VirtualBox

Ticket #14634: VBoxStartup.log

File VBoxStartup.log, 376.0 KB (added by Centurion, 9 years ago)
Line 
11164.2780: Log file opened: 5.0.5r102814 g_hStartupLog=0000000000000058 g_uNtVerCombined=0xa0280000
21164.2780: \SystemRoot\System32\ntdll.dll:
31164.2780: CreationTime: 2015-08-16T21:06:31.032400500Z
41164.2780: LastWriteTime: 2015-08-08T07:29:58.168349600Z
51164.2780: ChangeTime: 2015-08-19T18:14:19.350633100Z
61164.2780: FileAttributes: 0x20
71164.2780: Size: 0x1bce48
81164.2780: NT Headers: 0xd8
91164.2780: Timestamp: 0x55c59f92
101164.2780: Machine: 0x8664 - amd64
111164.2780: Timestamp: 0x55c59f92
121164.2780: Image Version: 10.0
131164.2780: SizeOfImage: 0x1c1000 (1839104)
141164.2780: Resource Dir: 0x15a000 LB 0x65718
151164.2780: ProductName: Microsoft® Windows® Operating System
161164.2780: ProductVersion: 10.0.10240.16430
171164.2780: FileVersion: 10.0.10240.16430 (th1.150807-2049)
181164.2780: FileDescription: NT Layer DLL
191164.2780: \SystemRoot\System32\kernel32.dll:
201164.2780: CreationTime: 2015-07-10T10:59:59.699781600Z
211164.2780: LastWriteTime: 2015-07-10T10:59:59.699781600Z
221164.2780: ChangeTime: 2015-08-16T23:00:47.247867200Z
231164.2780: FileAttributes: 0x20
241164.2780: Size: 0xab830
251164.2780: NT Headers: 0xf0
261164.2780: Timestamp: 0x559f38ad
271164.2780: Machine: 0x8664 - amd64
281164.2780: Timestamp: 0x559f38ad
291164.2780: Image Version: 10.0
301164.2780: SizeOfImage: 0xad000 (708608)
311164.2780: Resource Dir: 0xab000 LB 0x518
321164.2780: ProductName: Microsoft® Windows® Operating System
331164.2780: ProductVersion: 10.0.10240.16384
341164.2780: FileVersion: 10.0.10240.16384 (th1.150709-1700)
351164.2780: FileDescription: Windows NT BASE API Client DLL
361164.2780: \SystemRoot\System32\KernelBase.dll:
371164.2780: CreationTime: 2015-07-10T11:00:10.325689700Z
381164.2780: LastWriteTime: 2015-07-10T11:00:10.325689700Z
391164.2780: ChangeTime: 2015-08-16T23:00:47.247867200Z
401164.2780: FileAttributes: 0x20
411164.2780: Size: 0x1dc680
421164.2780: NT Headers: 0x100
431164.2780: Timestamp: 0x559f38c3
441164.2780: Machine: 0x8664 - amd64
451164.2780: Timestamp: 0x559f38c3
461164.2780: Image Version: 10.0
471164.2780: SizeOfImage: 0x1dd000 (1953792)
481164.2780: Resource Dir: 0x1c7000 LB 0x530
491164.2780: ProductName: Microsoft® Windows® Operating System
501164.2780: ProductVersion: 10.0.10240.16384
511164.2780: FileVersion: 10.0.10240.16384 (th1.150709-1700)
521164.2780: FileDescription: Windows NT BASE API Client DLL
531164.2780: \SystemRoot\System32\apisetschema.dll:
541164.2780: CreationTime: 2015-07-10T11:00:04.872098600Z
551164.2780: LastWriteTime: 2015-07-10T11:00:04.872098600Z
561164.2780: ChangeTime: 2015-08-16T23:00:45.516391600Z
571164.2780: FileAttributes: 0x20
581164.2780: Size: 0x16760
591164.2780: NT Headers: 0xc8
601164.2780: Timestamp: 0x559f3e3d
611164.2780: Machine: 0x8664 - amd64
621164.2780: Timestamp: 0x559f3e3d
631164.2780: Image Version: 10.0
641164.2780: SizeOfImage: 0x17000 (94208)
651164.2780: Resource Dir: 0x16000 LB 0x3f0
661164.2780: ProductName: Microsoft® Windows® Operating System
671164.2780: ProductVersion: 10.0.10240.16384
681164.2780: FileVersion: 10.0.10240.16384 (th1.150709-1700)
691164.2780: FileDescription: ApiSet Schema DLL
701164.2780: NtOpenDirectoryObject failed on \Driver: 0xc0000022
711164.2780: supR3HardenedWinFindAdversaries: 0x0
721164.2780: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
731164.2780: Calling main()
741164.2780: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
751164.2780: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
761164.2780: SUPR3HardenedMain: Respawn #1
771164.2780: System32: \Device\HarddiskVolume2\Windows\System32
781164.2780: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
791164.2780: KnownDllPath: C:\WINDOWS\system32
801164.2780: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
811164.2780: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
821164.2780: supR3HardNtEnableThreadCreation:
831164.2780: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff8fe73fb70 pvNtTerminateThread=00007ff8fe763a20
841164.2780: supR3HardenedWinDoReSpawn(1): New child 25cc.279c [kernel32].
851164.2780: supR3HardNtChildGatherData: PebBaseAddress=00007ff79bf93000 cbPeb=0x388
861164.2780: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff8fe6d0000 uNtDllChildAddr=00007ff8fe6d0000
871164.2780: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff8fe73fb70
881164.2780: supR3HardenedWinSetupChildInit: Start child.
891164.2780: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
901164.2780: supR3HardNtChildPurify: Startup delay kludge #1/0: 260 ms, 29 sleeps
911164.2780: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
921164.2780: *0000000000000000-ffffffffffb3ffff 0x0001/0x0000 0x0000000
931164.2780: *00000000004c0000-000000000049ffff 0x0004/0x0004 0x0020000
941164.2780: *00000000004e0000-00000000004cbfff 0x0002/0x0002 0x0040000
951164.2780: 00000000004f4000-00000000004e7fff 0x0001/0x0000 0x0000000
961164.2780: *0000000000500000-0000000000403fff 0x0000/0x0004 0x0020000
971164.2780: 00000000005fc000-00000000005f8fff 0x0104/0x0004 0x0020000
981164.2780: 00000000005ff000-00000000005fdfff 0x0004/0x0004 0x0020000
991164.2780: *0000000000600000-00000000005fbfff 0x0002/0x0002 0x0040000
1001164.2780: 0000000000604000-00000000005f7fff 0x0001/0x0000 0x0000000
1011164.2780: *0000000000610000-000000000060dfff 0x0004/0x0004 0x0020000
1021164.2780: 0000000000612000-ffffffff80c43fff 0x0001/0x0000 0x0000000
1031164.2780: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
1041164.2780: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
1051164.2780: 000000007fff0000-ffff80096406ffff 0x0001/0x0000 0x0000000
1061164.2780: *00007ff79bf70000-00007ff79bf4cfff 0x0002/0x0002 0x0040000
1071164.2780: *00007ff79bf93000-00007ff79bf91fff 0x0004/0x0004 0x0020000
1081164.2780: 00007ff79bf94000-00007ff79bf89fff 0x0001/0x0000 0x0000000
1091164.2780: *00007ff79bf9e000-00007ff79bf9bfff 0x0004/0x0004 0x0020000
1101164.2780: 00007ff79bfa0000-00007ff79b25ffff 0x0001/0x0000 0x0000000
1111164.2780: *00007ff79cce0000-00007ff79cce0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1121164.2780: 00007ff79cce1000-00007ff79cd67fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1131164.2780: 00007ff79cd68000-00007ff79cd68fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1141164.2780: 00007ff79cd69000-00007ff79cdb3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1151164.2780: 00007ff79cdb4000-00007ff79cdb4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1161164.2780: 00007ff79cdb5000-00007ff79cdb5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1171164.2780: 00007ff79cdb6000-00007ff79cdbafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1181164.2780: 00007ff79cdbb000-00007ff79cdbbfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1191164.2780: 00007ff79cdbc000-00007ff79cdbcfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1201164.2780: 00007ff79cdbd000-00007ff79cdc0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1211164.2780: 00007ff79cdc1000-00007ff79ce0bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1221164.2780: 00007ff79ce0c000-00007ff63b547fff 0x0001/0x0000 0x0000000
1231164.2780: *00007ff8fe6d0000-00007ff8fe6d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1241164.2780: 00007ff8fe6d1000-00007ff8fe7ccfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1251164.2780: 00007ff8fe7cd000-00007ff8fe80efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1261164.2780: 00007ff8fe80f000-00007ff8fe817fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1271164.2780: 00007ff8fe818000-00007ff8fe825fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1281164.2780: 00007ff8fe826000-00007ff8fe826fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1291164.2780: 00007ff8fe827000-00007ff8fe829fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1301164.2780: 00007ff8fe82a000-00007ff8fe890fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1311164.2780: 00007ff8fe891000-00007ff1fd141fff 0x0001/0x0000 0x0000000
1321164.2780: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
1331164.2780: VirtualBox.exe: timestamp 0x56015c6c (rc=VINF_SUCCESS)
1341164.2780: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
1351164.2780: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
1361164.2780: supR3HardNtChildPurify: Done after 291 ms and 0 fixes (loop #0).
1371164.2780: supR3HardNtEnableThreadCreation:
13825cc.279c: Log file opened: 5.0.5r102814 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa0280000
13925cc.279c: supR3HardenedVmProcessInit: uNtDllAddr=00007ff8fe6d0000
14025cc.279c: ntdll.dll: timestamp 0x55c59f92 (rc=VINF_SUCCESS)
14125cc.279c: New simple heap: #1 0000000000720000 LB 0x400000 (for 1839104 allocation)
14225cc.279c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
14325cc.279c: System32: \Device\HarddiskVolume2\Windows\System32
14425cc.279c: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
14525cc.279c: KnownDllPath: C:\WINDOWS\system32
14625cc.279c: supR3HardenedVmProcessInit: Opening vboxdrv stub...
14725cc.279c: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
14825cc.279c: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
14925cc.279c: Registered Dll notification callback with NTDLL.
15025cc.279c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
15125cc.279c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
15225cc.279c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801:<flags> [calling]
15325cc.279c: supR3HardenedDllNotificationCallback: load 00007ff8fb590000 LB 0x001dd000 C:\WINDOWS\system32\KERNELBASE.dll [fFlags=0x0]
15425cc.279c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
15525cc.279c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
15625cc.279c: supR3HardenedDllNotificationCallback: load 00007ff8fcb60000 LB 0x000ad000 C:\WINDOWS\system32\KERNEL32.DLL [fFlags=0x0]
15725cc.279c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
15825cc.279c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fcb60000 'C:\WINDOWS\system32\KERNEL32.DLL'
15925cc.279c: supR3HardenedDllNotificationCallback: load 00007ff79cce0000 LB 0x0012c000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
16025cc.279c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
16125cc.279c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
16225cc.279c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
16325cc.279c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff8fe73fb70 pvNtTerminateThread=00007ff8fe763a20
1641164.2780: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 75 ms.
16525cc.279c: \SystemRoot\System32\ntdll.dll:
16625cc.279c: CreationTime: 2015-08-16T21:06:31.032400500Z
16725cc.279c: LastWriteTime: 2015-08-08T07:29:58.168349600Z
16825cc.279c: ChangeTime: 2015-08-19T18:14:19.350633100Z
16925cc.279c: FileAttributes: 0x20
17025cc.279c: Size: 0x1bce48
17125cc.279c: NT Headers: 0xd8
17225cc.279c: Timestamp: 0x55c59f92
17325cc.279c: Machine: 0x8664 - amd64
17425cc.279c: Timestamp: 0x55c59f92
17525cc.279c: Image Version: 10.0
17625cc.279c: SizeOfImage: 0x1c1000 (1839104)
17725cc.279c: Resource Dir: 0x15a000 LB 0x65718
17825cc.279c: ProductName: Microsoft® Windows® Operating System
17925cc.279c: ProductVersion: 10.0.10240.16430
18025cc.279c: FileVersion: 10.0.10240.16430 (th1.150807-2049)
18125cc.279c: FileDescription: NT Layer DLL
18225cc.279c: \SystemRoot\System32\kernel32.dll:
18325cc.279c: CreationTime: 2015-07-10T10:59:59.699781600Z
18425cc.279c: LastWriteTime: 2015-07-10T10:59:59.699781600Z
18525cc.279c: ChangeTime: 2015-08-16T23:00:47.247867200Z
18625cc.279c: FileAttributes: 0x20
18725cc.279c: Size: 0xab830
18825cc.279c: NT Headers: 0xf0
18925cc.279c: Timestamp: 0x559f38ad
19025cc.279c: Machine: 0x8664 - amd64
19125cc.279c: Timestamp: 0x559f38ad
19225cc.279c: Image Version: 10.0
19325cc.279c: SizeOfImage: 0xad000 (708608)
19425cc.279c: Resource Dir: 0xab000 LB 0x518
19525cc.279c: ProductName: Microsoft® Windows® Operating System
19625cc.279c: ProductVersion: 10.0.10240.16384
19725cc.279c: FileVersion: 10.0.10240.16384 (th1.150709-1700)
19825cc.279c: FileDescription: Windows NT BASE API Client DLL
19925cc.279c: \SystemRoot\System32\KernelBase.dll:
20025cc.279c: CreationTime: 2015-07-10T11:00:10.325689700Z
20125cc.279c: LastWriteTime: 2015-07-10T11:00:10.325689700Z
20225cc.279c: ChangeTime: 2015-08-16T23:00:47.247867200Z
20325cc.279c: FileAttributes: 0x20
20425cc.279c: Size: 0x1dc680
20525cc.279c: NT Headers: 0x100
20625cc.279c: Timestamp: 0x559f38c3
20725cc.279c: Machine: 0x8664 - amd64
20825cc.279c: Timestamp: 0x559f38c3
20925cc.279c: Image Version: 10.0
21025cc.279c: SizeOfImage: 0x1dd000 (1953792)
21125cc.279c: Resource Dir: 0x1c7000 LB 0x530
21225cc.279c: ProductName: Microsoft® Windows® Operating System
21325cc.279c: ProductVersion: 10.0.10240.16384
21425cc.279c: FileVersion: 10.0.10240.16384 (th1.150709-1700)
21525cc.279c: FileDescription: Windows NT BASE API Client DLL
21625cc.279c: \SystemRoot\System32\apisetschema.dll:
21725cc.279c: CreationTime: 2015-07-10T11:00:04.872098600Z
21825cc.279c: LastWriteTime: 2015-07-10T11:00:04.872098600Z
21925cc.279c: ChangeTime: 2015-08-16T23:00:45.516391600Z
22025cc.279c: FileAttributes: 0x20
22125cc.279c: Size: 0x16760
22225cc.279c: NT Headers: 0xc8
22325cc.279c: Timestamp: 0x559f3e3d
22425cc.279c: Machine: 0x8664 - amd64
22525cc.279c: Timestamp: 0x559f3e3d
22625cc.279c: Image Version: 10.0
22725cc.279c: SizeOfImage: 0x17000 (94208)
22825cc.279c: Resource Dir: 0x16000 LB 0x3f0
22925cc.279c: ProductName: Microsoft® Windows® Operating System
23025cc.279c: ProductVersion: 10.0.10240.16384
23125cc.279c: FileVersion: 10.0.10240.16384 (th1.150709-1700)
23225cc.279c: FileDescription: ApiSet Schema DLL
23325cc.279c: NtOpenDirectoryObject failed on \Driver: 0xc0000022
23425cc.279c: supR3HardenedWinFindAdversaries: 0x0
23525cc.279c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
23625cc.279c: Calling main()
23725cc.279c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
23825cc.279c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
23925cc.279c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
24025cc.279c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
24125cc.279c: SUPR3HardenedMain: Respawn #2
24225cc.279c: supR3HardNtEnableThreadCreation:
24325cc.279c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff8fe73fb70 pvNtTerminateThread=00007ff8fe763a20
24425cc.279c: supR3HardenedWinDoReSpawn(2): New child 1cb8.1f08 [kernel32].
24525cc.279c: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
24625cc.279c: supR3HardNtChildGatherData: PebBaseAddress=00007ff79c133000 cbPeb=0x388
24725cc.279c: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff8fe6d0000 uNtDllChildAddr=00007ff8fe6d0000
24825cc.279c: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff8fe73fb70
24925cc.279c: supR3HardenedWinSetupChildInit: Start child.
25025cc.279c: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
25125cc.279c: supR3HardNtChildPurify: Startup delay kludge #1/0: 261 ms, 29 sleeps
25225cc.279c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
25325cc.279c: *0000000000000000-ffffffffff76ffff 0x0001/0x0000 0x0000000
25425cc.279c: *0000000000890000-000000000086ffff 0x0004/0x0004 0x0020000
25525cc.279c: *00000000008b0000-000000000089bfff 0x0002/0x0002 0x0040000
25625cc.279c: 00000000008c4000-00000000008b7fff 0x0001/0x0000 0x0000000
25725cc.279c: *00000000008d0000-00000000007d3fff 0x0000/0x0004 0x0020000
25825cc.279c: 00000000009cc000-00000000009c8fff 0x0104/0x0004 0x0020000
25925cc.279c: 00000000009cf000-00000000009cdfff 0x0004/0x0004 0x0020000
26025cc.279c: *00000000009d0000-00000000009cbfff 0x0002/0x0002 0x0040000
26125cc.279c: 00000000009d4000-00000000009c7fff 0x0001/0x0000 0x0000000
26225cc.279c: *00000000009e0000-00000000009ddfff 0x0004/0x0004 0x0020000
26325cc.279c: 00000000009e2000-ffffffff813e3fff 0x0001/0x0000 0x0000000
26425cc.279c: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
26525cc.279c: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
26625cc.279c: 000000007fff0000-ffff800963ecffff 0x0001/0x0000 0x0000000
26725cc.279c: *00007ff79c110000-00007ff79c0ecfff 0x0002/0x0002 0x0040000
26825cc.279c: *00007ff79c133000-00007ff79c131fff 0x0004/0x0004 0x0020000
26925cc.279c: 00007ff79c134000-00007ff79c129fff 0x0001/0x0000 0x0000000
27025cc.279c: *00007ff79c13e000-00007ff79c13bfff 0x0004/0x0004 0x0020000
27125cc.279c: 00007ff79c140000-00007ff79b59ffff 0x0001/0x0000 0x0000000
27225cc.279c: *00007ff79cce0000-00007ff79cce0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
27325cc.279c: 00007ff79cce1000-00007ff79cd67fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
27425cc.279c: 00007ff79cd68000-00007ff79cd68fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
27525cc.279c: 00007ff79cd69000-00007ff79cdb3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
27625cc.279c: 00007ff79cdb4000-00007ff79cdb4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
27725cc.279c: 00007ff79cdb5000-00007ff79cdb5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
27825cc.279c: 00007ff79cdb6000-00007ff79cdbafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
27925cc.279c: 00007ff79cdbb000-00007ff79cdbbfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
28025cc.279c: 00007ff79cdbc000-00007ff79cdbcfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
28125cc.279c: 00007ff79cdbd000-00007ff79cdc0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
28225cc.279c: 00007ff79cdc1000-00007ff79ce0bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
28325cc.279c: 00007ff79ce0c000-00007ff63b547fff 0x0001/0x0000 0x0000000
28425cc.279c: *00007ff8fe6d0000-00007ff8fe6d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
28525cc.279c: 00007ff8fe6d1000-00007ff8fe7ccfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
28625cc.279c: 00007ff8fe7cd000-00007ff8fe80efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
28725cc.279c: 00007ff8fe80f000-00007ff8fe817fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
28825cc.279c: 00007ff8fe818000-00007ff8fe825fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
28925cc.279c: 00007ff8fe826000-00007ff8fe826fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
29025cc.279c: 00007ff8fe827000-00007ff8fe829fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
29125cc.279c: 00007ff8fe82a000-00007ff8fe890fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
29225cc.279c: 00007ff8fe891000-00007ff1fd141fff 0x0001/0x0000 0x0000000
29325cc.279c: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
29425cc.279c: VirtualBox.exe: timestamp 0x56015c6c (rc=VINF_SUCCESS)
29525cc.279c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
29625cc.279c: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
29725cc.279c: supR3HardNtChildPurify: Done after 288 ms and 0 fixes (loop #0).
29825cc.279c: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000720000 LB 0x400000)
29925cc.279c: supR3HardNtEnableThreadCreation:
3001cb8.1f08: Log file opened: 5.0.5r102814 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa0280000
3011cb8.1f08: supR3HardenedVmProcessInit: uNtDllAddr=00007ff8fe6d0000
3021cb8.1f08: ntdll.dll: timestamp 0x55c59f92 (rc=VINF_SUCCESS)
3031cb8.1f08: New simple heap: #1 0000000000af0000 LB 0x400000 (for 1839104 allocation)
3041cb8.1f08: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
3051cb8.1f08: System32: \Device\HarddiskVolume2\Windows\System32
3061cb8.1f08: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
3071cb8.1f08: KnownDllPath: C:\WINDOWS\system32
3081cb8.1f08: supR3HardenedVmProcessInit: Opening vboxdrv...
3091cb8.1f08: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
3101cb8.1f08: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
3111cb8.1f08: Registered Dll notification callback with NTDLL.
3121cb8.1f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
3131cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
3141cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801:<flags> [calling]
3151cb8.1f08: supR3HardenedDllNotificationCallback: load 00007ff8fb590000 LB 0x001dd000 C:\WINDOWS\system32\KERNELBASE.dll [fFlags=0x0]
3161cb8.1f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
3171cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
3181cb8.1f08: supR3HardenedDllNotificationCallback: load 00007ff8fcb60000 LB 0x000ad000 C:\WINDOWS\system32\KERNEL32.DLL [fFlags=0x0]
3191cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
3201cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fcb60000 'C:\WINDOWS\system32\KERNEL32.DLL'
3211cb8.1f08: supR3HardenedDllNotificationCallback: load 00007ff79cce0000 LB 0x0012c000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
3221cb8.1f08: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
3231cb8.1f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
3241cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
3251cb8.1f08: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff8fe73fb70 pvNtTerminateThread=00007ff8fe763a20
32625cc.279c: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 70 ms.
3271cb8.1f08: \SystemRoot\System32\ntdll.dll:
3281cb8.1f08: CreationTime: 2015-08-16T21:06:31.032400500Z
3291cb8.1f08: LastWriteTime: 2015-08-08T07:29:58.168349600Z
3301cb8.1f08: ChangeTime: 2015-08-19T18:14:19.350633100Z
3311cb8.1f08: FileAttributes: 0x20
3321cb8.1f08: Size: 0x1bce48
3331cb8.1f08: NT Headers: 0xd8
3341cb8.1f08: Timestamp: 0x55c59f92
3351cb8.1f08: Machine: 0x8664 - amd64
3361cb8.1f08: Timestamp: 0x55c59f92
3371cb8.1f08: Image Version: 10.0
3381cb8.1f08: SizeOfImage: 0x1c1000 (1839104)
3391cb8.1f08: Resource Dir: 0x15a000 LB 0x65718
3401cb8.1f08: ProductName: Microsoft® Windows® Operating System
3411cb8.1f08: ProductVersion: 10.0.10240.16430
3421cb8.1f08: FileVersion: 10.0.10240.16430 (th1.150807-2049)
3431cb8.1f08: FileDescription: NT Layer DLL
3441cb8.1f08: \SystemRoot\System32\kernel32.dll:
3451cb8.1f08: CreationTime: 2015-07-10T10:59:59.699781600Z
3461cb8.1f08: LastWriteTime: 2015-07-10T10:59:59.699781600Z
3471cb8.1f08: ChangeTime: 2015-08-16T23:00:47.247867200Z
3481cb8.1f08: FileAttributes: 0x20
3491cb8.1f08: Size: 0xab830
3501cb8.1f08: NT Headers: 0xf0
3511cb8.1f08: Timestamp: 0x559f38ad
3521cb8.1f08: Machine: 0x8664 - amd64
3531cb8.1f08: Timestamp: 0x559f38ad
3541cb8.1f08: Image Version: 10.0
3551cb8.1f08: SizeOfImage: 0xad000 (708608)
3561cb8.1f08: Resource Dir: 0xab000 LB 0x518
3571cb8.1f08: ProductName: Microsoft® Windows® Operating System
3581cb8.1f08: ProductVersion: 10.0.10240.16384
3591cb8.1f08: FileVersion: 10.0.10240.16384 (th1.150709-1700)
3601cb8.1f08: FileDescription: Windows NT BASE API Client DLL
3611cb8.1f08: \SystemRoot\System32\KernelBase.dll:
3621cb8.1f08: CreationTime: 2015-07-10T11:00:10.325689700Z
3631cb8.1f08: LastWriteTime: 2015-07-10T11:00:10.325689700Z
3641cb8.1f08: ChangeTime: 2015-08-16T23:00:47.247867200Z
3651cb8.1f08: FileAttributes: 0x20
3661cb8.1f08: Size: 0x1dc680
3671cb8.1f08: NT Headers: 0x100
3681cb8.1f08: Timestamp: 0x559f38c3
3691cb8.1f08: Machine: 0x8664 - amd64
3701cb8.1f08: Timestamp: 0x559f38c3
3711cb8.1f08: Image Version: 10.0
3721cb8.1f08: SizeOfImage: 0x1dd000 (1953792)
3731cb8.1f08: Resource Dir: 0x1c7000 LB 0x530
3741cb8.1f08: ProductName: Microsoft® Windows® Operating System
3751cb8.1f08: ProductVersion: 10.0.10240.16384
3761cb8.1f08: FileVersion: 10.0.10240.16384 (th1.150709-1700)
3771cb8.1f08: FileDescription: Windows NT BASE API Client DLL
3781cb8.1f08: \SystemRoot\System32\apisetschema.dll:
3791cb8.1f08: CreationTime: 2015-07-10T11:00:04.872098600Z
3801cb8.1f08: LastWriteTime: 2015-07-10T11:00:04.872098600Z
3811cb8.1f08: ChangeTime: 2015-08-16T23:00:45.516391600Z
3821cb8.1f08: FileAttributes: 0x20
3831cb8.1f08: Size: 0x16760
3841cb8.1f08: NT Headers: 0xc8
3851cb8.1f08: Timestamp: 0x559f3e3d
3861cb8.1f08: Machine: 0x8664 - amd64
3871cb8.1f08: Timestamp: 0x559f3e3d
3881cb8.1f08: Image Version: 10.0
3891cb8.1f08: SizeOfImage: 0x17000 (94208)
3901cb8.1f08: Resource Dir: 0x16000 LB 0x3f0
3911cb8.1f08: ProductName: Microsoft® Windows® Operating System
3921cb8.1f08: ProductVersion: 10.0.10240.16384
3931cb8.1f08: FileVersion: 10.0.10240.16384 (th1.150709-1700)
3941cb8.1f08: FileDescription: ApiSet Schema DLL
3951cb8.1f08: NtOpenDirectoryObject failed on \Driver: 0xc0000022
3961cb8.1f08: supR3HardenedWinFindAdversaries: 0x0
3971cb8.1f08: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
3981cb8.1f08: Calling main()
3991cb8.1f08: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
4001cb8.1f08: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
4011cb8.1f08: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
4021cb8.1f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
4031cb8.1f08: SUPR3HardenedMain: Final process, opening VBoxDrv...
4041cb8.1f08: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000af0000 LB 0x400000)
4051cb8.1f08: supR3HardNtEnableThreadCreation:
4061cb8.1f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
4071cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
4081cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
4091cb8.1f08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
4101cb8.1f08: supR3HardenedDllNotificationCallback: load 00007ff8f6420000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
4111cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
4121cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
4131cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
4141cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f6420000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
4151cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
4161cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
4171cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f6420000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
4181cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f6420000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
4191cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
4201cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
4211cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
4221cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
4231cb8.1f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
4241cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
4251cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
4261cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
4271cb8.1f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
4281cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
4291cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
4301cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
4311cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
4321cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'msasn1.dll'.
4331cb8.1f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
4341cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
4351cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
4361cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
4371cb8.1f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
4381cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
4391cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
4401cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
4411cb8.1f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
4421cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
4431cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
4441cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
4451cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
4461cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
4471cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
4481cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
4491cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
4501cb8.1f08: supR3HardenedDllNotificationCallback: load 00007ff8fc330000 LB 0x0009d000 C:\WINDOWS\system32\msvcrt.dll [fFlags=0x0]
4511cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
4521cb8.1f08: supR3HardenedDllNotificationCallback: load 00007ff8fb180000 LB 0x00011000 C:\WINDOWS\system32\MSASN1.dll [fFlags=0x0]
4531cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
4541cb8.1f08: supR3HardenedDllNotificationCallback: load 00007ff8fb360000 LB 0x001c1000 C:\WINDOWS\system32\CRYPT32.dll [fFlags=0x0]
4551cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
4561cb8.1f08: supR3HardenedDllNotificationCallback: load 00007ff8fcc10000 LB 0x00126000 C:\WINDOWS\system32\RPCRT4.dll [fFlags=0x0]
4571cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
4581cb8.1f08: supR3HardenedDllNotificationCallback: load 00007ff8fb530000 LB 0x00054000 C:\WINDOWS\system32\Wintrust.dll [fFlags=0x0]
4591cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
4601cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb530000 'C:\WINDOWS\system32\Wintrust.dll'
4611cb8.1f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
4621cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
4631cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
4641cb8.1f08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
4651cb8.1f08: supR3HardenedDllNotificationCallback: load 00007ff8fac30000 LB 0x00028000 C:\WINDOWS\system32\bcrypt.dll [fFlags=0x0]
4661cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
4671cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fac30000 'C:\WINDOWS\system32\bcrypt.dll'
4681cb8.1f08: bcrypt.dll loaded at 00007ff8fac30000, BCryptOpenAlgorithmProvider at 00007ff8fac34a00, preloading providers:
4691cb8.1f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
4701cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
4711cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
4721cb8.1f08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
4731cb8.1f08: supR3HardenedDllNotificationCallback: load 00007ff8faf50000 LB 0x0006b000 C:\WINDOWS\system32\bcryptprimitives.dll [fFlags=0x0]
4741cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
4751cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8faf50000 'C:\WINDOWS\system32\bcryptprimitives.dll'
4761cb8.1f08: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=00000000010b98a0)
4771cb8.1f08: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=00000000010b9fb0)
4781cb8.1f08: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=00000000010ba280)
4791cb8.1f08: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=00000000010ba5a0)
4801cb8.1f08: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=00000000010bb0c0)
4811cb8.1f08: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=00000000010bb3d0)
4821cb8.1f08: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=00000000010bb6e0)
4831cb8.1f08: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=00000000010bb9b0)
4841cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
4851cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
4861cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb530000 'C:\Windows\System32\WINTRUST.DLL'
4871cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
4881cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
4891cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb530000 'C:\Windows\System32\WINTRUST.DLL'
4901cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
4911cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
4921cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb530000 'C:\Windows\System32\WINTRUST.DLL'
4931cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
4941cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
4951cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb530000 'C:\Windows\System32\WINTRUST.DLL'
4961cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
4971cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
4981cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb530000 'C:\Windows\System32\WINTRUST.DLL'
4991cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5001cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5011cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb530000 'C:\Windows\System32\WINTRUST.DLL'
5021cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5031cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5041cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb530000 'C:\Windows\System32\WINTRUST.DLL'
5051cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcrypt.dll'.
5061cb8.1f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
5071cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
5081cb8.1f08: supR3HardenedDllNotificationCallback: load 00007ff8fa9d0000 LB 0x00017000 C:\WINDOWS\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
5091cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
5101cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'bcrypt.dll'.
5111cb8.1f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
5121cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
5131cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
5141cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
5151cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
5161cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
5171cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
5181cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
5191cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5201cb8.1f08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
5211cb8.1f08: supR3HardenedDllNotificationCallback: load 00007ff8fa620000 LB 0x00033000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
5221cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
5231cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
5241cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
5251cb8.1f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
5261cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
5271cb8.1f08: supR3HardenedDllNotificationCallback: load 00007ff8fac60000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
5281cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
5291cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
5301cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
5311cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
5321cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
5331cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5341cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fcb60000 'C:\WINDOWS\system32\kernel32.dll'
5351cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5361cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb530000 'C:\Windows\System32\WINTRUST.DLL'
5371cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
5381cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
5391cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\CRYPT32.dll'
5401cb8.1f08: supR3HardenedDllNotificationCallback: load 00007ff8fc9a0000 LB 0x0001c000 C:\WINDOWS\system32\imagehlp.dll [fFlags=0x0]
5411cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
5421cb8.1f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
5431cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
5441cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
5451cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
5461cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
5471cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
5481cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5491cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
5501cb8.1f08: supR3HardenedDllNotificationCallback: load 00007ff8fca90000 LB 0x0005b000 C:\WINDOWS\system32\sechost.dll [fFlags=0x0]
5511cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
5521cb8.1f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
5531cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
5541cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
5551cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
5561cb8.1f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
5571cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
5581cb8.1f08: supR3HardenedDllNotificationCallback: load 00007ff8f9fc0000 LB 0x00023000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0]
5591cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
5601cb8.1f08: supR3HardenedDllNotificationCallback: load 00007ff8fb100000 LB 0x00013000 C:\WINDOWS\system32\profapi.dll [fFlags=0x0]
5611cb8.1f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
5621cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
5631cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
5641cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
5651cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'wldap32.dll'.
5661cb8.1f08: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
5671cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
5681cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
5691cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
5701cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
5711cb8.1f08: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\Wldap32.dll)
5721cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\Wldap32.dll
5731cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
5741cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
5751cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
5761cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
5771cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
5781cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
5791cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
5801cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
5811cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
5821cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
5831cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
5841cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
5851cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
5861cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
5871cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
5881cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
5891cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
5901cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
5911cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5921cb8.1f08: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
5931cb8.1f08: supR3HardenedDllNotificationCallback: load 00007ff8fc8e0000 LB 0x0005b000 C:\WINDOWS\system32\WLDAP32.dll [fFlags=0x0]
5941cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
5951cb8.1f08: supR3HardenedDllNotificationCallback: load 00007ff8ebb90000 LB 0x0002f000 C:\WINDOWS\system32\cryptnet.dll [fFlags=0x0]
5961cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
5971cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
5981cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
5991cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ebb90000 'C:\WINDOWS\system32\cryptnet.dll'
6001cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6011cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6021cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ebb90000 'C:\WINDOWS\system32\cryptnet.dll'
6031cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6041cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6051cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ebb90000 'C:\WINDOWS\system32\cryptnet.dll'
6061cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6071cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6081cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ebb90000 'C:\WINDOWS\system32\cryptnet.dll'
6091cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6101cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6111cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ebb90000 'C:\WINDOWS\system32\cryptnet.dll'
6121cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6131cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6141cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ebb90000 'C:\WINDOWS\system32\cryptnet.dll'
6151cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6161cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ebb90000 'C:\WINDOWS\system32\cryptnet.dll'
6171cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6181cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ebb90000 'C:\WINDOWS\system32\cryptnet.dll'
6191cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6201cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ebb90000 'C:\WINDOWS\system32\cryptnet.dll'
6211cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6221cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ebb90000 'C:\WINDOWS\system32\cryptnet.dll'
6231cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6241cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ebb90000 'C:\WINDOWS\system32\cryptnet.dll'
6251cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ebb90000 'C:\WINDOWS\system32\cryptnet.dll'
6261cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6271cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ebb90000 'C:\Windows\System32\cryptnet.dll'
6281cb8.1f08: supR3HardenedDllNotificationCallback: load 00007ff8fe3c0000 LB 0x000a6000 C:\WINDOWS\system32\advapi32.dll [fFlags=0x0]
6291cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6301cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'sechost.dll'.
6311cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'rpcrt4.dll'.
6321cb8.1f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
6331cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
6341cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6351cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6361cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6371cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
6381cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
6391cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume2\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
6401cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
6411cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6421cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6431cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6441cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6451cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
6461cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
6471cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6481cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
6491cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
6501cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000010f5980
6511cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010f5980
6521cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=311B4CDD9B998ED36E8EA94DCB004D809301CC36
6531cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
6541cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6551cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fcc10000 'C:\WINDOWS\system32\rpcrt4.dll'
6561cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
6571cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb530000 'C:\Windows\System32\WINTRUST.DLL'
6581cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
6591cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb530000 'C:\Windows\System32\WINTRUST.DLL'
6601cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
6611cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb530000 'C:\Windows\System32\WINTRUST.DLL'
6621cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
6631cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb530000 'C:\Windows\System32\WINTRUST.DLL'
6641cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
6651cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb530000 'C:\Windows\System32\WINTRUST.DLL'
6661cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
6671cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb530000 'C:\Windows\System32\WINTRUST.DLL'
6681cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
6691cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6701cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb530000 'C:\Windows\System32\WINTRUST.DLL'
6711cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6721cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6731cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
6741cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
6751cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6761cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
6771cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_555_for_KB3081455~31bf3856ad364e35~amd64~~10.0.1.3.cat'; file='\SystemRoot\System32\ntdll.dll'
6781cb8.1f08: g_pfnWinVerifyTrust=00007ff8fb538890
6791cb8.1f08: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
6801cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6811cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6821cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
6831cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
6841cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6851cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
6861cb8.1f08: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
6871cb8.1f08: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
6881cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6891cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6901cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
6911cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
6921cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6931cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
6941cb8.1f08: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
6951cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6961cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6971cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
6981cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
6991cb8.1f08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
7001cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000378 pwszName=\Device\HarddiskVolume2\Windows\System32\Wldap32.dll
7011cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010f5980
7021cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010f5980
7031cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3E30C00BB3189B639214835B4F4C320DEC5BFA77
7041cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7051cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
7061cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
7071cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-CoreSystem-ds-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
7081cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
7091cb8.1f08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
7101cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000374 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll
7111cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010f5980
7121cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010f5980
7131cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5997BB270A09A76A71A9EE8A7ADB154F3D75EEF3
7141cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7151cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
7161cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
7171cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-CoreSystem-ds-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
7181cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
7191cb8.1f08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
7201cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7211cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
7221cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
7231cb8.1f08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
7241cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7251cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
7261cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
7271cb8.1f08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
7281cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7291cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
7301cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
7311cb8.1f08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll'
7321cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7331cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
7341cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
7351cb8.1f08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
7361cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7371cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
7381cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
7391cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7401cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
7411cb8.1f08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
7421cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7431cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7441cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
7451cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
7461cb8.1f08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
7471cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
7481cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
7491cb8.1f08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
7501cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
7511cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
7521cb8.1f08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll'
7531cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
7541cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
7551cb8.1f08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
7561cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
7571cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
7581cb8.1f08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
7591cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
7601cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
7611cb8.1f08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
7621cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
7631cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
7641cb8.1f08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
7651cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
7661cb8.1f08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
7671cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
7681cb8.1f08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe'
7691cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
7701cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
7711cb8.1f08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
7721cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
7731cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
7741cb8.1f08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
7751cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
7761cb8.1f08: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
7771cb8.1f08: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
7781cb8.1f08: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
7791cb8.1f08: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
7801cb8.1f08: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
7811cb8.1f08: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
7821cb8.1f08: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
7831cb8.1f08: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
7841cb8.1f08: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
7851cb8.1f08: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
7861cb8.1f08: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
7871cb8.1f08: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
7881cb8.1f08: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
7891cb8.1f08: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
7901cb8.1f08: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
7911cb8.1f08: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
7921cb8.1f08: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
7931cb8.1f08: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
7941cb8.1f08: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
7951cb8.1f08: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
7961cb8.1f08: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
7971cb8.1f08: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
7981cb8.1f08: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
7991cb8.1f08: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
8001cb8.1f08: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
8011cb8.1f08: supR3HardenedWinIsDesiredRootCA: Adding 0x35f812d09650dc00 C=FR, O=Certplus, CN=Class 2 Primary CA
8021cb8.1f08: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
8031cb8.1f08: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
8041cb8.1f08: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
8051cb8.1f08: supR3HardenedWinIsDesiredRootCA: Adding 0x6e2ba21058eedf00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN - DATACorp SGC
8061cb8.1f08: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
8071cb8.1f08: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
8081cb8.1f08: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
8091cb8.1f08: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
8101cb8.1f08: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
8111cb8.1f08: supR3HardenedWinIsDesiredRootCA: Adding 0x20b7075b3689b600 C=IL, O=StartCom Ltd., CN=StartCom Certification Authority G2
8121cb8.1f08: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
8131cb8.1f08: supR3HardenedWinIsDesiredRootCA: Adding 0xa8b43f38c3f7b100 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware
8141cb8.1f08: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
8151cb8.1f08: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=39
8161cb8.1f08: SUPR3HardenedMain: Load Runtime...
8171cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
8181cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
8191cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
8201cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
8211cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
8221cb8.1f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
8231cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
8241cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8251cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8261cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
8271cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
8281cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
8291cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
8301cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
8311cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'nsi.dll'.
8321cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
8331cb8.1f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll) WinVerifyTrust
8341cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
8351cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
8361cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
8371cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8381cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8391cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
8401cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
8411cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
8421cb8.1f08: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\nsi.dll'.
8431cb8.1f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll)
8441cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll
8451cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
8461cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
8471cb8.1f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
8481cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
8491cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
8501cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
8511cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
8521cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
8531cb8.1f08: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
8541cb8.1f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll)
8551cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
8561cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
8571cb8.1f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
8581cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
8591cb8.1f08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
8601cb8.1f08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
8611cb8.1f08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
8621cb8.1f08: supR3HardenedDllNotificationCallback: load 0000000058ff0000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
8631cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
8641cb8.1f08: supR3HardenedDllNotificationCallback: load 00000000590d0000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
8651cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
8661cb8.1f08: supR3HardenedDllNotificationCallback: load 00007ff8fc9c0000 LB 0x00008000 C:\WINDOWS\system32\NSI.dll [fFlags=0x0]
8671cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll [avoiding WinVerifyTrust]
8681cb8.1f08: supR3HardenedDllNotificationCallback: load 00007ff8fcaf0000 LB 0x00069000 C:\WINDOWS\system32\WS2_32.dll [fFlags=0x0]
8691cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
8701cb8.1f08: supR3HardenedDllNotificationCallback: load 00007ff8db250000 LB 0x0054b000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
8711cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
8721cb8.1f08: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
8731cb8.1f08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
8741cb8.1f08: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\nsi.dll'.
8751cb8.1f08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rescheduled]
8761cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
8771cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8781cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8db250000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8791cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
8801cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8811cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8db250000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8821cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
8831cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8841cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8db250000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8851cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
8861cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8871cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8db250000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8881cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
8891cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8901cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8db250000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8911cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
8921cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8931cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8db250000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8941cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8db250000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8951cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8db250000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8961cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8db250000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8971cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8db250000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8981cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8db250000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8991cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8db250000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9001cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8db250000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9011cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
9021cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9031cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8db250000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9041cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8db250000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9051cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8db250000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9061cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8db250000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9071cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8db250000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9081cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8db250000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9091cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8db250000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9101cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8db250000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9111cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8db250000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9121cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8db250000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9131cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8db250000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9141cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8db250000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9151cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8db250000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9161cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8db250000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9171cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8db250000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9181cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8db250000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9191cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
9201cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9211cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8db250000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9221cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8db250000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9231cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8db250000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9241cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8db250000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9251cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb530000 'C:\WINDOWS\system32\Wintrust.dll'
9261cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
9271cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
9281cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
9291cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9301cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
9311cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
9321cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
9331cb8.1f08: SUPR3HardenedMain: Load TrustedMain...
9341cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
9351cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
9361cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
9371cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
9381cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
9391cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
9401cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qtguivbox4.dll'.
9411cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qtnetworkvbox4.dll'.
9421cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qtopenglvbox4.dll'.
9431cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'user32.dll'.
9441cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'gdi32.dll'.
9451cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
9461cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
9471cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
9481cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
9491cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'comdlg32.dll'.
9501cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'winmm.dll'.
9511cb8.1f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
9521cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
9531cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
9541cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
9551cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
9561cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
9571cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
9581cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcrt.dll'.
9591cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'user32.dll'.
9601cb8.1f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll) WinVerifyTrust
9611cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll
9621cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
9631cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
9641cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000043c pwszName=\Device\HarddiskVolume2\Windows\System32\comdlg32.dll
9651cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010f5980
9661cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010f5980
9671cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=857477BEC0F0F69A9C4898B3680E207E94733C3F
9681cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
9691cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
9701cb8.1f08: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
9711cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'gdi32.dll'.
9721cb8.1f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
9731cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
9741cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9751cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9761cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
9771cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
9781cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
9791cb8.1f08: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll'.
9801cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
9811cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'devobj.dll'.
9821cb8.1f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmmbase.dll)
9831cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmmbase.dll
9841cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
9851cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
9861cb8.1f08: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\devobj.dll'.
9871cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9881cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'cfgmgr32.dll'.
9891cb8.1f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\devobj.dll)
9901cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devobj.dll
9911cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9921cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9931cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
9941cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
9951cb8.1f08: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
9961cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'user32.dll'.
9971cb8.1f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
9981cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
9991cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
10001cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
10011cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
10021cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
10031cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
10041cb8.1f08: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'.
10051cb8.1f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll)
10061cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
10071cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10081cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10091cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
10101cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
10111cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10121cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
10131cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_329_for_KB3081444~31bf3856ad364e35~amd64~~10.0.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'
10141cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10151cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10161cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'user32.dll'.
10171cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'shlwapi.dll'.
10181cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'gdi32.dll'.
10191cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'comctl32.dll'.
10201cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'shell32.dll'.
10211cb8.1f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comdlg32.dll) WinVerifyTrust
10221cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
10231cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
10241cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
10251cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
10261cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
10271cb8.1f08: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'.
10281cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10291cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #64 'user32.dll'.
10301cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #66 'gdi32.dll'.
10311cb8.1f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll)
10321cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
10331cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
10341cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
10351cb8.1f08: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\comctl32.dll'.
10361cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
10371cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
10381cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
10391cb8.1f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comctl32.dll)
10401cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comctl32.dll
10411cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
10421cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
10431cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
10441cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
10451cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
10461cb8.1f08: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'.
10471cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
10481cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #41 'gdi32.dll'.
10491cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'user32.dll'.
10501cb8.1f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll)
10511cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
10521cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
10531cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
10541cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
10551cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10561cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10571cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
10581cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
10591cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
10601cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
10611cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
10621cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
10631cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10641cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10651cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
10661cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
10671cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
10681cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
10691cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
10701cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
10711cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
10721cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
10731cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
10741cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
10751cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
10761cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
10771cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
10781cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
10791cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
10801cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10811cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10821cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
10831cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
10841cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10851cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'combase.dll'.
10861cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
10871cb8.1f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll) WinVerifyTrust
10881cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
10891cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
10901cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
10911cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
10921cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
10931cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
10941cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
10951cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
10961cb8.1f08: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
10971cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10981cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
10991cb8.1f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\combase.dll)
11001cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\combase.dll
11011cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11021cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11031cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
11041cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
11051cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11061cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11071cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
11081cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
11091cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
11101cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'rpcrt4.dll'.
11111cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'gdi32.dll'.
11121cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'user32.dll'.
11131cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'combase.dll'.
11141cb8.1f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ole32.dll) WinVerifyTrust
11151cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
11161cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
11171cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
11181cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll [redoing WinVerifyTrust]
11191cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
11201cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
11211cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [lacks WinVerifyTrust]
11221cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
11231cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
11241cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
11251cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
11261cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
11271cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
11281cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
11291cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
11301cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11311cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11321cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
11331cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
11341cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
11351cb8.1f08: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll'
11361cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
11371cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
11381cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
11391cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
11401cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
11411cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
11421cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
11431cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
11441cb8.1f08: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
11451cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
11461cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
11471cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [redoing WinVerifyTrust]
11481cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
11491cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
11501cb8.1f08: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll'
11511cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtopenglvbox4.dll'...
11521cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtopenglvbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtopenglvbox4.dll' [rcNtRedir=0xc0150008]
11531cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
11541cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
11551cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
11561cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
11571cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qtguivbox4.dll'.
11581cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
11591cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'.
11601cb8.1f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll) WinVerifyTrust
11611cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
11621cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtnetworkvbox4.dll'...
11631cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtnetworkvbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtnetworkvbox4.dll' [rcNtRedir=0xc0150008]
11641cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
11651cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
11661cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
11671cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
11681cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
11691cb8.1f08: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll'.
11701cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
11711cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
11721cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
11731cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
11741cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
11751cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
11761cb8.1f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll)
11771cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
11781cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
11791cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
11801cb8.1f08: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll'.
11811cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
11821cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'comdlg32.dll'.
11831cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'.
11841cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
11851cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
11861cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
11871cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
11881cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
11891cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'advapi32.dll'.
11901cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shell32.dll'.
11911cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'qtcorevbox4.dll'.
11921cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp100.dll'.
11931cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcr100.dll'.
11941cb8.1f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll)
11951cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
11961cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
11971cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
11981cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
11991cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12001cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
12011cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
12021cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
12031cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
12041cb8.1f08: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\opengl32.dll'.
12051cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12061cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
12071cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
12081cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
12091cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
12101cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
12111cb8.1f08: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll)
12121cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll
12131cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12141cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12151cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
12161cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
12171cb8.1f08: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\ddraw.dll'.
12181cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12191cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'user32.dll'.
12201cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'gdi32.dll'.
12211cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'dciman32.dll'.
12221cb8.1f08: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ddraw.dll)
12231cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ddraw.dll
12241cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
12251cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
12261cb8.1f08: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
12271cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12281cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
12291cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
12301cb8.1f08: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\glu32.dll)
12311cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll
12321cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12331cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
12341cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
12351cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
12361cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
12371cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
12381cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12391cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12401cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
12411cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
12421cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
12431cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
12441cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
12451cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
12461cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
12471cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
12481cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [lacks WinVerifyTrust]
12491cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
12501cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
12511cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
12521cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
12531cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
12541cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
12551cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12561cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12571cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
12581cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
12591cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
12601cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
12611cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
12621cb8.1f08: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\winspool.drv'.
12631cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12641cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'bcrypt.dll'.
12651cb8.1f08: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\winspool.drv)
12661cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winspool.drv
12671cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
12681cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
12691cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
12701cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
12711cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
12721cb8.1f08: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
12731cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
12741cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'msctf.dll'.
12751cb8.1f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\imm32.dll)
12761cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll
12771cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
12781cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
12791cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
12801cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
12811cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
12821cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
12831cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12841cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
12851cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
12861cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
12871cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
12881cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
12891cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
12901cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
12911cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
12921cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
12931cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
12941cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
12951cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
12961cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
12971cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
12981cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
12991cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
13001cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13011cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13021cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
13031cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume2\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
13041cb8.1f08: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msctf.dll'.
13051cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
13061cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
13071cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'gdi32.dll'.
13081cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'imm32.dll'.
13091cb8.1f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msctf.dll)
13101cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll
13111cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13121cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13131cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
13141cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
13151cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
13161cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13171cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13181cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13191cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13201cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
13211cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
13221cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
13231cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13241cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13251cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
13261cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
13271cb8.1f08: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\dciman32.dll'.
13281cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
13291cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
13301cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
13311cb8.1f08: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\dciman32.dll)
13321cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dciman32.dll
13331cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13341cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13351cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13361cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13371cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13381cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13391cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13401cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13411cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13421cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13431cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13441cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13451cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
13461cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
13471cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
13481cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13491cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13501cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13511cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13521cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
13531cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13541cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13551cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
13561cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ws2_32.dll'.
13571cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qtcorevbox4.dll'.
13581cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcr100.dll'.
13591cb8.1f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll) WinVerifyTrust
13601cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
13611cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
13621cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
13631cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [redoing WinVerifyTrust]
13641cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
13651cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
13661cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
13671cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
13681cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
13691cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [lacks WinVerifyTrust]
13701cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
13711cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
13721cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
13731cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
13741cb8.1f08: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll'
13751cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
13761cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
13771cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [redoing WinVerifyTrust]
13781cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
13791cb8.1f08: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll'
13801cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
13811cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
13821cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [redoing WinVerifyTrust]
13831cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
13841cb8.1f08: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'
13851cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
13861cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
13871cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
13881cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
13891cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
13901cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
13911cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
13921cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
13931cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000052c pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll
13941cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010f5980
13951cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010f5980
13961cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5F0CC8DA0E67C8C01864C0783FA867C4BDCE0AAA
13971cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
13981cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
13991cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-windows~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
14001cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14011cb8.1f08: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
14021cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
14031cb8.1f08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
14041cb8.1f08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
14051cb8.1f08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
14061cb8.1f08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
14071cb8.1f08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
14081cb8.1f08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
14091cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
14101cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
14111cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
14121cb8.1f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll)
14131cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll
14141cb8.1f08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
14151cb8.1f08: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
14161cb8.1f08: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll [avoiding WinVerifyTrust]
14171cb8.1f08: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
14181cb8.1f08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
14191cb8.1f08: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll [avoiding WinVerifyTrust]
14201cb8.1f08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll [avoiding WinVerifyTrust]
14211cb8.1f08: supR3HardenedDllNotificationCallback: load 00007ff8fe270000 LB 0x0014e000 C:\WINDOWS\system32\USER32.dll [fFlags=0x0]
14221cb8.1f08: supR3HardenedDllNotificationCallback: load 00007ff8fc530000 LB 0x00186000 C:\WINDOWS\system32\GDI32.dll [fFlags=0x0]
14231cb8.1f08: supR3HardenedDllNotificationCallback: load 00007ff8e7710000 LB 0x00008000 C:\WINDOWS\SYSTEM32\DCIMAN32.dll [fFlags=0x0]
14241cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll [avoiding WinVerifyTrust]
14251cb8.1f08: supR3HardenedDllNotificationCallback: load 00007ff8e5ed0000 LB 0x000f6000 C:\WINDOWS\SYSTEM32\DDRAW.dll [fFlags=0x0]
14261cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll [avoiding WinVerifyTrust]
14271cb8.1f08: supR3HardenedDllNotificationCallback: load 00007ff8e5fd0000 LB 0x0002e000 C:\WINDOWS\SYSTEM32\GLU32.dll [fFlags=0x0]
14281cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
14291cb8.1f08: supR3HardenedDllNotificationCallback: load 00007ff8e6000000 LB 0x00128000 C:\WINDOWS\SYSTEM32\OPENGL32.dll [fFlags=0x0]
14301cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
14311cb8.1f08: supR3HardenedDllNotificationCallback: load 00007ff8fc050000 LB 0x0027c000 C:\WINDOWS\system32\combase.dll [fFlags=0x0]
14321cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [avoiding WinVerifyTrust]
14331cb8.1f08: supR3HardenedDllNotificationCallback: load 00007ff8fe570000 LB 0x00141000 C:\WINDOWS\system32\ole32.dll [fFlags=0x0]
14341cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
14351cb8.1f08: supR3HardenedDllNotificationCallback: load 0000000058d10000 LB 0x002de000 C:\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [fFlags=0x0]
14361cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
14371cb8.1f08: supR3HardenedDllNotificationCallback: load 00007ff8fb250000 LB 0x000b3000 C:\WINDOWS\system32\shcore.dll [fFlags=0x0]
14381cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14391cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'combase.dll'.
14401cb8.1f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\SHCore.dll)
14411cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\SHCore.dll
14421cb8.1f08: supR3HardenedDllNotificationCallback: load 00007ff8fc940000 LB 0x00051000 C:\WINDOWS\system32\shlwapi.dll [fFlags=0x0]
14431cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [avoiding WinVerifyTrust]
14441cb8.1f08: supR3HardenedDllNotificationCallback: load 00007ff8f1bf0000 LB 0x000aa000 C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\COMCTL32.dll [fFlags=0x0]
14451cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll [avoiding WinVerifyTrust]
14461cb8.1f08: supR3HardenedDllNotificationCallback: load 00007ff8fb120000 LB 0x0000f000 C:\WINDOWS\system32\kernel.appcore.dll [fFlags=0x0]
14471cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcrt.dll'.
14481cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
14491cb8.1f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll)
14501cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll
14511cb8.1f08: supR3HardenedDllNotificationCallback: load 00007ff8fb130000 LB 0x0004a000 C:\WINDOWS\system32\powrprof.dll [fFlags=0x0]
14521cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14531cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
14541cb8.1f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\powrprof.dll)
14551cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\powrprof.dll
14561cb8.1f08: supR3HardenedDllNotificationCallback: load 00007ff8fb770000 LB 0x00629000 C:\WINDOWS\system32\windows.storage.dll [fFlags=0x0]
14571cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14581cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'rpcrt4.dll'.
14591cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #58 'combase.dll'.
14601cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #64 'profapi.dll'.
14611cb8.1f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\windows.storage.dll)
14621cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\windows.storage.dll
14631cb8.1f08: supR3HardenedDllNotificationCallback: load 00007ff8fcd40000 LB 0x01522000 C:\WINDOWS\system32\SHELL32.dll [fFlags=0x0]
14641cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
14651cb8.1f08: supR3HardenedDllNotificationCallback: load 00007ff8fbda0000 LB 0x000d7000 C:\WINDOWS\system32\COMDLG32.dll [fFlags=0x0]
14661cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
14671cb8.1f08: supR3HardenedDllNotificationCallback: load 00007ff8fe470000 LB 0x000be000 C:\WINDOWS\system32\OLEAUT32.dll [fFlags=0x0]
14681cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
14691cb8.1f08: supR3HardenedDllNotificationCallback: load 00007ff8fc3d0000 LB 0x0015c000 C:\WINDOWS\system32\MSCTF.dll [fFlags=0x0]
14701cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msctf.dll [avoiding WinVerifyTrust]
14711cb8.1f08: supR3HardenedDllNotificationCallback: load 00007ff8fe530000 LB 0x00036000 C:\WINDOWS\system32\IMM32.dll [fFlags=0x0]
14721cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
14731cb8.1f08: supR3HardenedDllNotificationCallback: load 00007ff8fb310000 LB 0x00044000 C:\WINDOWS\system32\cfgmgr32.dll [fFlags=0x0]
14741cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [avoiding WinVerifyTrust]
14751cb8.1f08: supR3HardenedDllNotificationCallback: load 00007ff8f9a20000 LB 0x00027000 C:\WINDOWS\SYSTEM32\DEVOBJ.dll [fFlags=0x0]
14761cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll [avoiding WinVerifyTrust]
14771cb8.1f08: supR3HardenedDllNotificationCallback: load 00007ff8f93d0000 LB 0x0002c000 C:\WINDOWS\SYSTEM32\WINMMBASE.dll [fFlags=0x0]
14781cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
14791cb8.1f08: supR3HardenedDllNotificationCallback: load 00007ff8f9430000 LB 0x00023000 C:\WINDOWS\SYSTEM32\WINMM.dll [fFlags=0x0]
14801cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
14811cb8.1f08: supR3HardenedDllNotificationCallback: load 00007ff8f1940000 LB 0x00084000 C:\WINDOWS\SYSTEM32\WINSPOOL.DRV [fFlags=0x0]
14821cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
14831cb8.1f08: supR3HardenedDllNotificationCallback: load 00000000581b0000 LB 0x0096c000 C:\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [fFlags=0x0]
14841cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
14851cb8.1f08: supR3HardenedDllNotificationCallback: load 0000000058c00000 LB 0x00105000 C:\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll [fFlags=0x0]
14861cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
14871cb8.1f08: supR3HardenedDllNotificationCallback: load 0000000058b20000 LB 0x000dc000 C:\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll [fFlags=0x0]
14881cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
14891cb8.1f08: supR3HardenedDllNotificationCallback: load 00007ff8d3580000 LB 0x00ab7000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
14901cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
14911cb8.1f08: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\windows.storage.dll'.
14921cb8.1f08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\windows.storage.dll' [rescheduled]
14931cb8.1f08: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\powrprof.dll'.
14941cb8.1f08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\powrprof.dll' [rescheduled]
14951cb8.1f08: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll'.
14961cb8.1f08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll' [rescheduled]
14971cb8.1f08: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\SHCore.dll'.
14981cb8.1f08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\SHCore.dll' [rescheduled]
14991cb8.1f08: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll'.
15001cb8.1f08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll' [rescheduled]
15011cb8.1f08: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\dciman32.dll'.
15021cb8.1f08: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' [rescheduled]
15031cb8.1f08: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msctf.dll'.
15041cb8.1f08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll' [rescheduled]
15051cb8.1f08: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
15061cb8.1f08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rescheduled]
15071cb8.1f08: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\winspool.drv'.
15081cb8.1f08: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rescheduled]
15091cb8.1f08: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
15101cb8.1f08: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
15111cb8.1f08: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\ddraw.dll'.
15121cb8.1f08: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' [rescheduled]
15131cb8.1f08: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
15141cb8.1f08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
15151cb8.1f08: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'.
15161cb8.1f08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rescheduled]
15171cb8.1f08: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\comctl32.dll'.
15181cb8.1f08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rescheduled]
15191cb8.1f08: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'.
15201cb8.1f08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rescheduled]
15211cb8.1f08: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\devobj.dll'.
15221cb8.1f08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rescheduled]
15231cb8.1f08: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll'.
15241cb8.1f08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll' [rescheduled]
15251cb8.1f08: \Device\HarddiskVolume2\Windows\System32\nvinitx.dll: Owner is administrators group.
15261cb8.1f08: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\nvinitx.dll'.
15271cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'version.dll'.
15281cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
15291cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
15301cb8.1f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nvinitx.dll)
15311cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nvinitx.dll
15321cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
15331cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
15341cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
15351cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15361cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15371cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
15381cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume2\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
15391cb8.1f08: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\version.dll'.
15401cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
15411cb8.1f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\version.dll)
15421cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\version.dll
15431cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
15441cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
15451cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll
15461cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
15471cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
15481cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [redoing WinVerifyTrust]
15491cb8.1f08: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
15501cb8.1f08: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\combase.dll
15511cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
15521cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
15531cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15541cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15551cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
15561cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
15571cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15581cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15591cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
15601cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
15611cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15621cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15631cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
15641cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
15651cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [redoing WinVerifyTrust]
15661cb8.1f08: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
15671cb8.1f08: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\combase.dll
15681cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15691cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15701cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15711cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15721cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15731cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15741cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
15751cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
15761cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
15771cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15781cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15791cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\nvinitx.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
15801cb8.1f08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nvinitx.dll [avoiding WinVerifyTrust]
15811cb8.1f08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll [avoiding WinVerifyTrust]
15821cb8.1f08: supR3HardenedDllNotificationCallback: load 00007ff8fa380000 LB 0x0000a000 C:\WINDOWS\SYSTEM32\VERSION.dll [fFlags=0x0]
15831cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll [avoiding WinVerifyTrust]
15841cb8.1f08: supR3HardenedDllNotificationCallback: load 00007ff8fa270000 LB 0x00031000 C:\WINDOWS\system32\nvinitx.dll [fFlags=0x0]
15851cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nvinitx.dll [avoiding WinVerifyTrust]
15861cb8.1f08: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\version.dll'.
15871cb8.1f08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\version.dll' [rescheduled]
15881cb8.1f08: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\nvinitx.dll'.
15891cb8.1f08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\nvinitx.dll' [rescheduled]
15901cb8.1f08: \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll: Owner is administrators group.
15911cb8.1f08: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll'.
15921cb8.1f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll)
15931cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll
15941cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
15951cb8.1f08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll [avoiding WinVerifyTrust]
15961cb8.1f08: supR3HardenedDllNotificationCallback: load 000000000f000000 LB 0x00006000 C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll [fFlags=0x0]
15971cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll [avoiding WinVerifyTrust]
15981cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000000000f000000 'C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll'
15991cb8.1f08: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll'.
16001cb8.1f08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll' [rescheduled]
16011cb8.1f08: \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\nvd3d9wrapx.dll: Owner is administrators group.
16021cb8.1f08: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\nvd3d9wrapx.dll'.
16031cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
16041cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
16051cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
16061cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'setupapi.dll'.
16071cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'detoured.dll'.
16081cb8.1f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\nvd3d9wrapx.dll)
16091cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\nvd3d9wrapx.dll
16101cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'detoured.dll'...
16111cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'detoured.dll' -> '\Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll' [rcNtRedir=0xc0150008]
16121cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll [redoing WinVerifyTrust]
16131cb8.1f08: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll'.
16141cb8.1f08: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll
16151cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
16161cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
16171cb8.1f08: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\setupapi.dll'.
16181cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'cfgmgr32.dll'.
16191cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
16201cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
16211cb8.1f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll)
16221cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
16231cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16241cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16251cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
16261cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
16271cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
16281cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16291cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16301cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
16311cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
16321cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16331cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16341cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
16351cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
16361cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [redoing WinVerifyTrust]
16371cb8.1f08: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'.
16381cb8.1f08: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
16391cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrapx.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16401cb8.1f08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\nvd3d9wrapx.dll [avoiding WinVerifyTrust]
16411cb8.1f08: supR3HardenedDllNotificationCallback: load 00007ff8fbe80000 LB 0x001c5000 C:\WINDOWS\system32\SETUPAPI.dll [fFlags=0x0]
16421cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll [avoiding WinVerifyTrust]
16431cb8.1f08: supR3HardenedDllNotificationCallback: load 00007ff8f7e90000 LB 0x00033000 C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrapx.dll [fFlags=0x0]
16441cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\nvd3d9wrapx.dll [avoiding WinVerifyTrust]
16451cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f7e90000 'C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrapx.dll'
16461cb8.1f08: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\setupapi.dll'.
16471cb8.1f08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rescheduled]
16481cb8.1f08: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\nvd3d9wrapx.dll'.
16491cb8.1f08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\nvd3d9wrapx.dll' [rescheduled]
16501cb8.1f08: \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\nvdxgiwrapx.dll: Owner is administrators group.
16511cb8.1f08: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\nvdxgiwrapx.dll'.
16521cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'advapi32.dll'.
16531cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'detoured.dll'.
16541cb8.1f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\nvdxgiwrapx.dll)
16551cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\nvdxgiwrapx.dll
16561cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'detoured.dll'...
16571cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'detoured.dll' -> '\Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll' [rcNtRedir=0xc0150008]
16581cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll [redoing WinVerifyTrust]
16591cb8.1f08: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll'.
16601cb8.1f08: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll
16611cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
16621cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
16631cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\NVIDIA Corporation\CoProcManager\nvdxgiwrapx.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16641cb8.1f08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\nvdxgiwrapx.dll [avoiding WinVerifyTrust]
16651cb8.1f08: supR3HardenedDllNotificationCallback: load 00007ff8f7cf0000 LB 0x00022000 C:\Program Files\NVIDIA Corporation\CoProcManager\nvdxgiwrapx.dll [fFlags=0x0]
16661cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\nvdxgiwrapx.dll [avoiding WinVerifyTrust]
16671cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f7cf0000 'C:\Program Files\NVIDIA Corporation\CoProcManager\nvdxgiwrapx.dll'
16681cb8.1f08: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\nvdxgiwrapx.dll'.
16691cb8.1f08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\nvdxgiwrapx.dll' [rescheduled]
16701cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa270000 'C:\WINDOWS\system32\nvinitx.dll'
16711cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [redoing WinVerifyTrust]
16721cb8.1f08: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
16731cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\imm32.dll
16741cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16751cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fe530000 'C:\WINDOWS\system32\imm32.dll'
16761cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d3580000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
16771cb8.1f08: SUPR3HardenedMain: Calling TrustedMain (00007ff8d3581910)...
16781cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
16791cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16801cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f9430000 'C:\WINDOWS\system32\winmm.dll'
16811cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000006cc pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll
16821cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010f5980
16831cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010f5980
16841cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3717D376EF95470D8C03AD02F97C4DCBCE269CF8
16851cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
16861cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
16871cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_316_for_KB3081438~31bf3856ad364e35~amd64~~10.0.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\uxtheme.dll'
16881cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16891cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16901cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'gdi32.dll'.
16911cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'user32.dll'.
16921cb8.1f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll) WinVerifyTrust
16931cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
16941cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16951cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16961cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16971cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16981cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
16991cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17001cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17011cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
17021cb8.1f08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
17031cb8.1f08: supR3HardenedDllNotificationCallback: load 00007ff8f9980000 LB 0x00096000 C:\WINDOWS\system32\uxtheme.dll [fFlags=0x0]
17041cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
17051cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f9980000 'C:\WINDOWS\system32\uxtheme.dll'
17061cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17071cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'user32.dll'.
17081cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'gdi32.dll'.
17091cb8.1f08: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\dwmapi.dll)
17101cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
17111cb8.1f08: supR3HardenedDllNotificationCallback: load 00007ff8f78e0000 LB 0x00022000 C:\WINDOWS\system32\dwmapi.dll [fFlags=0x0]
17121cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
17131cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000006f4 pwszName=\Device\HarddiskVolume2\Windows\System32\dwmapi.dll
17141cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010f5980
17151cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010f5980
17161cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=71451274041047D99462EA805D3FAD1A9E10F86D
17171cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17181cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17191cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17201cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17211cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17221cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17231cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
17241cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
17251cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_131_for_KB3081444~31bf3856ad364e35~amd64~~10.0.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\dwmapi.dll'
17261cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17271cb8.1f08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll'
17281cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
17291cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17301cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fcd40000 'C:\WINDOWS\system32\shell32.dll'
17311cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
17321cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17331cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fcb60000 'C:\WINDOWS\system32\kernel32.dll'
17341cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
17351cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17361cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f9980000 'C:\WINDOWS\system32\uxtheme.dll'
17371cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
17381cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17391cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f9980000 'C:\WINDOWS\system32\uxtheme.dll'
17401cb8.1f08: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll; rcNtGetDll=0x0
17411cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17421cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\WINDOWS\system32\wintab32.dll'
17431cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fe270000 'C:\WINDOWS\system32\user32.dll'
17441cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
17451cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17461cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f9980000 'C:\WINDOWS\system32\uxtheme.dll'
17471cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fe270000 'C:\WINDOWS\system32\user32.dll'
17481cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fe3c0000 'C:\WINDOWS\system32\advapi32.dll'
17491cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
17501cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
17511cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17521cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
17531cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'profapi.dll'.
17541cb8.1f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\userenv.dll) WinVerifyTrust
17551cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll
17561cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
17571cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
17581cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll
17591cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
17601cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
17611cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17621cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17631cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17641cb8.1f08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
17651cb8.1f08: supR3HardenedDllNotificationCallback: load 00007ff8fa800000 LB 0x0001f000 C:\WINDOWS\system32\userenv.dll [fFlags=0x0]
17661cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
17671cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa800000 'C:\WINDOWS\system32\userenv.dll'
17681cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
17691cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17701cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fcb60000 'C:\WINDOWS\system32\kernel32.dll'
17711cb8.1f08: supR3HardenedDllNotificationCallback: load 00007ff8fc9d0000 LB 0x000a5000 C:\WINDOWS\system32\clbcatq.dll [fFlags=0x0]
17721cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17731cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
17741cb8.1f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clbcatq.dll)
17751cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
17761cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
17771cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
17781cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
17791cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17801cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17811cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
17821cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
17831cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
17841cb8.1f08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\clbcatq.dll'
17851cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
17861cb8.6fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
17871cb8.6fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
17881cb8.6fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
17891cb8.6fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'psapi.dll'.
17901cb8.6fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
17911cb8.6fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
17921cb8.6fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'version.dll'.
17931cb8.6fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ws2_32.dll'.
17941cb8.6fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'.
17951cb8.6fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
17961cb8.6fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
17971cb8.6fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
17981cb8.6fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
17991cb8.6fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
18001cb8.6fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
18011cb8.6fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
18021cb8.6fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
18031cb8.6fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
18041cb8.6fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
18051cb8.6fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
18061cb8.6fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
18071cb8.6fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
18081cb8.6fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume2\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
18091cb8.6fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll [redoing WinVerifyTrust]
18101cb8.6fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
18111cb8.6fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
18121cb8.6fc: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\version.dll'
18131cb8.6fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
18141cb8.6fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
18151cb8.6fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
18161cb8.6fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
18171cb8.6fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'psapi.dll'...
18181cb8.6fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'psapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\psapi.dll' [rcNtRedir=0xc0150008]
18191cb8.6fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
18201cb8.6fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
18211cb8.6fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\psapi.dll) WinVerifyTrust
18221cb8.6fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\psapi.dll
18231cb8.6fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
18241cb8.6fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
18251cb8.6fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
18261cb8.6fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
18271cb8.6fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
18281cb8.6fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
18291cb8.6fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
18301cb8.6fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
18311cb8.6fc: supR3HardenedDllNotificationCallback: load 00007ff8fe6c0000 LB 0x00008000 C:\WINDOWS\system32\PSAPI.DLL [fFlags=0x0]
18321cb8.6fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\psapi.dll
18331cb8.6fc: supR3HardenedDllNotificationCallback: load 00007ff8d2fa0000 LB 0x005d7000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
18341cb8.6fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
18351cb8.6fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d2fa0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
18361cb8.6fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
18371cb8.6fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
18381cb8.6fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fe470000 'C:\Windows\System32\oleaut32.dll'
18391cb8.6fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sxs.dll)
18401cb8.6fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sxs.dll
18411cb8.6fc: supR3HardenedDllNotificationCallback: load 00007ff8fafc0000 LB 0x00098000 C:\WINDOWS\SYSTEM32\sxs.dll [fFlags=0x0]
18421cb8.6fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sxs.dll [avoiding WinVerifyTrust]
18431cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
18441cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
18451cb8.1f08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sxs.dll'
18461cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
18471cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\OLEAUT32.dll (Input=OLEAUT32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18481cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fe470000 'C:\WINDOWS\system32\OLEAUT32.dll'
18491cb8.1f08: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll; rcNtGetDll=0x0
18501cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18511cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\WINDOWS\system32\wintab32.dll'
18521cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc530000 'C:\WINDOWS\system32\gdi32.dll'
18531cb8.68c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
18541cb8.68c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
18551cb8.68c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
18561cb8.68c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
18571cb8.68c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
18581cb8.68c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll) WinVerifyTrust
18591cb8.68c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
18601cb8.68c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
18611cb8.68c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
18621cb8.68c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
18631cb8.68c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
18641cb8.68c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxPuelMain.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18651cb8.68c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
18661cb8.68c: supR3HardenedDllNotificationCallback: load 00007ff8f6410000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL [fFlags=0x0]
18671cb8.68c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
18681cb8.68c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f6410000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxPuelMain.DLL'
18691cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fe270000 'C:\WINDOWS\system32\user32.dll'
18701cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
18711cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18721cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fcd40000 'C:\WINDOWS\system32\shell32.dll'
18731cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bb0 pwszName=\Device\HarddiskVolume2\Windows\System32\DataExchange.dll
18741cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010f5980
18751cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010f5980
18761cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=030BB80F5AC7982FF01AB351589D64E6D4167B3E
18771cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
18781cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
18791cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-AppRuntime-shell-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\DataExchange.dll'
18801cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18811cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18821cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shcore.dll'.
18831cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'combase.dll'.
18841cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'd2d1.dll'.
18851cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'd3d11.dll'.
18861cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'dcomp.dll'.
18871cb8.1f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\DataExchange.dll) WinVerifyTrust
18881cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\DataExchange.dll
18891cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'...
18901cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume2\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008]
18911cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
18921cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
18931cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18941cb8.1f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dcomp.dll) WinVerifyTrust
18951cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dcomp.dll
18961cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
18971cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume2\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
18981cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18991cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19001cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
19011cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
19021cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19031cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'dxgi.dll'.
19041cb8.1f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\d3d11.dll) WinVerifyTrust
19051cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\d3d11.dll
19061cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd2d1.dll'...
19071cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'd2d1.dll' -> '\Device\HarddiskVolume2\Windows\System32\d2d1.dll' [rcNtRedir=0xc0150008]
19081cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000008e8 pwszName=\Device\HarddiskVolume2\Windows\System32\d2d1.dll
19091cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010f5980
19101cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010f5980
19111cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CA1A7323788F698339FF353F1BA100EF7C556D74
19121cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
19131cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
19141cb8.1f08: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\dxgi.dll'.
19151cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19161cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
19171cb8.1f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dxgi.dll)
19181cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dxgi.dll
19191cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19201cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19211cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19221cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19231cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19241cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19251cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
19261cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
19271cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-Graphics-DirectX-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\d2d1.dll'
19281cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19291cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19301cb8.1f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\d2d1.dll) WinVerifyTrust
19311cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\d2d1.dll
19321cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
19331cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
19341cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [redoing WinVerifyTrust]
19351cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19361cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19371cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
19381cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
19391cb8.1f08: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\combase.dll'
19401cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
19411cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume2\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
19421cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SHCore.dll [redoing WinVerifyTrust]
19431cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
19441cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
19451cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
19461cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
19471cb8.1f08: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\SHCore.dll'
19481cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19491cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19501cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
19511cb8.1f08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\DataExchange.dll
19521cb8.1f08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\d2d1.dll
19531cb8.1f08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\d3d11.dll
19541cb8.1f08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dcomp.dll
19551cb8.1f08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
19561cb8.1f08: supR3HardenedDllNotificationCallback: load 00007ff8f26d0000 LB 0x00545000 C:\WINDOWS\system32\d2d1.dll [fFlags=0x0]
19571cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\d2d1.dll
19581cb8.1f08: supR3HardenedDllNotificationCallback: load 00007ff8f6430000 LB 0x0009c000 C:\WINDOWS\system32\dxgi.dll [fFlags=0x0]
19591cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
19601cb8.1f08: supR3HardenedDllNotificationCallback: load 00007ff8f65f0000 LB 0x002a3000 C:\WINDOWS\system32\d3d11.dll [fFlags=0x0]
19611cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\d3d11.dll
19621cb8.1f08: supR3HardenedDllNotificationCallback: load 00007ff8f8be0000 LB 0x000d1000 C:\WINDOWS\system32\dcomp.dll [fFlags=0x0]
19631cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dcomp.dll
19641cb8.1f08: supR3HardenedDllNotificationCallback: load 00007ff8e5c10000 LB 0x00046000 C:\WINDOWS\system32\dataexchange.dll [fFlags=0x0]
19651cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\DataExchange.dll
19661cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e5c10000 'C:\WINDOWS\system32\dataexchange.dll'
19671cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
19681cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
19691cb8.1f08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\dxgi.dll'
19701cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19711cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'userenv.dll'.
19721cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'bcrypt.dll'.
19731cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
19741cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'combase.dll'.
19751cb8.1f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll)
19761cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll
19771cb8.1f08: supR3HardenedDllNotificationCallback: load 00007ff8f9a70000 LB 0x000ee000 C:\WINDOWS\system32\twinapi.appcore.dll [fFlags=0x0]
19781cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust]
19791cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
19801cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
19811cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll
19821cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
19831cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
19841cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
19851cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
19861cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
19871cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'...
19881cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume2\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008]
19891cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
19901cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19911cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19921cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
19931cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
19941cb8.1f08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll'
19951cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
19961cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
19971cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fcd40000 'C:\WINDOWS\system32\shell32.dll'
19981cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
19991cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20001cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fe570000 'C:\WINDOWS\system32\ole32.dll'
20011cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
20021cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20031cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fe470000 'C:\WINDOWS\system32\OLEAUT32.dll'
20041cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000cb4 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
20051cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010f5980
20061cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010f5980
20071cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AA7BAB6C49E4A06208A6E0EE146D0A4385100231
20081cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
20091cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
20101cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-admin-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll'
20111cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20121cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20131cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
20141cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
20151cb8.1f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
20161cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
20171cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
20181cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
20191cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000cb8 pwszName=\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
20201cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010f5980
20211cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010f5980
20221cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8589CB867869E61D2D0DD902D9F24828D41B3FB4
20231cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
20241cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
20251cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-admin-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll'
20261cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20271cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20281cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'bcrypt.dll'.
20291cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'ws2_32.dll'.
20301cb8.1f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll) WinVerifyTrust
20311cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
20321cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
20331cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
20341cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
20351cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20361cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20371cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
20381cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
20391cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
20401cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
20411cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
20421cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
20431cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20441cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20451cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
20461cb8.1f08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
20471cb8.1f08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
20481cb8.1f08: supR3HardenedDllNotificationCallback: load 00007ff8f32c0000 LB 0x0007f000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [fFlags=0x0]
20491cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
20501cb8.1f08: supR3HardenedDllNotificationCallback: load 00007ff8f3340000 LB 0x00011000 C:\WINDOWS\system32\wbem\wbemprox.dll [fFlags=0x0]
20511cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
20521cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
20531cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb590000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
20541cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f3340000 'C:\WINDOWS\system32\wbem\wbemprox.dll'
20551cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c70 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
20561cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010f5980
20571cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010f5980
20581cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F55A40FEDA5AB0854F7A2A7AE88B827B3F76303B
20591cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
20601cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
20611cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-admin-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll'
20621cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20631cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20641cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
20651cb8.1f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
20661cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
20671cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
20681cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
20691cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20701cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20711cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
20721cb8.1f08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
20731cb8.1f08: supR3HardenedDllNotificationCallback: load 00007ff8f2d60000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [fFlags=0x0]
20741cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
20751cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f2d60000 'C:\WINDOWS\system32\wbem\wbemsvc.dll'
20761cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
20771cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb590000 'api-ms-win-core-localization-l1-2-0.dll'
20781cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
20791cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb590000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
20801cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c60 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
20811cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010f5980
20821cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010f5980
20831cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E360AD530F1A62ACF9003C6FE3BA6BBD7638D488
20841cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
20851cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
20861cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-admin-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll'
20871cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20881cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20891cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
20901cb8.1f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
20911cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
20921cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
20931cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
20941cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
20951cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20961cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20971cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
20981cb8.1f08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
20991cb8.1f08: supR3HardenedDllNotificationCallback: load 00007ff8f2d80000 LB 0x000f8000 C:\WINDOWS\system32\wbem\fastprox.dll [fFlags=0x0]
21001cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
21011cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f2d80000 'C:\WINDOWS\system32\wbem\fastprox.dll'
21021cb8.6f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
21031cb8.6f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
21041cb8.6f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
21051cb8.6f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
21061cb8.6f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
21071cb8.6f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
21081cb8.6f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
21091cb8.6f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
21101cb8.6f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
21111cb8.6f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
21121cb8.6f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
21131cb8.6f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
21141cb8.6f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
21151cb8.6f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
21161cb8.6f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
21171cb8.6f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
21181cb8.6f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
21191cb8.6f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
21201cb8.6f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21211cb8.6f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21221cb8.6f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
21231cb8.6f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
21241cb8.6f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
21251cb8.6f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
21261cb8.6f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
21271cb8.6f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21281cb8.6f4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
21291cb8.6f4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
21301cb8.6f4: supR3HardenedDllNotificationCallback: load 00000000580a0000 LB 0x0010a000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
21311cb8.6f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
21321cb8.6f4: supR3HardenedDllNotificationCallback: load 00007ff8deac0000 LB 0x00293000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
21331cb8.6f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
21341cb8.6f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8deac0000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
21351cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
21361cb8.d88: \Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetAdp6.sys: Owner is administrators group.
21371cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ndis.sys'.
21381cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ntoskrnl.exe'.
21391cb8.d88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetAdp6.sys)
21401cb8.d88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetAdp6.sys
21411cb8.d88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetAdp6.sys [avoiding WinVerifyTrust]
21421cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
21431cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ndis.sys'.
21441cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'netio.sys'.
21451cb8.d88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetLwf.sys)
21461cb8.d88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetLwf.sys
21471cb8.d88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetLwf.sys [avoiding WinVerifyTrust]
21481cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
21491cb8.d88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\VBoxUSBMon.sys)
21501cb8.d88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\VBoxUSBMon.sys
21511cb8.d88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\VBoxUSBMon.sys [avoiding WinVerifyTrust]
21521cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
21531cb8.d88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\VBoxDrv.sys)
21541cb8.d88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\VBoxDrv.sys
21551cb8.d88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\VBoxDrv.sys [avoiding WinVerifyTrust]
21561cb8.285c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
21571cb8.285c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
21581cb8.285c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe'.
21591cb8.285c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'hal.dll'.
21601cb8.285c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'pshed.dll'.
21611cb8.285c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'bootvid.dll'.
21621cb8.285c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'kdcom.dll'.
21631cb8.285c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ci.dll'.
21641cb8.285c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'msrpc.sys'.
21651cb8.285c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe)
21661cb8.285c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe
21671cb8.285c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
21681cb8.285c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
21691cb8.285c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
21701cb8.285c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netio.sys'...
21711cb8.285c: supR3HardenedWinVerifyCacheProcessImportTodos: 'netio.sys' -> '\Device\HarddiskVolume2\Windows\System32\drivers\netio.sys' [rcNtRedir=0xc0150008]
21721cb8.285c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\drivers\netio.sys'.
21731cb8.285c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
21741cb8.285c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ndis.sys'.
21751cb8.285c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msrpc.sys'.
21761cb8.285c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\netio.sys)
21771cb8.285c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\netio.sys
21781cb8.285c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ndis.sys'...
21791cb8.285c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ndis.sys' -> '\Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys' [rcNtRedir=0xc0150008]
21801cb8.285c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys'.
21811cb8.285c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
21821cb8.285c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
21831cb8.285c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'netio.sys'.
21841cb8.285c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'wpprecorder.sys'.
21851cb8.285c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys)
21861cb8.285c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys
21871cb8.285c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
21881cb8.285c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
21891cb8.285c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
21901cb8.285c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
21911cb8.285c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
21921cb8.285c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
21931cb8.285c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ndis.sys'...
21941cb8.285c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ndis.sys' -> '\Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys' [rcNtRedir=0xc0150008]
21951cb8.285c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys [lacks WinVerifyTrust]
21961cb8.285c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wpprecorder.sys'...
21971cb8.285c: supR3HardenedWinVerifyCacheProcessImportTodos: 'wpprecorder.sys' -> '\Device\HarddiskVolume2\Windows\System32\drivers\wpprecorder.sys' [rcNtRedir=0xc0150008]
21981cb8.285c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\drivers\WppRecorder.sys'.
21991cb8.285c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
22001cb8.285c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\WppRecorder.sys)
22011cb8.285c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\WppRecorder.sys
22021cb8.285c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netio.sys'...
22031cb8.285c: supR3HardenedWinVerifyCacheProcessImportTodos: 'netio.sys' -> '\Device\HarddiskVolume2\Windows\System32\drivers\netio.sys' [rcNtRedir=0xc0150008]
22041cb8.285c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\netio.sys [lacks WinVerifyTrust]
22051cb8.285c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
22061cb8.285c: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume2\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
22071cb8.285c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\hal.dll'.
22081cb8.285c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
22091cb8.285c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'kdcom.dll'.
22101cb8.285c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'pshed.dll'.
22111cb8.285c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\hal.dll)
22121cb8.285c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\hal.dll
22131cb8.285c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
22141cb8.285c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
22151cb8.285c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
22161cb8.285c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msrpc.sys'...
22171cb8.285c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msrpc.sys' -> '\Device\HarddiskVolume2\Windows\System32\drivers\msrpc.sys' [rcNtRedir=0xc0150008]
22181cb8.285c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\drivers\msrpc.sys'.
22191cb8.285c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
22201cb8.285c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\msrpc.sys)
22211cb8.285c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\msrpc.sys
22221cb8.285c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ndis.sys'...
22231cb8.285c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ndis.sys' -> '\Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys' [rcNtRedir=0xc0150008]
22241cb8.285c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys [lacks WinVerifyTrust]
22251cb8.285c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
22261cb8.285c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
22271cb8.285c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
22281cb8.285c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msrpc.sys'...
22291cb8.285c: supR3HardenedWinVerifyCacheProcessImportTodos: Failed to locate 'msrpc.sys'
22301cb8.285c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ci.dll'...
22311cb8.285c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ci.dll' -> '\Device\HarddiskVolume2\Windows\System32\ci.dll' [rcNtRedir=0xc0150008]
22321cb8.285c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\ci.dll'.
22331cb8.285c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
22341cb8.285c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
22351cb8.285c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ci.dll)
22361cb8.285c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ci.dll
22371cb8.285c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'kdcom.dll'...
22381cb8.285c: supR3HardenedWinVerifyCacheProcessImportTodos: 'kdcom.dll' -> '\Device\HarddiskVolume2\Windows\System32\kdcom.dll' [rcNtRedir=0xc0150008]
22391cb8.285c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\kdcom.dll'.
22401cb8.285c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
22411cb8.285c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
22421cb8.285c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kdcom.dll)
22431cb8.285c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kdcom.dll
22441cb8.285c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bootvid.dll'...
22451cb8.285c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bootvid.dll' -> '\Device\HarddiskVolume2\Windows\System32\bootvid.dll' [rcNtRedir=0xc0150008]
22461cb8.285c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\BOOTVID.DLL'.
22471cb8.285c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
22481cb8.285c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\BOOTVID.DLL)
22491cb8.285c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\BOOTVID.DLL
22501cb8.285c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'pshed.dll'...
22511cb8.285c: supR3HardenedWinVerifyCacheProcessImportTodos: 'pshed.dll' -> '\Device\HarddiskVolume2\Windows\System32\pshed.dll' [rcNtRedir=0xc0150008]
22521cb8.285c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\PSHED.DLL'.
22531cb8.285c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
22541cb8.285c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
22551cb8.285c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\PSHED.DLL)
22561cb8.285c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\PSHED.DLL
22571cb8.285c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
22581cb8.285c: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume2\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
22591cb8.285c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\hal.dll [lacks WinVerifyTrust]
22601cb8.285c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
22611cb8.285c: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume2\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
22621cb8.285c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\hal.dll [lacks WinVerifyTrust]
22631cb8.285c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
22641cb8.285c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
22651cb8.285c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
22661cb8.285c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
22671cb8.285c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
22681cb8.285c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
22691cb8.285c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
22701cb8.285c: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume2\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
22711cb8.285c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\hal.dll [lacks WinVerifyTrust]
22721cb8.285c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
22731cb8.285c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
22741cb8.285c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
22751cb8.285c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
22761cb8.285c: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume2\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
22771cb8.285c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\hal.dll [lacks WinVerifyTrust]
22781cb8.285c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
22791cb8.285c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
22801cb8.285c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
22811cb8.285c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
22821cb8.285c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
22831cb8.285c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
22841cb8.285c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'pshed.dll'...
22851cb8.285c: supR3HardenedWinVerifyCacheProcessImportTodos: 'pshed.dll' -> '\Device\HarddiskVolume2\Windows\System32\pshed.dll' [rcNtRedir=0xc0150008]
22861cb8.285c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\PSHED.DLL [lacks WinVerifyTrust]
22871cb8.285c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'kdcom.dll'...
22881cb8.285c: supR3HardenedWinVerifyCacheProcessImportTodos: 'kdcom.dll' -> '\Device\HarddiskVolume2\Windows\System32\kdcom.dll' [rcNtRedir=0xc0150008]
22891cb8.285c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kdcom.dll [lacks WinVerifyTrust]
22901cb8.285c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
22911cb8.285c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
22921cb8.285c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
22931cb8.285c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
22941cb8.285c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
22951cb8.285c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
22961cb8.285c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
22971cb8.285c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\drivers\VBoxDrv.sys'
22981cb8.285c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
22991cb8.285c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\drivers\VBoxUSBMon.sys'
23001cb8.285c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
23011cb8.285c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetLwf.sys'
23021cb8.285c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
23031cb8.285c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetAdp6.sys'
23041cb8.285c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
23051cb8.285c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
23061cb8.285c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\PSHED.DLL'
23071cb8.285c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
23081cb8.285c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
23091cb8.285c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\BOOTVID.DLL'
23101cb8.285c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
23111cb8.285c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
23121cb8.285c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kdcom.dll'
23131cb8.285c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
23141cb8.285c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
23151cb8.285c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ci.dll'
23161cb8.285c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
23171cb8.285c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
23181cb8.285c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\drivers\msrpc.sys'
23191cb8.285c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
23201cb8.285c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
23211cb8.285c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\hal.dll'
23221cb8.285c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
23231cb8.285c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
23241cb8.285c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23251cb8.285c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
23261cb8.285c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\drivers\WppRecorder.sys'
23271cb8.285c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
23281cb8.285c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
23291cb8.285c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys'
23301cb8.285c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
23311cb8.285c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
23321cb8.285c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\drivers\netio.sys'
23331cb8.285c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
23341cb8.285c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
23351cb8.285c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe'
23361cb8.285c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
23371cb8.285c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
23381cb8.285c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
23391cb8.285c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
23401cb8.285c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
23411cb8.285c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
23421cb8.285c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
23431cb8.285c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
23441cb8.285c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
23451cb8.285c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
23461cb8.285c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
23471cb8.285c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
23481cb8.285c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
23491cb8.285c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
23501cb8.285c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
23511cb8.285c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
23521cb8.285c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23531cb8.285c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
23541cb8.285c: supR3HardenedDllNotificationCallback: load 00007ff8f5fb0000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
23551cb8.285c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
23561cb8.285c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f5fb0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
23571cb8.1c10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
23581cb8.1c10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
23591cb8.1c10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
23601cb8.1c10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
23611cb8.1c10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
23621cb8.1c10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
23631cb8.1c10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
23641cb8.1c10: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
23651cb8.1c10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
23661cb8.1c10: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
23671cb8.1c10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
23681cb8.1c10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
23691cb8.1c10: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
23701cb8.1c10: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23711cb8.1c10: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
23721cb8.1c10: supR3HardenedDllNotificationCallback: load 00007ff8f5fa0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
23731cb8.1c10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
23741cb8.1c10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f5fa0000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
23751cb8.191c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
23761cb8.191c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
23771cb8.191c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
23781cb8.191c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
23791cb8.191c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
23801cb8.191c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
23811cb8.191c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
23821cb8.191c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
23831cb8.191c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
23841cb8.191c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
23851cb8.191c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
23861cb8.191c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
23871cb8.191c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
23881cb8.191c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23891cb8.191c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
23901cb8.191c: supR3HardenedDllNotificationCallback: load 00007ff8f5f90000 LB 0x0000f000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
23911cb8.191c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
23921cb8.191c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f5f90000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
23931cb8.1ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
23941cb8.1ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
23951cb8.1ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
23961cb8.1ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
23971cb8.1ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
23981cb8.1ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
23991cb8.1ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
24001cb8.1ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
24011cb8.1ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
24021cb8.1ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
24031cb8.1ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24041cb8.1ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
24051cb8.1ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24061cb8.1ad4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
24071cb8.1ad4: supR3HardenedDllNotificationCallback: load 00007ff8f5f80000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
24081cb8.1ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
24091cb8.1ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f5f80000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
24101cb8.d88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
24111cb8.d88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32/Shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24121cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fcd40000 'C:\WINDOWS\system32/Shell32.dll'
24131cb8.d88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
24141cb8.d88: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24151cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8deac0000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
24161cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
24171cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
24181cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
24191cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
24201cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
24211cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
24221cb8.d88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll) WinVerifyTrust
24231cb8.d88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
24241cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
24251cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
24261cb8.d88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
24271cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
24281cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
24291cb8.d88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
24301cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
24311cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
24321cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
24331cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
24341cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24351cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
24361cb8.d88: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24371cb8.d88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
24381cb8.d88: supR3HardenedDllNotificationCallback: load 00007ff8f5b00000 LB 0x00033000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
24391cb8.d88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
24401cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f5b00000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxHostWebcam.DLL'
24411cb8.d88: supR3HardenedDllNotificationCallback: Unload 00007ff8f5b00000 LB 0x00033000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
24421cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
24431cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
24441cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
24451cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
24461cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
24471cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
24481cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
24491cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
24501cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
24511cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
24521cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
24531cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
24541cb8.d88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
24551cb8.d88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
24561cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
24571cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
24581cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
24591cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
24601cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
24611cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winnsi.dll'.
24621cb8.d88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
24631cb8.d88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
24641cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
24651cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
24661cb8.d88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
24671cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
24681cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
24691cb8.d88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
24701cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
24711cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
24721cb8.d88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll [redoing WinVerifyTrust]
24731cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
24741cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
24751cb8.d88: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\winnsi.dll'.
24761cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
24771cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
24781cb8.d88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winnsi.dll)
24791cb8.d88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winnsi.dll
24801cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
24811cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
24821cb8.d88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll [lacks WinVerifyTrust]
24831cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
24841cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
24851cb8.d88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll [lacks WinVerifyTrust]
24861cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
24871cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
24881cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
24891cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
24901cb8.d88: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\setupapi.dll'
24911cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
24921cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
24931cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
24941cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
24951cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
24961cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
24971cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
24981cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
24991cb8.d88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
25001cb8.d88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
25011cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
25021cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
25031cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
25041cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
25051cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
25061cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
25071cb8.d88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
25081cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
25091cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
25101cb8.d88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
25111cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
25121cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
25131cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
25141cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
25151cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
25161cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'newdev.dll'.
25171cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
25181cb8.d88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
25191cb8.d88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
25201cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
25211cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
25221cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
25231cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
25241cb8.d88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
25251cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
25261cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
25271cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
25281cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
25291cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'newdev.dll'...
25301cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'newdev.dll' -> '\Device\HarddiskVolume2\Windows\System32\newdev.dll' [rcNtRedir=0xc0150008]
25311cb8.d88: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000fbc pwszName=\Device\HarddiskVolume2\Windows\System32\newdev.dll
25321cb8.d88: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010f5980
25331cb8.d88: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010f5980
25341cb8.d88: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=793D99A2656EF7BC8AE3D3DA54E1A198969B9F96
25351cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
25361cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
25371cb8.d88: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-base~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\newdev.dll'
25381cb8.d88: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
25391cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25401cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
25411cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'gdi32.dll'.
25421cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'uxtheme.dll'.
25431cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'cfgmgr32.dll'.
25441cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'setupapi.dll'.
25451cb8.d88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\newdev.dll) WinVerifyTrust
25461cb8.d88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\newdev.dll
25471cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
25481cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
25491cb8.d88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
25501cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
25511cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
25521cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
25531cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
25541cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
25551cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
25561cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
25571cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
25581cb8.d88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
25591cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
25601cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
25611cb8.d88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [redoing WinVerifyTrust]
25621cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
25631cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
25641cb8.d88: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
25651cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uxtheme.dll'...
25661cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'uxtheme.dll' -> '\Device\HarddiskVolume2\Windows\System32\uxtheme.dll' [rcNtRedir=0xc0150008]
25671cb8.d88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
25681cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
25691cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
25701cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
25711cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
25721cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25731cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25741cb8.d88: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25751cb8.d88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
25761cb8.d88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
25771cb8.d88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
25781cb8.d88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
25791cb8.d88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\newdev.dll
25801cb8.d88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll [avoiding WinVerifyTrust]
25811cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25821cb8.d88: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\devrtl.dll)
25831cb8.d88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devrtl.dll
25841cb8.d88: supR3HardenedDllNotificationCallback: load 00007ff8f5ee0000 LB 0x00013000 C:\WINDOWS\SYSTEM32\devrtl.DLL [fFlags=0x0]
25851cb8.d88: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\devrtl.dll [avoiding WinVerifyTrust]
25861cb8.d88: supR3HardenedDllNotificationCallback: load 00007ff8f5e80000 LB 0x00058000 C:\WINDOWS\SYSTEM32\newdev.dll [fFlags=0x0]
25871cb8.d88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\newdev.dll
25881cb8.d88: supR3HardenedDllNotificationCallback: load 00007ff8f5e10000 LB 0x00061000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
25891cb8.d88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
25901cb8.d88: supR3HardenedDllNotificationCallback: load 00007ff8f5b00000 LB 0x00035000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
25911cb8.d88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
25921cb8.d88: supR3HardenedDllNotificationCallback: load 00007ff8f9380000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\WINNSI.DLL [fFlags=0x0]
25931cb8.d88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll [avoiding WinVerifyTrust]
25941cb8.d88: supR3HardenedDllNotificationCallback: load 00007ff8f9460000 LB 0x00038000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
25951cb8.d88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
25961cb8.d88: supR3HardenedDllNotificationCallback: load 00007ff8d26b0000 LB 0x008e1000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
25971cb8.d88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
25981cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d26b0000 'C:\Program Files\Oracle\VirtualBox/VBoxDD.DLL'
25991cb8.d88: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000fcc pwszName=\Device\HarddiskVolume2\Windows\System32\devrtl.dll
26001cb8.d88: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010f5980
26011cb8.d88: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010f5980
26021cb8.d88: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E4E1A7D70D0B4F04066620172BA9B8A3CADF2EF6
26031cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26041cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26051cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
26061cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
26071cb8.d88: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-base~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\devrtl.dll'
26081cb8.d88: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
26091cb8.d88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\devrtl.dll'
26101cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
26111cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
26121cb8.d88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\winnsi.dll'
26131cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
26141cb8.d88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
26151cb8.d88: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26161cb8.d88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
26171cb8.d88: supR3HardenedDllNotificationCallback: load 00007ff8f0980000 LB 0x00033000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
26181cb8.d88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
26191cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f0980000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxHostWebcam.DLL'
26201cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
26211cb8.d88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
26221cb8.d88: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26231cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d2fa0000 'C:\Program Files\Oracle\VirtualBox/VBoxC.DLL'
26241cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
26251cb8.d88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
26261cb8.d88: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26271cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f5b00000 'C:\Program Files\Oracle\VirtualBox/VBoxDD2.DLL'
26281cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
26291cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
26301cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
26311cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
26321cb8.d88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll) WinVerifyTrust
26331cb8.d88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
26341cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
26351cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
26361cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
26371cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
26381cb8.d88: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxEhciR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26391cb8.d88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
26401cb8.d88: supR3HardenedDllNotificationCallback: load 00007ff8f5c20000 LB 0x0001d000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [fFlags=0x0]
26411cb8.d88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
26421cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f5c20000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxEhciR3.DLL'
26431cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
26441cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
26451cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
26461cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
26471cb8.d88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll) WinVerifyTrust
26481cb8.d88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
26491cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
26501cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
26511cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
26521cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
26531cb8.d88: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxUsbCardReaderR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26541cb8.d88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
26551cb8.d88: supR3HardenedDllNotificationCallback: load 00007ff8f5ae0000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [fFlags=0x0]
26561cb8.d88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
26571cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f5ae0000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxUsbCardReaderR3.DLL'
26581cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
26591cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
26601cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
26611cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
26621cb8.d88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll) WinVerifyTrust
26631cb8.d88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
26641cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
26651cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
26661cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
26671cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
26681cb8.d88: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxUsbWebcamR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26691cb8.d88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
26701cb8.d88: supR3HardenedDllNotificationCallback: load 00007ff8f0960000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [fFlags=0x0]
26711cb8.d88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
26721cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f0960000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxUsbWebcamR3.DLL'
26731cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
26741cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
26751cb8.19f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
26761cb8.19f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
26771cb8.19f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
26781cb8.19f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
26791cb8.19f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
26801cb8.19f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
26811cb8.19f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
26821cb8.19f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
26831cb8.19f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
26841cb8.19f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
26851cb8.19f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
26861cb8.19f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
26871cb8.19f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
26881cb8.19f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26891cb8.19f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
26901cb8.19f0: supR3HardenedDllNotificationCallback: load 00007ff8f3c00000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
26911cb8.19f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
26921cb8.19f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f3c00000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
26931cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
26941cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
26951cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
26961cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
26971cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
26981cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
26991cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
27001cb8.d88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll) WinVerifyTrust
27011cb8.d88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
27021cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
27031cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
27041cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
27051cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
27061cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
27071cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
27081cb8.d88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
27091cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
27101cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
27111cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
27121cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
27131cb8.d88: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VDPluginCrypt.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27141cb8.d88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
27151cb8.d88: supR3HardenedDllNotificationCallback: load 00007ff8f5b40000 LB 0x000c4000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL [fFlags=0x0]
27161cb8.d88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
27171cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f5b40000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VDPluginCrypt.DLL'
27181cb8.d88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
27191cb8.d88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32/Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27201cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f9460000 'C:\WINDOWS\system32/Iphlpapi.dll'
27211cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
27221cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
27231cb8.d88: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll)
27241cb8.d88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
27251cb8.d88: supR3HardenedDllNotificationCallback: load 00007ff8f82f0000 LB 0x00016000 C:\WINDOWS\SYSTEM32\dhcpcsvc6.DLL [fFlags=0x0]
27261cb8.d88: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll [avoiding WinVerifyTrust]
27271cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
27281cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
27291cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'nsi.dll'.
27301cb8.d88: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll)
27311cb8.d88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
27321cb8.d88: supR3HardenedDllNotificationCallback: load 00007ff8f7d60000 LB 0x0001a000 C:\WINDOWS\SYSTEM32\dhcpcsvc.DLL [fFlags=0x0]
27331cb8.d88: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll [avoiding WinVerifyTrust]
27341cb8.d88: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ed8 pwszName=\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
27351cb8.d88: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010f5980
27361cb8.d88: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010f5980
27371cb8.d88: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EC5F23FF9BE9DCF8E5234FF8C5B6EBE9459DC35E
27381cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
27391cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
27401cb8.d88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll [lacks WinVerifyTrust]
27411cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
27421cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
27431cb8.d88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
27441cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
27451cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
27461cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
27471cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
27481cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
27491cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
27501cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
27511cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
27521cb8.d88: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-CoreSystem-minio-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll'
27531cb8.d88: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
27541cb8.d88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll'
27551cb8.d88: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000eac pwszName=\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
27561cb8.d88: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010f5980
27571cb8.d88: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010f5980
27581cb8.d88: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7F2C6FCDABC75F6CF26C6E8145FC3426AD15DAAC
27591cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
27601cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
27611cb8.d88: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-CoreSystem-minio-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll'
27621cb8.d88: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
27631cb8.d88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll'
27641cb8.d88: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000010bc pwszName=\Device\HarddiskVolume2\Windows\System32\dsound.dll
27651cb8.d88: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010f5980
27661cb8.d88: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010f5980
27671cb8.d88: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7FF2119E435E404AD007FD65DA8D286C1635ACA6
27681cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
27691cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
27701cb8.d88: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SKU-Foundation-Package-avcore-noindeo-Group-avcore-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\dsound.dll'
27711cb8.d88: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
27721cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27731cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'advapi32.dll'.
27741cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
27751cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'winmm.dll'.
27761cb8.d88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dsound.dll) WinVerifyTrust
27771cb8.d88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dsound.dll
27781cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
27791cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
27801cb8.d88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
27811cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
27821cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
27831cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
27841cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
27851cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27861cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27871cb8.d88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32/dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27881cb8.d88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
27891cb8.d88: supR3HardenedDllNotificationCallback: load 00007ff8f08c0000 LB 0x0009c000 C:\WINDOWS\system32\dsound.dll [fFlags=0x0]
27901cb8.d88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
27911cb8.d88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
27921cb8.d88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27931cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f08c0000 'C:\WINDOWS\system32\dsound.dll'
27941cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f08c0000 'C:\WINDOWS\system32/dsound.dll'
27951cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
27961cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
27971cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27981cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
27991cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'devobj.dll'.
28001cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'propsys.dll'.
28011cb8.d88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll) WinVerifyTrust
28021cb8.d88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
28031cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
28041cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume2\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
28051cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
28061cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
28071cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28081cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
28091cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
28101cb8.d88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\propsys.dll) WinVerifyTrust
28111cb8.d88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\propsys.dll
28121cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
28131cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
28141cb8.d88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll [redoing WinVerifyTrust]
28151cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
28161cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
28171cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
28181cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
28191cb8.d88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
28201cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28211cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28221cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
28231cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
28241cb8.d88: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\devobj.dll'
28251cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
28261cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
28271cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28281cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28291cb8.d88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
28301cb8.d88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
28311cb8.d88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
28321cb8.d88: supR3HardenedDllNotificationCallback: load 00007ff8f8740000 LB 0x00183000 C:\WINDOWS\System32\PROPSYS.dll [fFlags=0x0]
28331cb8.d88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
28341cb8.d88: supR3HardenedDllNotificationCallback: load 00007ff8f1cf0000 LB 0x00072000 C:\WINDOWS\System32\MMDevApi.dll [fFlags=0x0]
28351cb8.d88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
28361cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f1cf0000 'C:\WINDOWS\System32\MMDevApi.dll'
28371cb8.d88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
28381cb8.d88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28391cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f1cf0000 'C:\WINDOWS\system32\MMDEVAPI.DLL'
28401cb8.d88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
28411cb8.d88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28421cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f9430000 'C:\WINDOWS\system32\winmm.dll'
28431cb8.d88: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000010dc pwszName=\Device\HarddiskVolume2\Windows\System32\wdmaud.drv
28441cb8.d88: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010f5980
28451cb8.d88: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010f5980
28461cb8.d88: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=83143779FC4D27950BF3BCBCD430201AA21D5678
28471cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
28481cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
28491cb8.d88: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Multimedia-MMECoreWdmAudio-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\wdmaud.drv'
28501cb8.d88: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
28511cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28521cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'ksuser.dll'.
28531cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'user32.dll'.
28541cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'winmm.dll'.
28551cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'avrt.dll'.
28561cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'mmdevapi.dll'.
28571cb8.d88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wdmaud.drv) WinVerifyTrust
28581cb8.d88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
28591cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
28601cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
28611cb8.d88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
28621cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
28631cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
28641cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
28651cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
28661cb8.d88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\avrt.dll) WinVerifyTrust
28671cb8.d88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\avrt.dll
28681cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
28691cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
28701cb8.d88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
28711cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
28721cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
28731cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
28741cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume2\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
28751cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
28761cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
28771cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28781cb8.d88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ksuser.dll) WinVerifyTrust
28791cb8.d88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ksuser.dll
28801cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28811cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28821cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28831cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28841cb8.d88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28851cb8.d88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
28861cb8.d88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
28871cb8.d88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
28881cb8.d88: supR3HardenedDllNotificationCallback: load 00007ff8f0f30000 LB 0x00008000 C:\WINDOWS\SYSTEM32\ksuser.dll [fFlags=0x0]
28891cb8.d88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
28901cb8.d88: supR3HardenedDllNotificationCallback: load 00007ff8f0f40000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\AVRT.dll [fFlags=0x0]
28911cb8.d88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
28921cb8.d88: supR3HardenedDllNotificationCallback: load 00007ff8dd420000 LB 0x00041000 C:\WINDOWS\system32\wdmaud.drv [fFlags=0x0]
28931cb8.d88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
28941cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8dd420000 'C:\WINDOWS\system32\wdmaud.drv'
28951cb8.d88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
28961cb8.d88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28971cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8dd420000 'C:\WINDOWS\system32\wdmaud.drv'
28981cb8.d88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
28991cb8.d88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29001cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8dd420000 'C:\WINDOWS\system32\wdmaud.drv'
29011cb8.d88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
29021cb8.d88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29031cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8dd420000 'C:\WINDOWS\system32\wdmaud.drv'
29041cb8.d88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
29051cb8.d88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29061cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8dd420000 'C:\WINDOWS\system32\wdmaud.drv'
29071cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
29081cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
29091cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29101cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
29111cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
29121cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'mmdevapi.dll'.
29131cb8.d88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\AudioSes.dll) WinVerifyTrust
29141cb8.d88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
29151cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
29161cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
29171cb8.d88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
29181cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
29191cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
29201cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
29211cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
29221cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29231cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29241cb8.d88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29251cb8.d88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
29261cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29271cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'combase.dll'.
29281cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
29291cb8.d88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\WinTypes.dll)
29301cb8.d88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\WinTypes.dll
29311cb8.d88: supR3HardenedDllNotificationCallback: load 00007ff8f7b10000 LB 0x00131000 C:\WINDOWS\SYSTEM32\wintypes.dll [fFlags=0x0]
29321cb8.d88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust]
29331cb8.d88: supR3HardenedDllNotificationCallback: load 00007ff8dff40000 LB 0x00085000 C:\WINDOWS\system32\AUDIOSES.DLL [fFlags=0x0]
29341cb8.d88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
29351cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8dff40000 'C:\WINDOWS\system32\AUDIOSES.DLL'
29361cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
29371cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
29381cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
29391cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
29401cb8.d88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll
29411cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29421cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29431cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
29441cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
29451cb8.d88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\WinTypes.dll'
29461cb8.d88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
29471cb8.d88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29481cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8dd420000 'C:\WINDOWS\system32\wdmaud.drv'
29491cb8.d88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
29501cb8.d88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29511cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8dd420000 'C:\WINDOWS\system32\wdmaud.drv'
29521cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8dd420000 'C:\WINDOWS\system32\wdmaud.drv'
29531cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8dd420000 'C:\WINDOWS\system32\wdmaud.drv'
29541cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8dd420000 'C:\WINDOWS\system32\wdmaud.drv'
29551cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8dd420000 'C:\WINDOWS\system32\wdmaud.drv'
29561cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8dd420000 'C:\WINDOWS\system32\wdmaud.drv'
29571cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8dd420000 'C:\WINDOWS\system32\wdmaud.drv'
29581cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8dd420000 'C:\WINDOWS\system32\wdmaud.drv'
29591cb8.d88: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000010b8 pwszName=\Device\HarddiskVolume2\Windows\System32\msacm32.drv
29601cb8.d88: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010f5980
29611cb8.d88: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010f5980
29621cb8.d88: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3EAA362874D7E19DE11B8B4782838AD2981FC207
29631cb8.d88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
29641cb8.d88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29651cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
29661cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
29671cb8.d88: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SKU-Foundation-Package-avcore-noindeo-Group-avcore-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\msacm32.drv'
29681cb8.d88: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
29691cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29701cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'mmdevapi.dll'.
29711cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msacm32.dll'.
29721cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'user32.dll'.
29731cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'winmm.dll'.
29741cb8.d88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.drv) WinVerifyTrust
29751cb8.d88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.drv
29761cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
29771cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
29781cb8.d88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
29791cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
29801cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
29811cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
29821cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
29831cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
29841cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
29851cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29861cb8.d88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.dll) WinVerifyTrust
29871cb8.d88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.dll
29881cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
29891cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
29901cb8.d88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
29911cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29921cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29931cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29941cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29951cb8.d88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29961cb8.d88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
29971cb8.d88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
29981cb8.d88: supR3HardenedDllNotificationCallback: load 00007ff8f81f0000 LB 0x0001c000 C:\WINDOWS\SYSTEM32\MSACM32.dll [fFlags=0x0]
29991cb8.d88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
30001cb8.d88: supR3HardenedDllNotificationCallback: load 00007ff8f8210000 LB 0x0000c000 C:\WINDOWS\system32\msacm32.drv [fFlags=0x0]
30011cb8.d88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
30021cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f8210000 'C:\WINDOWS\system32\msacm32.drv'
30031cb8.d88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
30041cb8.d88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30051cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f8210000 'C:\WINDOWS\system32\msacm32.drv'
30061cb8.d88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
30071cb8.d88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30081cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f8210000 'C:\WINDOWS\system32\msacm32.drv'
30091cb8.d88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
30101cb8.d88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30111cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f8210000 'C:\WINDOWS\system32\msacm32.drv'
30121cb8.d88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
30131cb8.d88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30141cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f8210000 'C:\WINDOWS\system32\msacm32.drv'
30151cb8.d88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
30161cb8.d88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30171cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f8210000 'C:\WINDOWS\system32\msacm32.drv'
30181cb8.d88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
30191cb8.d88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30201cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f8210000 'C:\WINDOWS\system32\msacm32.drv'
30211cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f8210000 'C:\WINDOWS\system32\msacm32.drv'
30221cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f8210000 'C:\WINDOWS\system32\msacm32.drv'
30231cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f8210000 'C:\WINDOWS\system32\msacm32.drv'
30241cb8.d88: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000011a4 pwszName=\Device\HarddiskVolume2\Windows\System32\midimap.dll
30251cb8.d88: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010f5980
30261cb8.d88: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010f5980
30271cb8.d88: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=96AFFE7289EA0FE318F97A9F3C88DF66DCB2B4F6
30281cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
30291cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
30301cb8.d88: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SKU-Foundation-Package-avcore-noindeo-Group-avcore-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\midimap.dll'
30311cb8.d88: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
30321cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
30331cb8.d88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'winmm.dll'.
30341cb8.d88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\midimap.dll) WinVerifyTrust
30351cb8.d88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\midimap.dll
30361cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
30371cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
30381cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
30391cb8.d88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
30401cb8.d88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30411cb8.d88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
30421cb8.d88: supR3HardenedDllNotificationCallback: load 00007ff8ecfd0000 LB 0x0000a000 C:\WINDOWS\system32\midimap.dll [fFlags=0x0]
30431cb8.d88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
30441cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ecfd0000 'C:\WINDOWS\system32\midimap.dll'
30451cb8.d88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
30461cb8.d88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30471cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ecfd0000 'C:\WINDOWS\system32\midimap.dll'
30481cb8.d88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
30491cb8.d88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30501cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ecfd0000 'C:\WINDOWS\system32\midimap.dll'
30511cb8.d88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
30521cb8.d88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30531cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ecfd0000 'C:\WINDOWS\system32\midimap.dll'
30541cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f9430000 'C:\WINDOWS\system32\winmm.dll'
30551cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f9430000 'C:\WINDOWS\system32\winmm.dll'
30561cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f9430000 'C:\WINDOWS\system32\winmm.dll'
30571cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f9430000 'C:\WINDOWS\system32\winmm.dll'
30581cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f9430000 'C:\WINDOWS\system32\winmm.dll'
30591cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f9430000 'C:\WINDOWS\system32\winmm.dll'
30601cb8.d88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
30611cb8.d88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
30621cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f08c0000 'C:\WINDOWS\System32\dsound.dll'
30631cb8.d88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
30641cb8.d88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30651cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f9430000 'C:\WINDOWS\system32\winmm.dll'
30661cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f9430000 'C:\WINDOWS\system32\winmm.dll'
30671cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f9430000 'C:\WINDOWS\system32\winmm.dll'
30681cb8.d88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
30691cb8.d88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32/kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30701cb8.d88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fcb60000 'C:\WINDOWS\system32/kernel32.dll'
30711cb8.1f08: supR3HardenedMonitor_LdrLoadDll: 'C:\WINDOWS\system32\comctl32.dll' -> 'C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll' [redir]
30721cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll [redoing WinVerifyTrust]
30731cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
30741cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
30751cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll'
30761cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll (Input=C:\WINDOWS\system32\comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30771cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f1bf0000 'C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll'
30781cb8.126c: '\Device\HarddiskVolume2\Windows\System32\tzres.dll' has no imports
30791cb8.126c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\tzres.dll)
30801cb8.126c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\tzres.dll
30811cb8.126c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\tzres.dll [avoiding WinVerifyTrust]
30821cb8.126c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001100 pwszName=\Device\HarddiskVolume2\Windows\System32\tzres.dll
30831cb8.126c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010f5980
30841cb8.126c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010f5980
30851cb8.126c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=70B49B85D2F7BA5E6F42836FF363155E8051A249
30861cb8.126c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
30871cb8.126c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
30881cb8.126c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-base~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\tzres.dll'
30891cb8.126c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
30901cb8.126c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\tzres.dll'
30911cb8.126c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
30921cb8.126c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
30931cb8.126c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
30941cb8.126c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
30951cb8.126c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mswsock.dll) WinVerifyTrust
30961cb8.126c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mswsock.dll
30971cb8.126c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
30981cb8.126c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
30991cb8.126c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
31001cb8.126c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
31011cb8.126c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\mswsock.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
31021cb8.126c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mswsock.dll
31031cb8.126c: supR3HardenedDllNotificationCallback: load 00007ff8fa970000 LB 0x0005d000 C:\WINDOWS\system32\mswsock.dll [fFlags=0x0]
31041cb8.126c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mswsock.dll
31051cb8.126c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa970000 'C:\WINDOWS\system32\mswsock.dll'
31061cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000132c pwszName=\Device\HarddiskVolume2\Windows\System32\mscms.dll
31071cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010f5980
31081cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010f5980
31091cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9DE0AE5A831B542C653001320C6D23DB821AB045
31101cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
31111cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
31121cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-windows~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\mscms.dll'
31131cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
31141cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
31151cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'userenv.dll'.
31161cb8.1f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mscms.dll) WinVerifyTrust
31171cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mscms.dll
31181cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'...
31191cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume2\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008]
31201cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
31211cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
31221cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
31231cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\mscms.dll (Input=mscms.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
31241cb8.1f08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mscms.dll
31251cb8.1f08: supR3HardenedDllNotificationCallback: load 00007ff8f2050000 LB 0x00091000 C:\WINDOWS\system32\mscms.dll [fFlags=0x0]
31261cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mscms.dll
31271cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f2050000 'C:\WINDOWS\system32\mscms.dll'
31281cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000854 pwszName=\Device\HarddiskVolume2\Windows\System32\icm32.dll
31291cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010f5980
31301cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010f5980
31311cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3C64882D9D993EF4CE01F569750C8BC8223059F2
31321cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
31331cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
31341cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-windows~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\icm32.dll'
31351cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
31361cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
31371cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'mscms.dll'.
31381cb8.1f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\icm32.dll) WinVerifyTrust
31391cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\icm32.dll
31401cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mscms.dll'...
31411cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'mscms.dll' -> '\Device\HarddiskVolume2\Windows\System32\mscms.dll' [rcNtRedir=0xc0150008]
31421cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mscms.dll
31431cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
31441cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
31451cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\icm32.dll (Input=icm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
31461cb8.1f08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\icm32.dll
31471cb8.1f08: supR3HardenedDllNotificationCallback: load 00007ff8f4550000 LB 0x00042000 C:\WINDOWS\system32\icm32.dll [fFlags=0x0]
31481cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\icm32.dll
31491cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f4550000 'C:\WINDOWS\system32\icm32.dll'
31501cb8.2f78: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
31511cb8.2f78: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\avrt.dll (Input=avrt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
31521cb8.2f78: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f0f40000 'C:\WINDOWS\system32\avrt.dll'
31531cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fe270000 'C:\WINDOWS\system32\user32.dll'
31541cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f9430000 'C:\WINDOWS\SYSTEM32\WINMM.dll'
31551cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fe270000 'C:\WINDOWS\system32\User32.dll'
31561cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
31571cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'rpcrt4.dll'.
31581cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'iertutil.dll'.
31591cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'oleaut32.dll'.
31601cb8.1f08: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\edputil.dll)
31611cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\edputil.dll
31621cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
31631cb8.1f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\iertutil.dll)
31641cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\iertutil.dll
31651cb8.1f08: supR3HardenedDllNotificationCallback: load 00007ff8f6050000 LB 0x00376000 C:\WINDOWS\SYSTEM32\iertutil.dll [fFlags=0x0]
31661cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\iertutil.dll [avoiding WinVerifyTrust]
31671cb8.1f08: supR3HardenedDllNotificationCallback: load 00007ff8ea530000 LB 0x0002f000 C:\WINDOWS\SYSTEM32\edputil.dll [fFlags=0x0]
31681cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\edputil.dll [avoiding WinVerifyTrust]
31691cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
31701cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
31711cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
31721cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
31731cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iertutil.dll'...
31741cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'iertutil.dll' -> '\Device\HarddiskVolume2\Windows\System32\iertutil.dll' [rcNtRedir=0xc0150008]
31751cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\iertutil.dll [lacks WinVerifyTrust]
31761cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
31771cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
31781cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
31791cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
31801cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
31811cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb530000 'C:\Windows\System32\WINTRUST.DLL'
31821cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\CRYPT32.dll'
31831cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
31841cb8.1f08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\iertutil.dll'
31851cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001550 pwszName=\Device\HarddiskVolume2\Windows\System32\edputil.dll
31861cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010f5980
31871cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010f5980
31881cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F274D304DA58CF83FB8B359D32ABC4CCCF49C9DD
31891cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
31901cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
31911cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-ds~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\edputil.dll'
31921cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
31931cb8.1f08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\edputil.dll'
31941cb8.1f08: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-devmgmt-policy-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
31951cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp110_win.dll'.
31961cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
31971cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'rpcrt4.dll'.
31981cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'xmllite.dll'.
31991cb8.1f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\policymanager.dll)
32001cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\policymanager.dll
32011cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
32021cb8.1f08: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msvcp110_win.dll)
32031cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcp110_win.dll
32041cb8.1f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
32051cb8.1f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\xmllite.dll)
32061cb8.1f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\xmllite.dll
32071cb8.1f08: supR3HardenedDllNotificationCallback: load 00007ff8f0a00000 LB 0x00092000 C:\WINDOWS\SYSTEM32\msvcp110_win.dll [fFlags=0x0]
32081cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcp110_win.dll [avoiding WinVerifyTrust]
32091cb8.1f08: supR3HardenedDllNotificationCallback: load 00007ff8f5a00000 LB 0x00036000 C:\WINDOWS\SYSTEM32\XmlLite.dll [fFlags=0x0]
32101cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\xmllite.dll [avoiding WinVerifyTrust]
32111cb8.1f08: supR3HardenedDllNotificationCallback: load 00007ff8ef6a0000 LB 0x00039000 C:\WINDOWS\SYSTEM32\policymanager.dll [fFlags=0x0]
32121cb8.1f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\policymanager.dll [avoiding WinVerifyTrust]
32131cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ef6a0000 'ext-ms-win-devmgmt-policy-l1-1-0.dll'
32141cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
32151cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
32161cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
32171cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
32181cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'xmllite.dll'...
32191cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'xmllite.dll' -> '\Device\HarddiskVolume2\Windows\System32\xmllite.dll' [rcNtRedir=0xc0150008]
32201cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\xmllite.dll [lacks WinVerifyTrust]
32211cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
32221cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
32231cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
32241cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
32251cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp110_win.dll'...
32261cb8.1f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp110_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp110_win.dll' [rcNtRedir=0xc0150008]
32271cb8.1f08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcp110_win.dll [lacks WinVerifyTrust]
32281cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
32291cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
32301cb8.1f08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\xmllite.dll'
32311cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001398 pwszName=\Device\HarddiskVolume2\Windows\System32\msvcp110_win.dll
32321cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000010f5980
32331cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000010f5980
32341cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C809A8CA0579C78DB5236BAC762E7830AB75C39B
32351cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
32361cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
32371cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Hyper-V-Package-minkernel-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\msvcp110_win.dll'
32381cb8.1f08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
32391cb8.1f08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcp110_win.dll'
32401cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa620000 'C:\WINDOWS\system32\rsaenh.dll'
32411cb8.1f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb360000 'C:\WINDOWS\system32\crypt32.dll'
32421cb8.1f08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\policymanager.dll'

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy