x0001e000 C:\WINDOWS\system32\atig6txx.dll [fFlags=0x0]
28071ab0.9d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\atig6txx.dll
28081ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff830b00000 'C:\WINDOWS\system32\atig6txx.dll'
28091ab0.9d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\aticfx64.dll
28101ab0.9d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\aticfx64.dll (Input=aticfx64.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28111ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83cb30000 'C:\WINDOWS\system32\aticfx64.dll'
28121ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83e2e0000 'C:\WINDOWS\system32\dwmapi.dll'
28131ab0.9d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
28141ab0.9d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Kernel32.dll (Input=Kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28151ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff841cb0000 'C:\WINDOWS\system32\Kernel32.dll'
28161ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83e2e0000 'C:\WINDOWS\system32\dwmapi.dll'
28171ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83e2e0000 'C:\WINDOWS\system32\dwmapi.dll'
28181ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff841e60000 'C:\WINDOWS\system32\USER32.DLL'
28191ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff841e60000 'C:\WINDOWS\system32\USER32.DLL'
28201ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8405f0000 'C:\WINDOWS\system32\gdi32.dll'
28211ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8405f0000 'C:\WINDOWS\system32\gdi32.dll'
28221ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff841e60000 'C:\WINDOWS\system32\USER32.DLL'
28231ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff841e60000 'C:\WINDOWS\system32\USER32.DLL'
28241ab0.9d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
28251ab0.9d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28261ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8405f0000 'C:\WINDOWS\system32\gdi32.dll'
28271ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8405f0000 'C:\WINDOWS\system32\gdi32.dll'
28281ab0.9d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
28291ab0.9d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
28301ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83e2e0000 'C:\WINDOWS\system32\dwmapi.dll'
28311ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83e2e0000 'C:\WINDOWS\system32\dwmapi.dll'
28321ab0.9d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
28331ab0.9d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\OPENGL32.DLL (Input=OPENGL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28341ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff823410000 'C:\WINDOWS\system32\OPENGL32.DLL'
28351ab0.9d8: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\perf.dll': 0 (NtPath=\??\C:\WINDOWS\system32\perf.dll; Input=perf.dll; rcNtGetDll=0xc0000135
28361ab0.9d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\perf.dll (Input=perf.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28371ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\WINDOWS\system32\perf.dll'
28381ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83e2e0000 'C:\WINDOWS\system32\dwmapi.dll'
28391ab0.9d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
28401ab0.9d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\OPENGL32.dll (Input=OPENGL32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28411ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff823410000 'C:\WINDOWS\system32\OPENGL32.dll'
28421ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff823410000 'C:\WINDOWS\system32\OPENGL32.dll'
28431ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff823410000 'C:\WINDOWS\system32\OPENGL32.dll'
28441ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff823410000 'C:\WINDOWS\system32\OPENGL32.dll'
28451ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff823410000 'C:\WINDOWS\system32\OPENGL32.dll'
28461ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff823410000 'C:\WINDOWS\system32\OPENGL32.dll'
28471ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff823410000 'C:\WINDOWS\system32\OPENGL32.dll'
28481ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff823410000 'C:\WINDOWS\system32\OPENGL32.dll'
28491ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83e2e0000 'C:\WINDOWS\system32\dwmapi.dll'
28501ab0.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83e2e0000 'C:\WINDOWS\system32\dwmapi.dll'
28511ab0.1728: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
28521ab0.1728: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
28531ab0.1728: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
28541ab0.1728: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
28551ab0.1728: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll)WinVerifyTrust
28561ab0.1728: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
28571ab0.1728: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
28581ab0.1728: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
28591ab0.1728: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
28601ab0.1728: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
28611ab0.1728: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
28621ab0.1728: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
28631ab0.1728: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
28641ab0.1728: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28651ab0.1728: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
28661ab0.1728: supR3HardenedDllNotificationCallback: load 00007ff834780000 LB 0x0000f000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
28671ab0.1728: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
28681ab0.1728: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff834780000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
28691ab0.1db4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
28701ab0.1db4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
28711ab0.1db4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
28721ab0.1db4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
28731ab0.1db4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll)WinVerifyTrust
28741ab0.1db4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
28751ab0.1db4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
28761ab0.1db4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
28771ab0.1db4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
28781ab0.1db4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
28791ab0.1db4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
28801ab0.1db4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
28811ab0.1db4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
28821ab0.1db4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28831ab0.1db4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
28841ab0.1db4: supR3HardenedDllNotificationCallback: load 00007ff834530000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
28851ab0.1db4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
28861ab0.1db4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff834530000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
28871ab0.2910: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
28881ab0.2910: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32/Shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28891ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff840790000 'C:\WINDOWS\system32/Shell32.dll'
28901ab0.2910: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
28911ab0.2910: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28921ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f110000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
28931ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
28941ab0.2910: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
28951ab0.2910: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
28961ab0.2910: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
28971ab0.2910: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
28981ab0.2910: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
28991ab0.2910: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll)WinVerifyTrust
29001ab0.2910: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
29011ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
29021ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
29031ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
29041ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
29051ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
29061ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
29071ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
29081ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
29091ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
29101ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
29111ab0.2910: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29121ab0.2910: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
29131ab0.2910: supR3HardenedDllNotificationCallback: load 00007ff82dd50000 LB 0x00033000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
29141ab0.2910: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
29151ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82dd50000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxHostWebcam.DLL'
29161ab0.2910: supR3HardenedDllNotificationCallback: Unload 00007ff82dd50000 LB 0x00033000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
29171ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
29181ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
29191ab0.2910: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
29201ab0.2910: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
29211ab0.2910: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
29221ab0.2910: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
29231ab0.2910: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
29241ab0.2910: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
29251ab0.2910: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
29261ab0.2910: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
29271ab0.2910: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
29281ab0.2910: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
29291ab0.2910: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll)WinVerifyTrust
29301ab0.2910: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
29311ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
29321ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
29331ab0.2910: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
29341ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
29351ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
29361ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
29371ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
29381ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
29391ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
29401ab0.2910: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
29411ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
29421ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
29431ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
29441ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
29451ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
29461ab0.2910: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
29471ab0.2910: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
29481ab0.2910: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
29491ab0.2910: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll)WinVerifyTrust
29501ab0.2910: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
29511ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
29521ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
29531ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
29541ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
29551ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
29561ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
29571ab0.2910: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
29581ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
29591ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
29601ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
29611ab0.2910: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
29621ab0.2910: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
29631ab0.2910: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
29641ab0.2910: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
29651ab0.2910: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'newdev.dll'.
29661ab0.2910: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
29671ab0.2910: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll)WinVerifyTrust
29681ab0.2910: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
29691ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
29701ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
29711ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
29721ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
29731ab0.2910: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
29741ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
29751ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
29761ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
29771ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
29781ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'newdev.dll'...
29791ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: 'newdev.dll' -> '\Device\HarddiskVolume2\Windows\System32\newdev.dll' [rcNtRedir=0xc0150008]
29801ab0.2910: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f58 pwszName=\Device\HarddiskVolume2\Windows\System32\newdev.dll
29811ab0.2910: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000f39050
29821ab0.2910: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f39050
29831ab0.2910: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9B90F53BC1E04734936A6993D9005F5A7C816F8F
29841ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
29851ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
29861ab0.2910: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_868_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume2\Windows\System32\newdev.dll'
29871ab0.2910: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
29881ab0.2910: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29891ab0.2910: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
29901ab0.2910: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
29911ab0.2910: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
29921ab0.2910: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'uxtheme.dll'.
29931ab0.2910: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'cfgmgr32.dll'.
29941ab0.2910: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'setupapi.dll'.
29951ab0.2910: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\newdev.dll)WinVerifyTrust
29961ab0.2910: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\newdev.dll
29971ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
29981ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
29991ab0.2910: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
30001ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
30011ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
30021ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
30031ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
30041ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
30051ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
30061ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
30071ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
30081ab0.2910: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
30091ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
30101ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
30111ab0.2910: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
30121ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uxtheme.dll'...
30131ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: 'uxtheme.dll' -> '\Device\HarddiskVolume2\Windows\System32\uxtheme.dll' [rcNtRedir=0xc0150008]
30141ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
30151ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
30161ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
30171ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
30181ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
30191ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
30201ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
30211ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
30221ab0.2910: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30231ab0.2910: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
30241ab0.2910: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
30251ab0.2910: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
30261ab0.2910: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\newdev.dll
30271ab0.2910: supR3HardenedDllNotificationCallback: load 00007ff8231a0000 LB 0x00056000 C:\WINDOWS\SYSTEM32\newdev.dll [fFlags=0x0]
30281ab0.2910: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\newdev.dll
30291ab0.2910: supR3HardenedDllNotificationCallback: load 00007ff830bf0000 LB 0x00061000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
30301ab0.2910: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
30311ab0.2910: supR3HardenedDllNotificationCallback: load 00007ff82dd50000 LB 0x00035000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
30321ab0.2910: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
30331ab0.2910: supR3HardenedDllNotificationCallback: load 00007ff8042f0000 LB 0x008d1000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
30341ab0.2910: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
30351ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8042f0000 'C:\Program Files\Oracle\VirtualBox/VBoxDD.DLL'
30361ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
30371ab0.2910: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
30381ab0.2910: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30391ab0.2910: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
30401ab0.2910: supR3HardenedDllNotificationCallback: load 00007ff82da00000 LB 0x00033000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
30411ab0.2910: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
30421ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82da00000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxHostWebcam.DLL'
30431ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
30441ab0.2910: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
30451ab0.2910: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30461ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81a460000 'C:\Program Files\Oracle\VirtualBox/VBoxC.DLL'
30471ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
30481ab0.2910: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
30491ab0.2910: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30501ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82dd50000 'C:\Program Files\Oracle\VirtualBox/VBoxDD2.DLL'
30511ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
30521ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
30531ab0.2910: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
30541ab0.2910: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
30551ab0.2910: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll)WinVerifyTrust
30561ab0.2910: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
30571ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
30581ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
30591ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
30601ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
30611ab0.2910: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxEhciR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30621ab0.2910: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
30631ab0.2910: supR3HardenedDllNotificationCallback: load 00007ff82c740000 LB 0x00013000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [fFlags=0x0]
30641ab0.2910: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
30651ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82c740000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxEhciR3.DLL'
30661ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
30671ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
30681ab0.2910: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
30691ab0.2910: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
30701ab0.2910: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll)WinVerifyTrust
30711ab0.2910: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
30721ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
30731ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
30741ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
30751ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
30761ab0.2910: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxUsbCardReaderR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30771ab0.2910: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
30781ab0.2910: supR3HardenedDllNotificationCallback: load 00007ff82c720000 LB 0x00017000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [fFlags=0x0]
30791ab0.2910: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
30801ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82c720000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxUsbCardReaderR3.DLL'
30811ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
30821ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
30831ab0.2910: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
30841ab0.2910: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
30851ab0.2910: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll)WinVerifyTrust
30861ab0.2910: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
30871ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
30881ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
30891ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
30901ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
30911ab0.2910: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxUsbWebcamR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30921ab0.2910: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
30931ab0.2910: supR3HardenedDllNotificationCallback: load 00007ff825ae0000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [fFlags=0x0]
30941ab0.2910: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
30951ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff825ae0000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxUsbWebcamR3.DLL'
30961ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
30971ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
30981ab0.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
30991ab0.2490: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
31001ab0.2490: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
31011ab0.2490: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
31021ab0.2490: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll)WinVerifyTrust
31031ab0.2490: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
31041ab0.2490: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
31051ab0.2490: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
31061ab0.2490: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
31071ab0.2490: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
31081ab0.2490: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
31091ab0.2490: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
31101ab0.2490: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
31111ab0.2490: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
31121ab0.2490: supR3HardenedDllNotificationCallback: load 00007ff834310000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
31131ab0.2490: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
31141ab0.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff834310000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
31151ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f110000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
31161ab0.2910: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
31171ab0.2910: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
31181ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
31191ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
31201ab0.2910: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
31211ab0.2910: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
31221ab0.2910: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll)WinVerifyTrust
31231ab0.2910: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
31241ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
31251ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
31261ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
31271ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
31281ab0.2910: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VDPluginCrypt.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
31291ab0.2910: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
31301ab0.2910: supR3HardenedDllNotificationCallback: load 00007ff835e40000 LB 0x00009000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL [fFlags=0x0]
31311ab0.2910: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
31321ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff835e40000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VDPluginCrypt.DLL'
31331ab0.2910: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001084 pwszName=\Device\HarddiskVolume2\Windows\System32\dsound.dll
31341ab0.2910: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000f39050
31351ab0.2910: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f39050
31361ab0.2910: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DF2CE4B6EA46F5759902C86AAA15DD883AC6DD4E
31371ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
31381ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
31391ab0.2910: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_779_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume2\Windows\System32\dsound.dll'
31401ab0.2910: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
31411ab0.2910: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
31421ab0.2910: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
31431ab0.2910: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
31441ab0.2910: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
31451ab0.2910: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winmm.dll'.
31461ab0.2910: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'powrprof.dll'.
31471ab0.2910: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dsound.dll)WinVerifyTrust
31481ab0.2910: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dsound.dll
31491ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'powrprof.dll'...
31501ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: 'powrprof.dll' -> '\Device\HarddiskVolume2\Windows\System32\powrprof.dll' [rcNtRedir=0xc0150008]
31511ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
31521ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
31531ab0.2910: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
31541ab0.2910: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
31551ab0.2910: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\powrprof.dll)WinVerifyTrust
31561ab0.2910: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\powrprof.dll
31571ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
31581ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
31591ab0.2910: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
31601ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
31611ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
31621ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
31631ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
31641ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
31651ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
31661ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
31671ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
31681ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
31691ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
31701ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
31711ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
31721ab0.2910: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
31731ab0.2910: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
31741ab0.2910: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\powrprof.dll
31751ab0.2910: supR3HardenedDllNotificationCallback: load 00007ff83f4d0000 LB 0x00046000 C:\WINDOWS\System32\POWRPROF.dll [fFlags=0x0]
31761ab0.2910: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\powrprof.dll
31771ab0.2910: supR3HardenedDllNotificationCallback: load 00007ff81dca0000 LB 0x0009d000 C:\WINDOWS\System32\dsound.dll [fFlags=0x0]
31781ab0.2910: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
31791ab0.2910: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
31801ab0.2910: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
31811ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81dca0000 'C:\WINDOWS\System32\dsound.dll'
31821ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81dca0000 'C:\WINDOWS\System32\dsound.dll'
31831ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
31841ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
31851ab0.2910: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
31861ab0.2910: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'rpcrt4.dll'.
31871ab0.2910: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'devobj.dll'.
31881ab0.2910: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll)WinVerifyTrust
31891ab0.2910: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
31901ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
31911ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
31921ab0.2910: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
31931ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
31941ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
31951ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
31961ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
31971ab0.2910: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
31981ab0.2910: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
31991ab0.2910: supR3HardenedDllNotificationCallback: load 00007ff83d580000 LB 0x00070000 C:\WINDOWS\System32\MMDevApi.dll [fFlags=0x0]
32001ab0.2910: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
32011ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83d580000 'C:\WINDOWS\System32\MMDevApi.dll'
32021ab0.2910: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
32031ab0.2910: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32041ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83d580000 'C:\WINDOWS\system32\MMDEVAPI.DLL'
32051ab0.11a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
32061ab0.11a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
32071ab0.11a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
32081ab0.11a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
32091ab0.11a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
32101ab0.11a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'mmdevapi.dll'.
32111ab0.11a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'combase.dll'.
32121ab0.11a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\AudioSes.dll)WinVerifyTrust
32131ab0.11a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
32141ab0.11a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
32151ab0.11a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
32161ab0.11a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll
32171ab0.11a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
32181ab0.11a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
32191ab0.11a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
32201ab0.11a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
32211ab0.11a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
32221ab0.11a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
32231ab0.11a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
32241ab0.11a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
32251ab0.11a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
32261ab0.11a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32271ab0.11a4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
32281ab0.11a4: supR3HardenedDllNotificationCallback: load 00007ff837780000 LB 0x0007e000 C:\WINDOWS\system32\AUDIOSES.DLL [fFlags=0x0]
32291ab0.11a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
32301ab0.11a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff837780000 'C:\WINDOWS\system32\AUDIOSES.DLL'
32311ab0.2910: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
32321ab0.2910: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32331ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff839320000 'C:\WINDOWS\system32\winmm.dll'
32341ab0.2910: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000010e8 pwszName=\Device\HarddiskVolume2\Windows\System32\wdmaud.drv
32351ab0.2910: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000f39050
32361ab0.2910: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f39050
32371ab0.2910: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=39D0975C289FEE943955B8CE81B02A0395FAA747
32381ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
32391ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
32401ab0.2910: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_779_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume2\Windows\System32\wdmaud.drv'
32411ab0.2910: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
32421ab0.2910: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
32431ab0.2910: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'mmdevapi.dll'.
32441ab0.2910: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'user32.dll'.
32451ab0.2910: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'winmm.dll'.
32461ab0.2910: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'ksuser.dll'.
32471ab0.2910: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'avrt.dll'.
32481ab0.2910: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wdmaud.drv)WinVerifyTrust
32491ab0.2910: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
32501ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
32511ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
32521ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
32531ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
32541ab0.2910: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\avrt.dll)WinVerifyTrust
32551ab0.2910: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\avrt.dll
32561ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
32571ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume2\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
32581ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
32591ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
32601ab0.2910: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
32611ab0.2910: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ksuser.dll)WinVerifyTrust
32621ab0.2910: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ksuser.dll
32631ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
32641ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
32651ab0.2910: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
32661ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
32671ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
32681ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
32691ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
32701ab0.2910: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
32711ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
32721ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
32731ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
32741ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
32751ab0.2910: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32761ab0.2910: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
32771ab0.2910: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
32781ab0.2910: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
32791ab0.2910: supR3HardenedDllNotificationCallback: load 00007ff83c4a0000 LB 0x00008000 C:\WINDOWS\SYSTEM32\ksuser.dll [fFlags=0x0]
32801ab0.2910: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
32811ab0.2910: supR3HardenedDllNotificationCallback: load 00007ff83d540000 LB 0x0000c000 C:\WINDOWS\SYSTEM32\AVRT.dll [fFlags=0x0]
32821ab0.2910: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
32831ab0.2910: supR3HardenedDllNotificationCallback: load 00007ff835b30000 LB 0x0003e000 C:\WINDOWS\system32\wdmaud.drv [fFlags=0x0]
32841ab0.2910: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
32851ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff835b30000 'C:\WINDOWS\system32\wdmaud.drv'
32861ab0.2910: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
32871ab0.2910: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32881ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff835b30000 'C:\WINDOWS\system32\wdmaud.drv'
32891ab0.2910: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
32901ab0.2910: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32911ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff835b30000 'C:\WINDOWS\system32\wdmaud.drv'
32921ab0.2910: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
32931ab0.2910: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32941ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff835b30000 'C:\WINDOWS\system32\wdmaud.drv'
32951ab0.2910: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
32961ab0.2910: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32971ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff835b30000 'C:\WINDOWS\system32\wdmaud.drv'
32981ab0.2910: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
32991ab0.2910: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33001ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff835b30000 'C:\WINDOWS\system32\wdmaud.drv'
33011ab0.2910: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
33021ab0.2910: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33031ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff835b30000 'C:\WINDOWS\system32\wdmaud.drv'
33041ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff835b30000 'C:\WINDOWS\system32\wdmaud.drv'
33051ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff835b30000 'C:\WINDOWS\system32\wdmaud.drv'
33061ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff835b30000 'C:\WINDOWS\system32\wdmaud.drv'
33071ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff835b30000 'C:\WINDOWS\system32\wdmaud.drv'
33081ab0.2910: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001134 pwszName=\Device\HarddiskVolume2\Windows\System32\msacm32.drv
33091ab0.2910: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000f39050
33101ab0.2910: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f39050
33111ab0.2910: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FC41C5E1A841A83249581F1B29E14A708B8981A9
33121ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
33131ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
33141ab0.2910: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_779_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume2\Windows\System32\msacm32.drv'
33151ab0.2910: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
33161ab0.2910: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
33171ab0.2910: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
33181ab0.2910: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
33191ab0.2910: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msacm32.dll'.
33201ab0.2910: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'mmdevapi.dll'.
33211ab0.2910: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.drv)WinVerifyTrust
33221ab0.2910: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.drv
33231ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
33241ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
33251ab0.2910: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
33261ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
33271ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
33281ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
33291ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
33301ab0.2910: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
33311ab0.2910: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.dll)WinVerifyTrust
33321ab0.2910: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.dll
33331ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
33341ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
33351ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
33361ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
33371ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
33381ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
33391ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
33401ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
33411ab0.2910: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33421ab0.2910: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
33431ab0.2910: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
33441ab0.2910: supR3HardenedDllNotificationCallback: load 00007ff835830000 LB 0x0001c000 C:\WINDOWS\SYSTEM32\MSACM32.dll [fFlags=0x0]
33451ab0.2910: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
33461ab0.2910: supR3HardenedDllNotificationCallback: load 00007ff835850000 LB 0x0000b000 C:\WINDOWS\system32\msacm32.drv [fFlags=0x0]
33471ab0.2910: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
33481ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff835850000 'C:\WINDOWS\system32\msacm32.drv'
33491ab0.2910: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
33501ab0.2910: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33511ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff835850000 'C:\WINDOWS\system32\msacm32.drv'
33521ab0.2910: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
33531ab0.2910: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33541ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff835850000 'C:\WINDOWS\system32\msacm32.drv'
33551ab0.2910: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
33561ab0.2910: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33571ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff835850000 'C:\WINDOWS\system32\msacm32.drv'
33581ab0.2910: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
33591ab0.2910: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33601ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff835850000 'C:\WINDOWS\system32\msacm32.drv'
33611ab0.2910: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
33621ab0.2910: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33631ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff835850000 'C:\WINDOWS\system32\msacm32.drv'
33641ab0.2910: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
33651ab0.2910: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33661ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff835850000 'C:\WINDOWS\system32\msacm32.drv'
33671ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff835850000 'C:\WINDOWS\system32\msacm32.drv'
33681ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff835850000 'C:\WINDOWS\system32\msacm32.drv'
33691ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff835850000 'C:\WINDOWS\system32\msacm32.drv'
33701ab0.2910: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000112c pwszName=\Device\HarddiskVolume2\Windows\System32\midimap.dll
33711ab0.2910: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000f39050
33721ab0.2910: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f39050
33731ab0.2910: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A0F2984C30BFC77017EA7B9BF6F656853E29D991
33741ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
33751ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8401d0000 'C:\WINDOWS\system32\crypt32.dll'
33761ab0.2910: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_779_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume2\Windows\System32\midimap.dll'
33771ab0.2910: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
33781ab0.2910: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
33791ab0.2910: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
33801ab0.2910: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
33811ab0.2910: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\midimap.dll)WinVerifyTrust
33821ab0.2910: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\midimap.dll
33831ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
33841ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
33851ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
33861ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
33871ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
33881ab0.2910: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
33891ab0.2910: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33901ab0.2910: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
33911ab0.2910: supR3HardenedDllNotificationCallback: load 00007ff835820000 LB 0x0000a000 C:\WINDOWS\system32\midimap.dll [fFlags=0x0]
33921ab0.2910: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
33931ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff835820000 'C:\WINDOWS\system32\midimap.dll'
33941ab0.2910: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
33951ab0.2910: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33961ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff835820000 'C:\WINDOWS\system32\midimap.dll'
33971ab0.2910: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
33981ab0.2910: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33991ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff835820000 'C:\WINDOWS\system32\midimap.dll'
34001ab0.2910: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
34011ab0.2910: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
34021ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff835820000 'C:\WINDOWS\system32\midimap.dll'
34031ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff839320000 'C:\WINDOWS\system32\winmm.dll'
34041ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff839320000 'C:\WINDOWS\system32\winmm.dll'
34051ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff839320000 'C:\WINDOWS\system32\winmm.dll'
34061ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff839320000 'C:\WINDOWS\system32\winmm.dll'
34071ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff839320000 'C:\WINDOWS\system32\winmm.dll'
34081ab0.2910: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
34091ab0.2910: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
34101ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff839320000 'C:\WINDOWS\system32\winmm.dll'
34111ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff839320000 'C:\WINDOWS\system32\winmm.dll'
34121ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff839320000 'C:\WINDOWS\system32\winmm.dll'
34131ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f110000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
34141ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83f390000 'C:\WINDOWS\system32\rsaenh.dll'
34151ab0.2910: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
34161ab0.2910: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32/kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
34171ab0.2910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff841cb0000 'C:\WINDOWS\system32/kernel32.dll'
34181ab0.30a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff83e2e0000 'C:\WINDOWS\system32\dwmapi.dll'

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy