VirtualBox

Ticket #14737: VBoxHardening.log

File VBoxHardening.log, 352.9 KB (added by po, 9 years ago)
Line 
11f34.1930: Log file opened: 5.0.8r103449 g_hStartupLog=0000000000000018 g_uNtVerCombined=0x63258000
21f34.1930: \SystemRoot\System32\ntdll.dll:
31f34.1930: CreationTime: 2015-10-13T23:34:31.183173000Z
41f34.1930: LastWriteTime: 2015-08-07T21:40:29.476583000Z
51f34.1930: ChangeTime: 2015-10-15T01:59:38.857902000Z
61f34.1930: FileAttributes: 0x20
71f34.1930: Size: 0x1a7f48
81f34.1930: NT Headers: 0xd8
91f34.1930: Timestamp: 0x55c4c16b
101f34.1930: Machine: 0x8664 - amd64
111f34.1930: Timestamp: 0x55c4c16b
121f34.1930: Image Version: 6.3
131f34.1930: SizeOfImage: 0x1ac000 (1753088)
141f34.1930: Resource Dir: 0x148000 LB 0x62450
151f34.1930: ProductName: Microsoft® Windows® Operating System
161f34.1930: ProductVersion: 6.3.9600.18007
171f34.1930: FileVersion: 6.3.9600.18007 (winblue_ltsb.150807-0612)
181f34.1930: FileDescription: NT Layer DLL
191f34.1930: \SystemRoot\System32\kernel32.dll:
201f34.1930: CreationTime: 2014-05-21T01:47:27.273618800Z
211f34.1930: LastWriteTime: 2014-03-20T04:19:59.915412000Z
221f34.1930: ChangeTime: 2015-10-15T02:02:00.089022700Z
231f34.1930: FileAttributes: 0x20
241f34.1930: Size: 0x13b3c0
251f34.1930: NT Headers: 0xe8
261f34.1930: Timestamp: 0x532a419c
271f34.1930: Machine: 0x8664 - amd64
281f34.1930: Timestamp: 0x532a419c
291f34.1930: Image Version: 6.3
301f34.1930: SizeOfImage: 0x13a000 (1286144)
311f34.1930: Resource Dir: 0x12a000 LB 0x520
321f34.1930: ProductName: Microsoft® Windows® Operating System
331f34.1930: ProductVersion: 6.3.9600.17056
341f34.1930: FileVersion: 6.3.9600.17056 (winblue_gdr.140319-1520)
351f34.1930: FileDescription: Windows NT BASE API Client DLL
361f34.1930: \SystemRoot\System32\KernelBase.dll:
371f34.1930: CreationTime: 2014-10-18T01:10:00.581170500Z
381f34.1930: LastWriteTime: 2014-08-16T03:58:45.372065200Z
391f34.1930: ChangeTime: 2015-10-15T02:02:00.635897700Z
401f34.1930: FileAttributes: 0x20
411f34.1930: Size: 0x10f9c0
421f34.1930: NT Headers: 0xf0
431f34.1930: Timestamp: 0x53eebf2e
441f34.1930: Machine: 0x8664 - amd64
451f34.1930: Timestamp: 0x53eebf2e
461f34.1930: Image Version: 6.3
471f34.1930: SizeOfImage: 0x10f000 (1110016)
481f34.1930: Resource Dir: 0x10a000 LB 0x3528
491f34.1930: ProductName: Microsoft® Windows® Operating System
501f34.1930: ProductVersion: 6.3.9600.17278
511f34.1930: FileVersion: 6.3.9600.17278 (winblue_r2.140815-1500)
521f34.1930: FileDescription: Windows NT BASE API Client DLL
531f34.1930: \SystemRoot\System32\apisetschema.dll:
541f34.1930: CreationTime: 2013-08-22T12:13:09.745625900Z
551f34.1930: LastWriteTime: 2013-08-22T12:35:12.091034400Z
561f34.1930: ChangeTime: 2014-05-14T02:05:30.364616000Z
571f34.1930: FileAttributes: 0x20
581f34.1930: Size: 0x11360
591f34.1930: NT Headers: 0xd0
601f34.1930: Timestamp: 0x52160049
611f34.1930: Machine: 0x8664 - amd64
621f34.1930: Timestamp: 0x52160049
631f34.1930: Image Version: 6.3
641f34.1930: SizeOfImage: 0x13000 (77824)
651f34.1930: Resource Dir: 0x11000 LB 0x3f8
661f34.1930: ProductName: Microsoft® Windows® Operating System
671f34.1930: ProductVersion: 6.3.9600.16384
681f34.1930: FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
691f34.1930: FileDescription: ApiSet Schema DLL
701f34.1930: NtOpenDirectoryObject failed on \Driver: 0xc0000022
711f34.1930: supR3HardenedWinFindAdversaries: 0x0
721f34.1930: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\VMPROGVBOX'
731f34.1930: Calling main()
741f34.1930: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
751f34.1930: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\VMPROGVBOX'
761f34.1930: SUPR3HardenedMain: Respawn #1
771f34.1930: System32: \Device\HarddiskVolume1\Windows\System32
781f34.1930: WinSxS: \Device\HarddiskVolume1\Windows\WinSxS
791f34.1930: KnownDllPath: C:\Windows\system32
801f34.1930: '\Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.exe' has no imports
811f34.1930: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.exe)
821f34.1930: supR3HardNtEnableThreadCreation:
831f34.1930: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffc09408ec0 pvNtTerminateThread=00007ffc09481700
841f34.1930: supR3HardenedWinDoReSpawn(1): New child 12dc.1bfc [kernel32].
851f34.1930: supR3HardNtChildGatherData: PebBaseAddress=00007ff707303000 cbPeb=0x388
861f34.1930: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffc093f0000 uNtDllChildAddr=00007ffc093f0000
871f34.1930: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffc09408ec0
881f34.1930: supR3HardenedWinSetupChildInit: Start child.
891f34.1930: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
901f34.1930: supR3HardNtChildPurify: Startup delay kludge #1/0: 265 ms, 16 sleeps
911f34.1930: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
921f34.1930: *0000000000000000-fffffffffff7ffff 0x0001/0x0000 0x0000000
931f34.1930: *0000000000080000-000000000005ffff 0x0004/0x0004 0x0020000
941f34.1930: *00000000000a0000-0000000000090fff 0x0002/0x0002 0x0040000
951f34.1930: 00000000000af000-00000000000adfff 0x0001/0x0000 0x0000000
961f34.1930: *00000000000b0000-fffffffffffb3fff 0x0000/0x0004 0x0020000
971f34.1930: 00000000001ac000-00000000001a8fff 0x0104/0x0004 0x0020000
981f34.1930: 00000000001af000-00000000001adfff 0x0004/0x0004 0x0020000
991f34.1930: *00000000001b0000-00000000001abfff 0x0002/0x0002 0x0040000
1001f34.1930: 00000000001b4000-00000000001a7fff 0x0001/0x0000 0x0000000
1011f34.1930: *00000000001c0000-00000000001bdfff 0x0004/0x0004 0x0020000
1021f34.1930: 00000000001c2000-ffffffff803a3fff 0x0001/0x0000 0x0000000
1031f34.1930: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
1041f34.1930: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
1051f34.1930: 000000007fff0000-ffff8009f8d0ffff 0x0001/0x0000 0x0000000
1061f34.1930: *00007ff7072d0000-00007ff70729cfff 0x0002/0x0002 0x0040000
1071f34.1930: *00007ff707303000-00007ff707301fff 0x0004/0x0004 0x0020000
1081f34.1930: 00007ff707304000-00007ff7072f9fff 0x0001/0x0000 0x0000000
1091f34.1930: *00007ff70730e000-00007ff70730bfff 0x0004/0x0004 0x0020000
1101f34.1930: 00007ff707310000-00007ff706a4ffff 0x0001/0x0000 0x0000000
1111f34.1930: *00007ff707bd0000-00007ff707bd0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.exe
1121f34.1930: 00007ff707bd1000-00007ff707c57fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.exe
1131f34.1930: 00007ff707c58000-00007ff707c58fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.exe
1141f34.1930: 00007ff707c59000-00007ff707ca3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.exe
1151f34.1930: 00007ff707ca4000-00007ff707ca4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.exe
1161f34.1930: 00007ff707ca5000-00007ff707ca5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.exe
1171f34.1930: 00007ff707ca6000-00007ff707caafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.exe
1181f34.1930: 00007ff707cab000-00007ff707cabfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.exe
1191f34.1930: 00007ff707cac000-00007ff707cacfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.exe
1201f34.1930: 00007ff707cad000-00007ff707cb0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.exe
1211f34.1930: 00007ff707cb1000-00007ff707cfbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.exe
1221f34.1930: 00007ff707cfc000-00007ff206607fff 0x0001/0x0000 0x0000000
1231f34.1930: *00007ffc093f0000-00007ffc093f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
1241f34.1930: 00007ffc093f1000-00007ffc0951cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
1251f34.1930: 00007ffc0951d000-00007ffc09522fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
1261f34.1930: 00007ffc09523000-00007ffc0952ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
1271f34.1930: 00007ffc09530000-00007ffc09530fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
1281f34.1930: 00007ffc09531000-00007ffc09533fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
1291f34.1930: 00007ffc09534000-00007ffc09534fff 0x0010/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
1301f34.1930: 00007ffc09535000-00007ffc0959bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
1311f34.1930: 00007ffc0959c000-00007ff812b57fff 0x0001/0x0000 0x0000000
1321f34.1930: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
1331f34.1930: VirtualBox.exe: timestamp 0x561faefe (rc=VINF_SUCCESS)
1341f34.1930: '\Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.exe' has no imports
1351f34.1930: '\Device\HarddiskVolume1\Windows\System32\ntdll.dll' has no imports
1361f34.1930: supR3HardNtChildPurify: Done after 312 ms and 0 fixes (loop #0).
1371f34.1930: supR3HardNtEnableThreadCreation:
13812dc.1bfc: Log file opened: 5.0.8r103449 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x63258000
13912dc.1bfc: supR3HardenedVmProcessInit: uNtDllAddr=00007ffc093f0000
14012dc.1bfc: ntdll.dll: timestamp 0x55c4c16b (rc=VINF_SUCCESS)
14112dc.1bfc: New simple heap: #1 00000000002d0000 LB 0x400000 (for 1753088 allocation)
14212dc.1bfc: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\VMPROGVBOX'
14312dc.1bfc: System32: \Device\HarddiskVolume1\Windows\System32
14412dc.1bfc: WinSxS: \Device\HarddiskVolume1\Windows\WinSxS
14512dc.1bfc: KnownDllPath: C:\Windows\system32
14612dc.1bfc: supR3HardenedVmProcessInit: Opening vboxdrv stub...
14712dc.1bfc: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
14812dc.1bfc: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
14912dc.1bfc: Registered Dll notification callback with NTDLL.
15012dc.1bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\kernel32.dll)
15112dc.1bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\kernel32.dll
15212dc.1bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801:<flags> [calling]
15312dc.1bfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
15412dc.1bfc: supR3HardenedDllNotificationCallback: load 00007ffc06350000 LB 0x0010f000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
15512dc.1bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\KernelBase.dll)
15612dc.1bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
15712dc.1bfc: supR3HardenedDllNotificationCallback: load 00007ffc06970000 LB 0x0013a000 C:\Windows\system32\KERNEL32.DLL [fFlags=0x0]
15812dc.1bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
15912dc.1bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06970000 'C:\Windows\system32\KERNEL32.DLL'
16012dc.1bfc: supR3HardenedDllNotificationCallback: load 00007ff707bd0000 LB 0x0012c000 F:\VMPROGVBOX\VirtualBox.exe [fFlags=0x0]
16112dc.1bfc: '\Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.exe' has no imports
16212dc.1bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.exe)
16312dc.1bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.exe
16412dc.1bfc: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffc09408ec0 pvNtTerminateThread=00007ffc09481700
1651f34.1930: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 125 ms.
16612dc.1bfc: \SystemRoot\System32\ntdll.dll:
16712dc.1bfc: CreationTime: 2015-10-13T23:34:31.183173000Z
16812dc.1bfc: LastWriteTime: 2015-08-07T21:40:29.476583000Z
16912dc.1bfc: ChangeTime: 2015-10-15T01:59:38.857902000Z
17012dc.1bfc: FileAttributes: 0x20
17112dc.1bfc: Size: 0x1a7f48
17212dc.1bfc: NT Headers: 0xd8
17312dc.1bfc: Timestamp: 0x55c4c16b
17412dc.1bfc: Machine: 0x8664 - amd64
17512dc.1bfc: Timestamp: 0x55c4c16b
17612dc.1bfc: Image Version: 6.3
17712dc.1bfc: SizeOfImage: 0x1ac000 (1753088)
17812dc.1bfc: Resource Dir: 0x148000 LB 0x62450
17912dc.1bfc: ProductName: Microsoft® Windows® Operating System
18012dc.1bfc: ProductVersion: 6.3.9600.18007
18112dc.1bfc: FileVersion: 6.3.9600.18007 (winblue_ltsb.150807-0612)
18212dc.1bfc: FileDescription: NT Layer DLL
18312dc.1bfc: \SystemRoot\System32\kernel32.dll:
18412dc.1bfc: CreationTime: 2014-05-21T01:47:27.273618800Z
18512dc.1bfc: LastWriteTime: 2014-03-20T04:19:59.915412000Z
18612dc.1bfc: ChangeTime: 2015-10-15T02:02:00.089022700Z
18712dc.1bfc: FileAttributes: 0x20
18812dc.1bfc: Size: 0x13b3c0
18912dc.1bfc: NT Headers: 0xe8
19012dc.1bfc: Timestamp: 0x532a419c
19112dc.1bfc: Machine: 0x8664 - amd64
19212dc.1bfc: Timestamp: 0x532a419c
19312dc.1bfc: Image Version: 6.3
19412dc.1bfc: SizeOfImage: 0x13a000 (1286144)
19512dc.1bfc: Resource Dir: 0x12a000 LB 0x520
19612dc.1bfc: ProductName: Microsoft® Windows® Operating System
19712dc.1bfc: ProductVersion: 6.3.9600.17056
19812dc.1bfc: FileVersion: 6.3.9600.17056 (winblue_gdr.140319-1520)
19912dc.1bfc: FileDescription: Windows NT BASE API Client DLL
20012dc.1bfc: \SystemRoot\System32\KernelBase.dll:
20112dc.1bfc: CreationTime: 2014-10-18T01:10:00.581170500Z
20212dc.1bfc: LastWriteTime: 2014-08-16T03:58:45.372065200Z
20312dc.1bfc: ChangeTime: 2015-10-15T02:02:00.635897700Z
20412dc.1bfc: FileAttributes: 0x20
20512dc.1bfc: Size: 0x10f9c0
20612dc.1bfc: NT Headers: 0xf0
20712dc.1bfc: Timestamp: 0x53eebf2e
20812dc.1bfc: Machine: 0x8664 - amd64
20912dc.1bfc: Timestamp: 0x53eebf2e
21012dc.1bfc: Image Version: 6.3
21112dc.1bfc: SizeOfImage: 0x10f000 (1110016)
21212dc.1bfc: Resource Dir: 0x10a000 LB 0x3528
21312dc.1bfc: ProductName: Microsoft® Windows® Operating System
21412dc.1bfc: ProductVersion: 6.3.9600.17278
21512dc.1bfc: FileVersion: 6.3.9600.17278 (winblue_r2.140815-1500)
21612dc.1bfc: FileDescription: Windows NT BASE API Client DLL
21712dc.1bfc: \SystemRoot\System32\apisetschema.dll:
21812dc.1bfc: CreationTime: 2013-08-22T12:13:09.745625900Z
21912dc.1bfc: LastWriteTime: 2013-08-22T12:35:12.091034400Z
22012dc.1bfc: ChangeTime: 2014-05-14T02:05:30.364616000Z
22112dc.1bfc: FileAttributes: 0x20
22212dc.1bfc: Size: 0x11360
22312dc.1bfc: NT Headers: 0xd0
22412dc.1bfc: Timestamp: 0x52160049
22512dc.1bfc: Machine: 0x8664 - amd64
22612dc.1bfc: Timestamp: 0x52160049
22712dc.1bfc: Image Version: 6.3
22812dc.1bfc: SizeOfImage: 0x13000 (77824)
22912dc.1bfc: Resource Dir: 0x11000 LB 0x3f8
23012dc.1bfc: ProductName: Microsoft® Windows® Operating System
23112dc.1bfc: ProductVersion: 6.3.9600.16384
23212dc.1bfc: FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
23312dc.1bfc: FileDescription: ApiSet Schema DLL
23412dc.1bfc: NtOpenDirectoryObject failed on \Driver: 0xc0000022
23512dc.1bfc: supR3HardenedWinFindAdversaries: 0x0
23612dc.1bfc: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\VMPROGVBOX'
23712dc.1bfc: Calling main()
23812dc.1bfc: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
23912dc.1bfc: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\VMPROGVBOX'
24012dc.1bfc: '\Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.exe' has no imports
24112dc.1bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.exe)
24212dc.1bfc: SUPR3HardenedMain: Respawn #2
24312dc.1bfc: supR3HardNtEnableThreadCreation:
24412dc.1bfc: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffc09408ec0 pvNtTerminateThread=00007ffc09481700
24512dc.1bfc: supR3HardenedWinDoReSpawn(2): New child 1104.bfc [kernel32].
24612dc.1bfc: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
24712dc.1bfc: supR3HardNtChildGatherData: PebBaseAddress=00007ff70757e000 cbPeb=0x388
24812dc.1bfc: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffc093f0000 uNtDllChildAddr=00007ffc093f0000
24912dc.1bfc: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffc09408ec0
25012dc.1bfc: supR3HardenedWinSetupChildInit: Start child.
25112dc.1bfc: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
25212dc.1bfc: supR3HardNtChildPurify: Startup delay kludge #1/0: 265 ms, 16 sleeps
25312dc.1bfc: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
25412dc.1bfc: *0000000000000000-ffffffffff78ffff 0x0001/0x0000 0x0000000
25512dc.1bfc: *0000000000870000-000000000084ffff 0x0004/0x0004 0x0020000
25612dc.1bfc: *0000000000890000-0000000000880fff 0x0002/0x0002 0x0040000
25712dc.1bfc: 000000000089f000-000000000089dfff 0x0001/0x0000 0x0000000
25812dc.1bfc: *00000000008a0000-00000000007a3fff 0x0000/0x0004 0x0020000
25912dc.1bfc: 000000000099c000-0000000000998fff 0x0104/0x0004 0x0020000
26012dc.1bfc: 000000000099f000-000000000099dfff 0x0004/0x0004 0x0020000
26112dc.1bfc: *00000000009a0000-000000000099bfff 0x0002/0x0002 0x0040000
26212dc.1bfc: 00000000009a4000-0000000000997fff 0x0001/0x0000 0x0000000
26312dc.1bfc: *00000000009b0000-00000000009adfff 0x0004/0x0004 0x0020000
26412dc.1bfc: 00000000009b2000-ffffffff81383fff 0x0001/0x0000 0x0000000
26512dc.1bfc: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
26612dc.1bfc: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
26712dc.1bfc: 000000007fff0000-ffff8009f8a9ffff 0x0001/0x0000 0x0000000
26812dc.1bfc: *00007ff707540000-00007ff70750cfff 0x0002/0x0002 0x0040000
26912dc.1bfc: 00007ff707573000-00007ff707569fff 0x0001/0x0000 0x0000000
27012dc.1bfc: *00007ff70757c000-00007ff707579fff 0x0004/0x0004 0x0020000
27112dc.1bfc: *00007ff70757e000-00007ff70757cfff 0x0004/0x0004 0x0020000
27212dc.1bfc: 00007ff70757f000-00007ff706f2dfff 0x0001/0x0000 0x0000000
27312dc.1bfc: *00007ff707bd0000-00007ff707bd0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.exe
27412dc.1bfc: 00007ff707bd1000-00007ff707c57fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.exe
27512dc.1bfc: 00007ff707c58000-00007ff707c58fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.exe
27612dc.1bfc: 00007ff707c59000-00007ff707ca3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.exe
27712dc.1bfc: 00007ff707ca4000-00007ff707ca4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.exe
27812dc.1bfc: 00007ff707ca5000-00007ff707ca5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.exe
27912dc.1bfc: 00007ff707ca6000-00007ff707caafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.exe
28012dc.1bfc: 00007ff707cab000-00007ff707cabfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.exe
28112dc.1bfc: 00007ff707cac000-00007ff707cacfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.exe
28212dc.1bfc: 00007ff707cad000-00007ff707cb0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.exe
28312dc.1bfc: 00007ff707cb1000-00007ff707cfbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.exe
28412dc.1bfc: 00007ff707cfc000-00007ff206607fff 0x0001/0x0000 0x0000000
28512dc.1bfc: *00007ffc093f0000-00007ffc093f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
28612dc.1bfc: 00007ffc093f1000-00007ffc0951cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
28712dc.1bfc: 00007ffc0951d000-00007ffc09522fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
28812dc.1bfc: 00007ffc09523000-00007ffc0952ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
28912dc.1bfc: 00007ffc09530000-00007ffc09530fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
29012dc.1bfc: 00007ffc09531000-00007ffc09533fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
29112dc.1bfc: 00007ffc09534000-00007ffc09534fff 0x0010/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
29212dc.1bfc: 00007ffc09535000-00007ffc0959bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
29312dc.1bfc: 00007ffc0959c000-00007ff812b57fff 0x0001/0x0000 0x0000000
29412dc.1bfc: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
29512dc.1bfc: VirtualBox.exe: timestamp 0x561faefe (rc=VINF_SUCCESS)
29612dc.1bfc: '\Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.exe' has no imports
29712dc.1bfc: '\Device\HarddiskVolume1\Windows\System32\ntdll.dll' has no imports
29812dc.1bfc: supR3HardNtChildPurify: Done after 312 ms and 0 fixes (loop #0).
29912dc.1bfc: supR3HardenedEarlyCompact: Removed heap 1 (0x000000002d0000 LB 0x400000)
30012dc.1bfc: supR3HardNtEnableThreadCreation:
3011104.bfc: Log file opened: 5.0.8r103449 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x63258000
3021104.bfc: supR3HardenedVmProcessInit: uNtDllAddr=00007ffc093f0000
3031104.bfc: ntdll.dll: timestamp 0x55c4c16b (rc=VINF_SUCCESS)
3041104.bfc: New simple heap: #1 0000000000ac0000 LB 0x400000 (for 1753088 allocation)
3051104.bfc: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\VMPROGVBOX'
3061104.bfc: System32: \Device\HarddiskVolume1\Windows\System32
3071104.bfc: WinSxS: \Device\HarddiskVolume1\Windows\WinSxS
3081104.bfc: KnownDllPath: C:\Windows\system32
3091104.bfc: supR3HardenedVmProcessInit: Opening vboxdrv...
3101104.bfc: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
3111104.bfc: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
3121104.bfc: Registered Dll notification callback with NTDLL.
3131104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\kernel32.dll)
3141104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\kernel32.dll
3151104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801:<flags> [calling]
3161104.bfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
3171104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc06350000 LB 0x0010f000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
3181104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\KernelBase.dll)
3191104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
3201104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc06970000 LB 0x0013a000 C:\Windows\system32\KERNEL32.DLL [fFlags=0x0]
3211104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
3221104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06970000 'C:\Windows\system32\KERNEL32.DLL'
3231104.bfc: supR3HardenedDllNotificationCallback: load 00007ff707bd0000 LB 0x0012c000 F:\VMPROGVBOX\VirtualBox.exe [fFlags=0x0]
3241104.bfc: '\Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.exe' has no imports
3251104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.exe)
3261104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.exe
3271104.bfc: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffc09408ec0 pvNtTerminateThread=00007ffc09481700
32812dc.1bfc: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 125 ms.
3291104.bfc: \SystemRoot\System32\ntdll.dll:
3301104.bfc: CreationTime: 2015-10-13T23:34:31.183173000Z
3311104.bfc: LastWriteTime: 2015-08-07T21:40:29.476583000Z
3321104.bfc: ChangeTime: 2015-10-15T01:59:38.857902000Z
3331104.bfc: FileAttributes: 0x20
3341104.bfc: Size: 0x1a7f48
3351104.bfc: NT Headers: 0xd8
3361104.bfc: Timestamp: 0x55c4c16b
3371104.bfc: Machine: 0x8664 - amd64
3381104.bfc: Timestamp: 0x55c4c16b
3391104.bfc: Image Version: 6.3
3401104.bfc: SizeOfImage: 0x1ac000 (1753088)
3411104.bfc: Resource Dir: 0x148000 LB 0x62450
3421104.bfc: ProductName: Microsoft® Windows® Operating System
3431104.bfc: ProductVersion: 6.3.9600.18007
3441104.bfc: FileVersion: 6.3.9600.18007 (winblue_ltsb.150807-0612)
3451104.bfc: FileDescription: NT Layer DLL
3461104.bfc: \SystemRoot\System32\kernel32.dll:
3471104.bfc: CreationTime: 2014-05-21T01:47:27.273618800Z
3481104.bfc: LastWriteTime: 2014-03-20T04:19:59.915412000Z
3491104.bfc: ChangeTime: 2015-10-15T02:02:00.089022700Z
3501104.bfc: FileAttributes: 0x20
3511104.bfc: Size: 0x13b3c0
3521104.bfc: NT Headers: 0xe8
3531104.bfc: Timestamp: 0x532a419c
3541104.bfc: Machine: 0x8664 - amd64
3551104.bfc: Timestamp: 0x532a419c
3561104.bfc: Image Version: 6.3
3571104.bfc: SizeOfImage: 0x13a000 (1286144)
3581104.bfc: Resource Dir: 0x12a000 LB 0x520
3591104.bfc: ProductName: Microsoft® Windows® Operating System
3601104.bfc: ProductVersion: 6.3.9600.17056
3611104.bfc: FileVersion: 6.3.9600.17056 (winblue_gdr.140319-1520)
3621104.bfc: FileDescription: Windows NT BASE API Client DLL
3631104.bfc: \SystemRoot\System32\KernelBase.dll:
3641104.bfc: CreationTime: 2014-10-18T01:10:00.581170500Z
3651104.bfc: LastWriteTime: 2014-08-16T03:58:45.372065200Z
3661104.bfc: ChangeTime: 2015-10-15T02:02:00.635897700Z
3671104.bfc: FileAttributes: 0x20
3681104.bfc: Size: 0x10f9c0
3691104.bfc: NT Headers: 0xf0
3701104.bfc: Timestamp: 0x53eebf2e
3711104.bfc: Machine: 0x8664 - amd64
3721104.bfc: Timestamp: 0x53eebf2e
3731104.bfc: Image Version: 6.3
3741104.bfc: SizeOfImage: 0x10f000 (1110016)
3751104.bfc: Resource Dir: 0x10a000 LB 0x3528
3761104.bfc: ProductName: Microsoft® Windows® Operating System
3771104.bfc: ProductVersion: 6.3.9600.17278
3781104.bfc: FileVersion: 6.3.9600.17278 (winblue_r2.140815-1500)
3791104.bfc: FileDescription: Windows NT BASE API Client DLL
3801104.bfc: \SystemRoot\System32\apisetschema.dll:
3811104.bfc: CreationTime: 2013-08-22T12:13:09.745625900Z
3821104.bfc: LastWriteTime: 2013-08-22T12:35:12.091034400Z
3831104.bfc: ChangeTime: 2014-05-14T02:05:30.364616000Z
3841104.bfc: FileAttributes: 0x20
3851104.bfc: Size: 0x11360
3861104.bfc: NT Headers: 0xd0
3871104.bfc: Timestamp: 0x52160049
3881104.bfc: Machine: 0x8664 - amd64
3891104.bfc: Timestamp: 0x52160049
3901104.bfc: Image Version: 6.3
3911104.bfc: SizeOfImage: 0x13000 (77824)
3921104.bfc: Resource Dir: 0x11000 LB 0x3f8
3931104.bfc: ProductName: Microsoft® Windows® Operating System
3941104.bfc: ProductVersion: 6.3.9600.16384
3951104.bfc: FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
3961104.bfc: FileDescription: ApiSet Schema DLL
3971104.bfc: NtOpenDirectoryObject failed on \Driver: 0xc0000022
3981104.bfc: supR3HardenedWinFindAdversaries: 0x0
3991104.bfc: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\VMPROGVBOX'
4001104.bfc: Calling main()
4011104.bfc: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
4021104.bfc: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\VMPROGVBOX'
4031104.bfc: '\Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.exe' has no imports
4041104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.exe)
4051104.bfc: SUPR3HardenedMain: Final process, opening VBoxDrv...
4061104.bfc: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000ac0000 LB 0x400000)
4071104.bfc: supR3HardNtEnableThreadCreation:
4081104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\VMPROGVBOX\VBoxSupLib.dll)
4091104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\VMPROGVBOX\VBoxSupLib.dll
4101104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=F:\VMPROGVBOX\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
4111104.bfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxSupLib.dll [lacks WinVerifyTrust]
4121104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc019c0000 LB 0x00005000 F:\VMPROGVBOX\VBoxSupLib.DLL [fFlags=0x0]
4131104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxSupLib.dll [lacks WinVerifyTrust]
4141104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxSupLib.dll [lacks WinVerifyTrust]
4151104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=F:\VMPROGVBOX\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
4161104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc019c0000 'F:\VMPROGVBOX\VBoxSupLib.DLL'
4171104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxSupLib.dll [lacks WinVerifyTrust]
4181104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=F:\VMPROGVBOX\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
4191104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc019c0000 'F:\VMPROGVBOX\VBoxSupLib.DLL'
4201104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc019c0000 'F:\VMPROGVBOX\VBoxSupLib.DLL'
4211104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
4221104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'crypt32.dll'.
4231104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'msasn1.dll'.
4241104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
4251104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\wintrust.dll)
4261104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wintrust.dll
4271104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
4281104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
4291104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll)
4301104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll
4311104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
4321104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume1\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
4331104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\msasn1.dll)
4341104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msasn1.dll
4351104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
4361104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume1\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
4371104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
4381104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'msasn1.dll'.
4391104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\crypt32.dll)
4401104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\crypt32.dll
4411104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
4421104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
4431104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\msvcrt.dll)
4441104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msvcrt.dll
4451104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
4461104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume1\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
4471104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
4481104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
4491104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
4501104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
4511104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
4521104.bfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
4531104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc071e0000 LB 0x000a7000 C:\Windows\system32\msvcrt.dll [fFlags=0x0]
4541104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
4551104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc06300000 LB 0x00012000 C:\Windows\system32\MSASN1.dll [fFlags=0x0]
4561104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
4571104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc065e0000 LB 0x001df000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0]
4581104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
4591104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc07b70000 LB 0x00141000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0]
4601104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
4611104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc06480000 LB 0x0004c000 C:\Windows\system32\Wintrust.dll [fFlags=0x0]
4621104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
4631104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06480000 'C:\Windows\system32\Wintrust.dll'
4641104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\bcrypt.dll)
4651104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\bcrypt.dll
4661104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
4671104.bfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
4681104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc05d70000 LB 0x00026000 C:\Windows\system32\bcrypt.dll [fFlags=0x0]
4691104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
4701104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05d70000 'C:\Windows\system32\bcrypt.dll'
4711104.bfc: bcrypt.dll loaded at 00007ffc05d70000, BCryptOpenAlgorithmProvider at 00007ffc05d72ce0, preloading providers:
4721104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll)
4731104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll
4741104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
4751104.bfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
4761104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc06080000 LB 0x00060000 C:\Windows\system32\bcryptprimitives.dll [fFlags=0x0]
4771104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
4781104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06080000 'C:\Windows\system32\bcryptprimitives.dll'
4791104.bfc: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=0000000000fd8ac0)
4801104.bfc: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=0000000000fd8e50)
4811104.bfc: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=0000000000fd8fb0)
4821104.bfc: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000000000fd9200)
4831104.bfc: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000000fd9320)
4841104.bfc: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000000fd9a30)
4851104.bfc: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000000fd9b50)
4861104.bfc: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000000fd9c70)
4871104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
4881104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
4891104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06480000 'C:\Windows\System32\WINTRUST.DLL'
4901104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
4911104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
4921104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06480000 'C:\Windows\System32\WINTRUST.DLL'
4931104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
4941104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
4951104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06480000 'C:\Windows\System32\WINTRUST.DLL'
4961104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
4971104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
4981104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06480000 'C:\Windows\System32\WINTRUST.DLL'
4991104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5001104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5011104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06480000 'C:\Windows\System32\WINTRUST.DLL'
5021104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5031104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5041104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06480000 'C:\Windows\System32\WINTRUST.DLL'
5051104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5061104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06480000 'C:\Windows\System32\WINTRUST.DLL'
5071104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\cryptsp.dll)
5081104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\cryptsp.dll
5091104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc05b00000 LB 0x0001e000 C:\Windows\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
5101104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
5111104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcrypt.dll'.
5121104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\rsaenh.dll)
5131104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\rsaenh.dll
5141104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
5151104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume1\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
5161104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
5171104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5181104.bfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
5191104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc05730000 LB 0x00035000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
5201104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
5211104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
5221104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
5231104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\cryptbase.dll)
5241104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\cryptbase.dll
5251104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc06140000 LB 0x0000a000 C:\Windows\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
5261104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
5271104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
5281104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
5291104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
5301104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
5311104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5321104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06970000 'C:\Windows\system32\kernel32.dll'
5331104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5341104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06480000 'C:\Windows\System32\WINTRUST.DLL'
5351104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
5361104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
5371104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\CRYPT32.dll'
5381104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc07b50000 LB 0x00015000 C:\Windows\system32\imagehlp.dll [fFlags=0x0]
5391104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
5401104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\imagehlp.dll)
5411104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\imagehlp.dll
5421104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
5431104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
5441104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
5451104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
5461104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5471104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
5481104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'bcrypt.dll'.
5491104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ntasn1.dll'.
5501104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\ncrypt.dll)
5511104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ncrypt.dll
5521104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\ntasn1.dll)
5531104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ntasn1.dll
5541104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc05ce0000 LB 0x0003a000 C:\Windows\SYSTEM32\NTASN1.dll [fFlags=0x0]
5551104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ntasn1.dll [lacks WinVerifyTrust]
5561104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc05d20000 LB 0x00024000 C:\Windows\SYSTEM32\ncrypt.dll [fFlags=0x0]
5571104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
5581104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
5591104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\sechost.dll)
5601104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\sechost.dll
5611104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc072f0000 LB 0x00059000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0]
5621104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\sechost.dll [lacks WinVerifyTrust]
5631104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
5641104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
5651104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\gpapi.dll)
5661104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\gpapi.dll
5671104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc05420000 LB 0x00024000 C:\Windows\SYSTEM32\gpapi.dll [fFlags=0x0]
5681104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
5691104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\profapi.dll)
5701104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\profapi.dll
5711104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc06220000 LB 0x00014000 C:\Windows\SYSTEM32\profapi.dll [fFlags=0x0]
5721104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\profapi.dll [lacks WinVerifyTrust]
5731104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
5741104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'crypt32.dll'.
5751104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'wldap32.dll'.
5761104.bfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\cryptnet.dll)
5771104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\cryptnet.dll
5781104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
5791104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume1\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
5801104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
5811104.bfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\Wldap32.dll)
5821104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\Wldap32.dll
5831104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
5841104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume1\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
5851104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
5861104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
5871104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
5881104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
5891104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
5901104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
5911104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
5921104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
5931104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
5941104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
5951104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
5961104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
5971104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
5981104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntasn1.dll'...
5991104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntasn1.dll' -> '\Device\HarddiskVolume1\Windows\System32\ntasn1.dll' [rcNtRedir=0xc0150008]
6001104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ntasn1.dll [lacks WinVerifyTrust]
6011104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
6021104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume1\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
6031104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
6041104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6051104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6061104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6071104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6081104.bfc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6091104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc09370000 LB 0x0005c000 C:\Windows\system32\WLDAP32.dll [fFlags=0x0]
6101104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
6111104.bfc: supR3HardenedDllNotificationCallback: load 00007ffbfa2a0000 LB 0x00034000 C:\Windows\system32\cryptnet.dll [fFlags=0x0]
6121104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6131104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6141104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6151104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbfa2a0000 'C:\Windows\system32\cryptnet.dll'
6161104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6171104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6181104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbfa2a0000 'C:\Windows\system32\cryptnet.dll'
6191104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6201104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6211104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbfa2a0000 'C:\Windows\system32\cryptnet.dll'
6221104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6231104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6241104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbfa2a0000 'C:\Windows\system32\cryptnet.dll'
6251104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6261104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6271104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbfa2a0000 'C:\Windows\system32\cryptnet.dll'
6281104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6291104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6301104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbfa2a0000 'C:\Windows\system32\cryptnet.dll'
6311104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6321104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbfa2a0000 'C:\Windows\system32\cryptnet.dll'
6331104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6341104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbfa2a0000 'C:\Windows\system32\cryptnet.dll'
6351104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6361104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbfa2a0000 'C:\Windows\system32\cryptnet.dll'
6371104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6381104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbfa2a0000 'C:\Windows\system32\cryptnet.dll'
6391104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6401104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbfa2a0000 'C:\Windows\system32\cryptnet.dll'
6411104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbfa2a0000 'C:\Windows\system32\cryptnet.dll'
6421104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6431104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbfa2a0000 'C:\Windows\System32\cryptnet.dll'
6441104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6451104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'sechost.dll'.
6461104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'rpcrt4.dll'.
6471104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\advapi32.dll)
6481104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\advapi32.dll
6491104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc068c0000 LB 0x000a5000 C:\Windows\SYSTEM32\advapi32.dll [fFlags=0x0]
6501104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
6511104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6521104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6531104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6541104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
6551104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
6561104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume1\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
6571104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\sechost.dll [lacks WinVerifyTrust]
6581104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6591104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6601104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6611104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6621104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
6631104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
6641104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6651104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
6661104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
6671104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000ff9240
6681104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff9240
6691104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E9D449D768A53FA106767AD8C8013AB6DCC6C8EC
6701104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
6711104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6721104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc07b70000 'C:\Windows\system32\rpcrt4.dll'
6731104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
6741104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06480000 'C:\Windows\System32\WINTRUST.DLL'
6751104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
6761104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06480000 'C:\Windows\System32\WINTRUST.DLL'
6771104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
6781104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06480000 'C:\Windows\System32\WINTRUST.DLL'
6791104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
6801104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06480000 'C:\Windows\System32\WINTRUST.DLL'
6811104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
6821104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06480000 'C:\Windows\System32\WINTRUST.DLL'
6831104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
6841104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6851104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06480000 'C:\Windows\System32\WINTRUST.DLL'
6861104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
6871104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06480000 'C:\Windows\System32\WINTRUST.DLL'
6881104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6891104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6901104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
6911104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
6921104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6931104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
6941104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_30_for_KB3088195~31bf3856ad364e35~amd64~~6.3.1.2.cat'; file='\SystemRoot\System32\ntdll.dll'
6951104.bfc: g_pfnWinVerifyTrust=00007ffc06481040
6961104.bfc: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
6971104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6981104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6991104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
7001104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
7011104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7021104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
7031104.bfc: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\crypt32.dll'
7041104.bfc: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
7051104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7061104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7071104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
7081104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll
7091104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7101104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
7111104.bfc: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\wintrust.dll'
7121104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7131104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7141104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
7151104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
7161104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\advapi32.dll'
7171104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000037c pwszName=\Device\HarddiskVolume1\Windows\System32\Wldap32.dll
7181104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ff9240
7191104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff9240
7201104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A08496AE026B14E832621417F248DDCAECD22079
7211104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7221104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
7231104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
7241104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_76_for_KB2984006~31bf3856ad364e35~amd64~~6.3.1.4.cat'; file='\Device\HarddiskVolume1\Windows\System32\Wldap32.dll'
7251104.bfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
7261104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\Wldap32.dll'
7271104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000378 pwszName=\Device\HarddiskVolume1\Windows\System32\cryptnet.dll
7281104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ff9240
7291104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff9240
7301104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0315578F0B76A9760FEA2715053C51E46A277B04
7311104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7321104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
7331104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
7341104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-CoreSystem-DS-Package~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume1\Windows\System32\cryptnet.dll'
7351104.bfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
7361104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\cryptnet.dll'
7371104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7381104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
7391104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
7401104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\profapi.dll'
7411104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7421104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
7431104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
7441104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\gpapi.dll'
7451104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7461104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
7471104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
7481104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\sechost.dll'
7491104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7501104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
7511104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
7521104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\ntasn1.dll'
7531104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7541104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
7551104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll
7561104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7571104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
7581104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\ncrypt.dll'
7591104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7601104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7611104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
7621104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
7631104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\imagehlp.dll'
7641104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7651104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
7661104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
7671104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\cryptbase.dll'
7681104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7691104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
7701104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
7711104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\rsaenh.dll'
7721104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
7731104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
7741104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\cryptsp.dll'
7751104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
7761104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
7771104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll'
7781104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
7791104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
7801104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\bcrypt.dll'
7811104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
7821104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
7831104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll'
7841104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
7851104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
7861104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\msasn1.dll'
7871104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
7881104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
7891104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll'
7901104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
7911104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\VMPROGVBOX\VBoxSupLib.dll'
7921104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
7931104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.exe'
7941104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
7951104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
7961104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\KernelBase.dll'
7971104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
7981104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
7991104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\kernel32.dll'
8001104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
8011104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
8021104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0x292d758d85f9d800 C=CN, O=OSCCA, CN=ROOTCA
8031104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
8041104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0x78897337f320a800 C=CN, O=Alipay.com Co.,Ltd, OU=www.alipay.com, CN=ALIPAY_ROOT
8051104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
8061104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0x6bd0297e6f5eb3a5 C=CN, O=Sinorail Certification Authority, CN=SRCA
8071104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0x6cfe8a8d674bca10 O=Alibaba.com Corporation, OU=CA Center, CN=Alibaba.com Corporation Root CA
8081104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
8091104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0xcadc32c7ca6ffcfc CN=IcbcCA, O=icbc.com.cn
8101104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
8111104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0xe7bda57c0ecbb00 CN=ICBC Root CA, O=Industrial and Commercial Bank of China
8121104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
8131104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
8141104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0x34ccc8a2de87f407 C=CN, O=CFCA Root CA
8151104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0x90d31b5ab79e90f8 CN=Personal ICBC CA, O=personal.icbc.com.cn
8161104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
8171104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
8181104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
8191104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
8201104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
8211104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
8221104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
8231104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
8241104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
8251104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0xff3891b54348328 C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Secure Server Certification Authority
8261104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
8271104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
8281104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0xad77733ff735d300 C=CN, O=CNNIC, CN=CNNIC ROOT
8291104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
8301104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
8311104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
8321104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
8331104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
8341104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0x6e2ba21058eedf00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN - DATACorp SGC
8351104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
8361104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
8371104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
8381104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
8391104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
8401104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
8411104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
8421104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0xa8b43f38c3f7b100 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware
8431104.bfc: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
8441104.bfc: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=43
8451104.bfc: SUPR3HardenedMain: Load Runtime...
8461104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
8471104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
8481104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
8491104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
8501104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
8511104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\VMPROGVBOX\VBoxRT.dll) WinVerifyTrust
8521104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\VMPROGVBOX\VBoxRT.dll
8531104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8541104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8551104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll
8561104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
8571104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
8581104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
8591104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
8601104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'nsi.dll'.
8611104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'.
8621104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\ws2_32.dll) WinVerifyTrust
8631104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
8641104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
8651104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\msvcp100.dll' [rcNtRedir=0xc0150008]
8661104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8671104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8681104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll
8691104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
8701104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume1\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
8711104.bfc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\nsi.dll'.
8721104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\nsi.dll)
8731104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\nsi.dll
8741104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
8751104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
8761104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\VMPROGVBOX\msvcp100.dll) WinVerifyTrust
8771104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\VMPROGVBOX\msvcp100.dll
8781104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
8791104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\msvcr100.dll' [rcNtRedir=0xc0150008]
8801104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll
8811104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
8821104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\msvcr100.dll' [rcNtRedir=0xc0150008]
8831104.bfc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\VMPROGVBOX\msvcr100.dll'.
8841104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\VMPROGVBOX\msvcr100.dll)
8851104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\VMPROGVBOX\msvcr100.dll
8861104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8871104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
8881104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\VMPROGVBOX\msvcr100.dll) WinVerifyTrust
8891104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=F:\VMPROGVBOX\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
8901104.bfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxRT.dll
8911104.bfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\msvcr100.dll [avoiding WinVerifyTrust]
8921104.bfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\msvcp100.dll
8931104.bfc: supR3HardenedDllNotificationCallback: load 000000006cca0000 LB 0x000d2000 F:\VMPROGVBOX\MSVCR100.dll [fFlags=0x0]
8941104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\msvcr100.dll [avoiding WinVerifyTrust]
8951104.bfc: supR3HardenedDllNotificationCallback: load 000000006cc00000 LB 0x00098000 F:\VMPROGVBOX\MSVCP100.dll [fFlags=0x0]
8961104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\msvcp100.dll
8971104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc07680000 LB 0x00009000 C:\Windows\system32\NSI.dll [fFlags=0x0]
8981104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\nsi.dll [avoiding WinVerifyTrust]
8991104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc06c30000 LB 0x00058000 C:\Windows\system32\WS2_32.dll [fFlags=0x0]
9001104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
9011104.bfc: supR3HardenedDllNotificationCallback: load 00007ffbeca10000 LB 0x0055f000 F:\VMPROGVBOX\VBoxRT.dll [fFlags=0x0]
9021104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxRT.dll
9031104.bfc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\VMPROGVBOX\msvcr100.dll'.
9041104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\VMPROGVBOX\msvcr100.dll' [rescheduled]
9051104.bfc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\nsi.dll'.
9061104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume1\Windows\System32\nsi.dll' [rescheduled]
9071104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxRT.dll
9081104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=F:\VMPROGVBOX\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9091104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeca10000 'F:\VMPROGVBOX\VBoxRT.dll'
9101104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxRT.dll
9111104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=F:\VMPROGVBOX\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9121104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeca10000 'F:\VMPROGVBOX\VBoxRT.dll'
9131104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxRT.dll
9141104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=F:\VMPROGVBOX\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9151104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeca10000 'F:\VMPROGVBOX\VBoxRT.dll'
9161104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxRT.dll
9171104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=F:\VMPROGVBOX\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9181104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeca10000 'F:\VMPROGVBOX\VBoxRT.dll'
9191104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxRT.dll
9201104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=F:\VMPROGVBOX\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9211104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeca10000 'F:\VMPROGVBOX\VBoxRT.dll'
9221104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxRT.dll
9231104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=F:\VMPROGVBOX\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9241104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeca10000 'F:\VMPROGVBOX\VBoxRT.dll'
9251104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeca10000 'F:\VMPROGVBOX\VBoxRT.dll'
9261104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeca10000 'F:\VMPROGVBOX\VBoxRT.dll'
9271104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeca10000 'F:\VMPROGVBOX\VBoxRT.dll'
9281104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeca10000 'F:\VMPROGVBOX\VBoxRT.dll'
9291104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeca10000 'F:\VMPROGVBOX\VBoxRT.dll'
9301104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeca10000 'F:\VMPROGVBOX\VBoxRT.dll'
9311104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeca10000 'F:\VMPROGVBOX\VBoxRT.dll'
9321104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxRT.dll
9331104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=F:\VMPROGVBOX\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9341104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeca10000 'F:\VMPROGVBOX\VBoxRT.dll'
9351104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeca10000 'F:\VMPROGVBOX\VBoxRT.dll'
9361104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeca10000 'F:\VMPROGVBOX\VBoxRT.dll'
9371104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeca10000 'F:\VMPROGVBOX\VBoxRT.dll'
9381104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeca10000 'F:\VMPROGVBOX\VBoxRT.dll'
9391104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeca10000 'F:\VMPROGVBOX\VBoxRT.dll'
9401104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeca10000 'F:\VMPROGVBOX\VBoxRT.dll'
9411104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeca10000 'F:\VMPROGVBOX\VBoxRT.dll'
9421104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeca10000 'F:\VMPROGVBOX\VBoxRT.dll'
9431104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeca10000 'F:\VMPROGVBOX\VBoxRT.dll'
9441104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeca10000 'F:\VMPROGVBOX\VBoxRT.dll'
9451104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeca10000 'F:\VMPROGVBOX\VBoxRT.dll'
9461104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeca10000 'F:\VMPROGVBOX\VBoxRT.dll'
9471104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeca10000 'F:\VMPROGVBOX\VBoxRT.dll'
9481104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeca10000 'F:\VMPROGVBOX\VBoxRT.dll'
9491104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeca10000 'F:\VMPROGVBOX\VBoxRT.dll'
9501104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxRT.dll
9511104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=F:\VMPROGVBOX\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9521104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeca10000 'F:\VMPROGVBOX\VBoxRT.dll'
9531104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeca10000 'F:\VMPROGVBOX\VBoxRT.dll'
9541104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeca10000 'F:\VMPROGVBOX\VBoxRT.dll'
9551104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeca10000 'F:\VMPROGVBOX\VBoxRT.dll'
9561104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06480000 'C:\Windows\system32\Wintrust.dll'
9571104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
9581104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
9591104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
9601104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
9611104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll
9621104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
9631104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
9641104.bfc: SUPR3HardenedMain: Load TrustedMain...
9651104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
9661104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
9671104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
9681104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
9691104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
9701104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
9711104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qtguivbox4.dll'.
9721104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qtnetworkvbox4.dll'.
9731104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qtopenglvbox4.dll'.
9741104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'user32.dll'.
9751104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'gdi32.dll'.
9761104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
9771104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
9781104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
9791104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
9801104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'comdlg32.dll'.
9811104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'winmm.dll'.
9821104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.dll) WinVerifyTrust
9831104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.dll
9841104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
9851104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume1\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
9861104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
9871104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
9881104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
9891104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcrt.dll'.
9901104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'user32.dll'.
9911104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\winmm.dll) WinVerifyTrust
9921104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\winmm.dll
9931104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
9941104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume1\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
9951104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004a0 pwszName=\Device\HarddiskVolume1\Windows\System32\comdlg32.dll
9961104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ff9240
9971104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff9240
9981104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D07100D567670EB6C18EAD4F8F1561AE4F40E0A5
9991104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
10001104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
10011104.bfc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\user32.dll'.
10021104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'gdi32.dll'.
10031104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\user32.dll)
10041104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\user32.dll
10051104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10061104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10071104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll
10081104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
10091104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume1\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
10101104.bfc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\winmmbase.dll'.
10111104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
10121104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'devobj.dll'.
10131104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\winmmbase.dll)
10141104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\winmmbase.dll
10151104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
10161104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume1\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
10171104.bfc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\devobj.dll'.
10181104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10191104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'cfgmgr32.dll'.
10201104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\devobj.dll)
10211104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\devobj.dll
10221104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10231104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10241104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
10251104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
10261104.bfc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\gdi32.dll'.
10271104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'user32.dll'.
10281104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\gdi32.dll)
10291104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\gdi32.dll
10301104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
10311104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
10321104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
10331104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
10341104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
10351104.bfc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll'.
10361104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll)
10371104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll
10381104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10391104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10401104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
10411104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
10421104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_546_for_KB2975719~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume1\Windows\System32\comdlg32.dll'
10431104.bfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10441104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10451104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'.
10461104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
10471104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
10481104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'.
10491104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
10501104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\comdlg32.dll) WinVerifyTrust
10511104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\comdlg32.dll
10521104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
10531104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
10541104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
10551104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume1\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
10561104.bfc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\shell32.dll'.
10571104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10581104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #55 'user32.dll'.
10591104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #57 'shlwapi.dll'.
10601104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #59 'gdi32.dll'.
10611104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\shell32.dll)
10621104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\shell32.dll
10631104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
10641104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume1\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
10651104.bfc: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume1\Windows\System32\comctl32.dll'.
10661104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
10671104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
10681104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
10691104.bfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\comctl32.dll)
10701104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\comctl32.dll
10711104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
10721104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
10731104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
10741104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
10751104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
10761104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
10771104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
10781104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
10791104.bfc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll'.
10801104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
10811104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'user32.dll'.
10821104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'gdi32.dll'.
10831104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\shlwapi.dll)
10841104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\shlwapi.dll
10851104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10861104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10871104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
10881104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
10891104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
10901104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
10911104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
10921104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
10931104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10941104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10951104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
10961104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
10971104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
10981104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
10991104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
11001104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
11011104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
11021104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
11031104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll
11041104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
11051104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
11061104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
11071104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
11081104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
11091104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
11101104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
11111104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
11121104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
11131104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11141104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11151104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
11161104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
11171104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11181104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'combase.dll'.
11191104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
11201104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\oleaut32.dll) WinVerifyTrust
11211104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
11221104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
11231104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
11241104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
11251104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
11261104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll
11271104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
11281104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume1\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
11291104.bfc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\combase.dll'.
11301104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11311104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
11321104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\combase.dll)
11331104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\combase.dll
11341104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11351104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11361104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
11371104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
11381104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11391104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11401104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
11411104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
11421104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
11431104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
11441104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'gdi32.dll'.
11451104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'user32.dll'.
11461104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'combase.dll'.
11471104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\ole32.dll) WinVerifyTrust
11481104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ole32.dll
11491104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
11501104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume1\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
11511104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll [redoing WinVerifyTrust]
11521104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
11531104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume1\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
11541104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\combase.dll [lacks WinVerifyTrust]
11551104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
11561104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
11571104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
11581104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
11591104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
11601104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
11611104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
11621104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
11631104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11641104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11651104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll
11661104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
11671104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
11681104.bfc: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\shell32.dll'
11691104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
11701104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
11711104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll
11721104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
11731104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
11741104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
11751104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
11761104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
11771104.bfc: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\gdi32.dll'
11781104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
11791104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
11801104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll [redoing WinVerifyTrust]
11811104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
11821104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
11831104.bfc: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\user32.dll'
11841104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtopenglvbox4.dll'...
11851104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtopenglvbox4.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\qtopenglvbox4.dll' [rcNtRedir=0xc0150008]
11861104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
11871104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
11881104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
11891104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
11901104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qtguivbox4.dll'.
11911104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
11921104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'.
11931104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\VMPROGVBOX\QtOpenGLVBox4.dll) WinVerifyTrust
11941104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\VMPROGVBOX\QtOpenGLVBox4.dll
11951104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtnetworkvbox4.dll'...
11961104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtnetworkvbox4.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\qtnetworkvbox4.dll' [rcNtRedir=0xc0150008]
11971104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
11981104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\msvcr100.dll' [rcNtRedir=0xc0150008]
11991104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\msvcr100.dll [lacks WinVerifyTrust]
12001104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
12011104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
12021104.bfc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\VMPROGVBOX\QtCoreVBox4.dll'.
12031104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
12041104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
12051104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
12061104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
12071104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
12081104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
12091104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\VMPROGVBOX\QtCoreVBox4.dll)
12101104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\VMPROGVBOX\QtCoreVBox4.dll
12111104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
12121104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\qtguivbox4.dll' [rcNtRedir=0xc0150008]
12131104.bfc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\VMPROGVBOX\QtGuiVBox4.dll'.
12141104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
12151104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'comdlg32.dll'.
12161104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'.
12171104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
12181104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
12191104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
12201104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
12211104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
12221104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'advapi32.dll'.
12231104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shell32.dll'.
12241104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'qtcorevbox4.dll'.
12251104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp100.dll'.
12261104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcr100.dll'.
12271104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\VMPROGVBOX\QtGuiVBox4.dll)
12281104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\VMPROGVBOX\QtGuiVBox4.dll
12291104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12301104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12311104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll
12321104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12331104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
12341104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll
12351104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
12361104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume1\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
12371104.bfc: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume1\Windows\System32\opengl32.dll'.
12381104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12391104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
12401104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
12411104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
12421104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
12431104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
12441104.bfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\opengl32.dll)
12451104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\opengl32.dll
12461104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12471104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12481104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
12491104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume1\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
12501104.bfc: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume1\Windows\System32\ddraw.dll'.
12511104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12521104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'user32.dll'.
12531104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'gdi32.dll'.
12541104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'dciman32.dll'.
12551104.bfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\ddraw.dll)
12561104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ddraw.dll
12571104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
12581104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume1\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
12591104.bfc: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume1\Windows\System32\glu32.dll'.
12601104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12611104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
12621104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
12631104.bfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\glu32.dll)
12641104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\glu32.dll
12651104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12661104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
12671104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll
12681104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
12691104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
12701104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll
12711104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12721104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12731104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
12741104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\msvcr100.dll' [rcNtRedir=0xc0150008]
12751104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\msvcr100.dll [lacks WinVerifyTrust]
12761104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
12771104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\msvcp100.dll' [rcNtRedir=0xc0150008]
12781104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\msvcp100.dll
12791104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
12801104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
12811104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\QtCoreVBox4.dll [lacks WinVerifyTrust]
12821104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
12831104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume1\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
12841104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll
12851104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
12861104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
12871104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll
12881104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12891104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12901104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
12911104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
12921104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
12931104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
12941104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume1\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
12951104.bfc: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume1\Windows\System32\winspool.drv'.
12961104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12971104.bfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\winspool.drv)
12981104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\winspool.drv
12991104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
13001104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume1\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
13011104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
13021104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
13031104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume1\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
13041104.bfc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\imm32.dll'.
13051104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
13061104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'msctf.dll'.
13071104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\imm32.dll)
13081104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\imm32.dll
13091104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
13101104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
13111104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
13121104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
13131104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume1\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
13141104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\comdlg32.dll
13151104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13161104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13171104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
13181104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\msvcr100.dll' [rcNtRedir=0xc0150008]
13191104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\msvcr100.dll [lacks WinVerifyTrust]
13201104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
13211104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\msvcp100.dll' [rcNtRedir=0xc0150008]
13221104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\msvcp100.dll
13231104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
13241104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
13251104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
13261104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
13271104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
13281104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll
13291104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
13301104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
13311104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
13321104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13331104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13341104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
13351104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume1\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
13361104.bfc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\msctf.dll'.
13371104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
13381104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
13391104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
13401104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'imm32.dll'.
13411104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\msctf.dll)
13421104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msctf.dll
13431104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13441104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13451104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13461104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13471104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13481104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13491104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
13501104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume1\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
13511104.bfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
13521104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13531104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13541104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
13551104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume1\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
13561104.bfc: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume1\Windows\System32\dciman32.dll'.
13571104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
13581104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
13591104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
13601104.bfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\dciman32.dll)
13611104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\dciman32.dll
13621104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13631104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13641104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13651104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13661104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13671104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13681104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13691104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13701104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13711104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13721104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13731104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13741104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
13751104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume1\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
13761104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\imm32.dll [lacks WinVerifyTrust]
13771104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13781104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13791104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13801104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13811104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll
13821104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13831104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13841104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
13851104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ws2_32.dll'.
13861104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qtcorevbox4.dll'.
13871104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcr100.dll'.
13881104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\VMPROGVBOX\QtNetworkVBox4.dll) WinVerifyTrust
13891104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\VMPROGVBOX\QtNetworkVBox4.dll
13901104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
13911104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\qtguivbox4.dll' [rcNtRedir=0xc0150008]
13921104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\QtGuiVBox4.dll [redoing WinVerifyTrust]
13931104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
13941104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\msvcr100.dll' [rcNtRedir=0xc0150008]
13951104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\msvcr100.dll [lacks WinVerifyTrust]
13961104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
13971104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
13981104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\QtCoreVBox4.dll [lacks WinVerifyTrust]
13991104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
14001104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
14011104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
14021104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
14031104.bfc: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\VMPROGVBOX\QtGuiVBox4.dll'
14041104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
14051104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
14061104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\QtCoreVBox4.dll [redoing WinVerifyTrust]
14071104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
14081104.bfc: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\VMPROGVBOX\QtCoreVBox4.dll'
14091104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
14101104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\msvcr100.dll' [rcNtRedir=0xc0150008]
14111104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\msvcr100.dll [redoing WinVerifyTrust]
14121104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
14131104.bfc: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\VMPROGVBOX\msvcr100.dll'
14141104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
14151104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\msvcp100.dll' [rcNtRedir=0xc0150008]
14161104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\msvcp100.dll
14171104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
14181104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\vboxrt.dll' [rcNtRedir=0xc0150008]
14191104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
14201104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume1\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
14211104.bfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
14221104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000438 pwszName=\Device\HarddiskVolume1\Windows\System32\opengl32.dll
14231104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ff9240
14241104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff9240
14251104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E7B21317A30D467EC23A2D5AE5A00919E81ECF45
14261104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
14271104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
14281104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-windows~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume1\Windows\System32\opengl32.dll'
14291104.bfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14301104.bfc: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\opengl32.dll'
14311104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=F:\VMPROGVBOX\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
14321104.bfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.dll
14331104.bfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\opengl32.dll
14341104.bfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\QtCoreVBox4.dll
14351104.bfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\QtGuiVBox4.dll
14361104.bfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\QtNetworkVBox4.dll
14371104.bfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\QtOpenGLVBox4.dll
14381104.bfc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
14391104.bfc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
14401104.bfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\combase.dll [avoiding WinVerifyTrust]
14411104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
14421104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
14431104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
14441104.bfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_34ae2abd958aedeb\comctl32.dll)
14451104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_34ae2abd958aedeb\comctl32.dll
14461104.bfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll [avoiding WinVerifyTrust]
14471104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14481104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'combase.dll'.
14491104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\SHCore.dll)
14501104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\SHCore.dll
14511104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc06c90000 LB 0x00171000 C:\Windows\system32\USER32.dll [fFlags=0x0]
14521104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc07350000 LB 0x0014f000 C:\Windows\system32\GDI32.dll [fFlags=0x0]
14531104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc06580000 LB 0x00009000 C:\Windows\system32\DCIMAN32.dll [fFlags=0x0]
14541104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\dciman32.dll [avoiding WinVerifyTrust]
14551104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc07ce0000 LB 0x000f4000 C:\Windows\system32\DDRAW.dll [fFlags=0x0]
14561104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\ddraw.dll [avoiding WinVerifyTrust]
14571104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc00900000 LB 0x0002c000 C:\Windows\SYSTEM32\GLU32.dll [fFlags=0x0]
14581104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
14591104.bfc: supR3HardenedDllNotificationCallback: load 00007ffbed420000 LB 0x00121000 C:\Windows\SYSTEM32\OPENGL32.dll [fFlags=0x0]
14601104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\opengl32.dll
14611104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc074a0000 LB 0x001d6000 C:\Windows\SYSTEM32\combase.dll [fFlags=0x0]
14621104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\combase.dll [avoiding WinVerifyTrust]
14631104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc07690000 LB 0x00194000 C:\Windows\system32\ole32.dll [fFlags=0x0]
14641104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
14651104.bfc: supR3HardenedDllNotificationCallback: load 000000006c920000 LB 0x002de000 F:\VMPROGVBOX\QtCoreVBox4.dll [fFlags=0x0]
14661104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\QtCoreVBox4.dll
14671104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc07290000 LB 0x00051000 C:\Windows\system32\SHLWAPI.dll [fFlags=0x0]
14681104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shlwapi.dll [avoiding WinVerifyTrust]
14691104.bfc: supR3HardenedDllNotificationCallback: load 00007ffbf81b0000 LB 0x000a4000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_34ae2abd958aedeb\COMCTL32.dll [fFlags=0x0]
14701104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_34ae2abd958aedeb\comctl32.dll [avoiding WinVerifyTrust]
14711104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc07e40000 LB 0x0152b000 C:\Windows\system32\SHELL32.dll [fFlags=0x0]
14721104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll
14731104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc048a0000 LB 0x000b2000 C:\Windows\SYSTEM32\SHCORE.DLL [fFlags=0x0]
14741104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\SHCore.dll [avoiding WinVerifyTrust]
14751104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc07830000 LB 0x0009e000 C:\Windows\system32\COMDLG32.dll [fFlags=0x0]
14761104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\comdlg32.dll
14771104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc06f70000 LB 0x000c1000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
14781104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
14791104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc06e10000 LB 0x00152000 C:\Windows\system32\MSCTF.dll [fFlags=0x0]
14801104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msctf.dll [avoiding WinVerifyTrust]
14811104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc06ab0000 LB 0x00034000 C:\Windows\system32\IMM32.dll [fFlags=0x0]
14821104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
14831104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc06590000 LB 0x0004a000 C:\Windows\SYSTEM32\cfgmgr32.dll [fFlags=0x0]
14841104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll [avoiding WinVerifyTrust]
14851104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc062d0000 LB 0x00026000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
14861104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\devobj.dll [avoiding WinVerifyTrust]
14871104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc06320000 LB 0x0002a000 C:\Windows\system32\WINMMBASE.dll [fFlags=0x0]
14881104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
14891104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc06460000 LB 0x0001f000 C:\Windows\system32\WINMM.dll [fFlags=0x0]
14901104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
14911104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc00fe0000 LB 0x0007b000 C:\Windows\SYSTEM32\WINSPOOL.DRV [fFlags=0x0]
14921104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
14931104.bfc: supR3HardenedDllNotificationCallback: load 000000006bfb0000 LB 0x0096c000 F:\VMPROGVBOX\QtGuiVBox4.dll [fFlags=0x0]
14941104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\QtGuiVBox4.dll
14951104.bfc: supR3HardenedDllNotificationCallback: load 000000006bea0000 LB 0x00105000 F:\VMPROGVBOX\QtNetworkVBox4.dll [fFlags=0x0]
14961104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\QtNetworkVBox4.dll
14971104.bfc: supR3HardenedDllNotificationCallback: load 000000006bdc0000 LB 0x000dc000 F:\VMPROGVBOX\QtOpenGLVBox4.dll [fFlags=0x0]
14981104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\QtOpenGLVBox4.dll
14991104.bfc: supR3HardenedDllNotificationCallback: load 00007ffbe6800000 LB 0x00ab9000 F:\VMPROGVBOX\VirtualBox.dll [fFlags=0x0]
15001104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VirtualBox.dll
15011104.bfc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\SHCore.dll'.
15021104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume1\Windows\System32\SHCore.dll' [rescheduled]
15031104.bfc: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume1\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_34ae2abd958aedeb\comctl32.dll'.
15041104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume1\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_34ae2abd958aedeb\comctl32.dll' [rescheduled]
15051104.bfc: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume1\Windows\System32\dciman32.dll'.
15061104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume1\Windows\System32\dciman32.dll' [rescheduled]
15071104.bfc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\msctf.dll'.
15081104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume1\Windows\System32\msctf.dll' [rescheduled]
15091104.bfc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\imm32.dll'.
15101104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume1\Windows\System32\imm32.dll' [rescheduled]
15111104.bfc: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume1\Windows\System32\winspool.drv'.
15121104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume1\Windows\System32\winspool.drv' [rescheduled]
15131104.bfc: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume1\Windows\System32\glu32.dll'.
15141104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume1\Windows\System32\glu32.dll' [rescheduled]
15151104.bfc: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume1\Windows\System32\ddraw.dll'.
15161104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume1\Windows\System32\ddraw.dll' [rescheduled]
15171104.bfc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\combase.dll'.
15181104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume1\Windows\System32\combase.dll' [rescheduled]
15191104.bfc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll'.
15201104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll' [rescheduled]
15211104.bfc: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume1\Windows\System32\comctl32.dll'.
15221104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume1\Windows\System32\comctl32.dll' [rescheduled]
15231104.bfc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll'.
15241104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll' [rescheduled]
15251104.bfc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\devobj.dll'.
15261104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume1\Windows\System32\devobj.dll' [rescheduled]
15271104.bfc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\winmmbase.dll'.
15281104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume1\Windows\System32\winmmbase.dll' [rescheduled]
15291104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\imm32.dll [redoing WinVerifyTrust]
15301104.bfc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\imm32.dll'.
15311104.bfc: supR3HardenedScreenImage/LdrLoadDll: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume1\Windows\System32\imm32.dll
15321104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
15331104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume1\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
15341104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\combase.dll [redoing WinVerifyTrust]
15351104.bfc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\combase.dll'.
15361104.bfc: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume1\Windows\System32\combase.dll
15371104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15381104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15391104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15401104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15411104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15421104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15431104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
15441104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
15451104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll
15461104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
15471104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06ab0000 'C:\Windows\system32\imm32.dll'
15481104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6800000 'F:\VMPROGVBOX\VirtualBox.dll'
15491104.bfc: SUPR3HardenedMain: Calling TrustedMain (00007ffbe68010d0)...
15501104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
15511104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
15521104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06460000 'C:\Windows\system32\winmm.dll'
15531104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000190 pwszName=\Device\HarddiskVolume1\Windows\System32\uxtheme.dll
15541104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ff9240
15551104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff9240
15561104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4235D21C52BC6FC9D5B6A7B3CE61ED85F804B2B7
15571104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
15581104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
15591104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2550_for_KB2919355~31bf3856ad364e35~amd64~~6.3.1.14.cat'; file='\Device\HarddiskVolume1\Windows\System32\uxtheme.dll'
15601104.bfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15611104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
15621104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
15631104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'gdi32.dll'.
15641104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\uxtheme.dll) WinVerifyTrust
15651104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\uxtheme.dll
15661104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15671104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15681104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15691104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15701104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15711104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15721104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
15731104.bfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\uxtheme.dll
15741104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc04f90000 LB 0x00121000 C:\Windows\system32\uxtheme.dll [fFlags=0x0]
15751104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\uxtheme.dll
15761104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc04f90000 'C:\Windows\system32\uxtheme.dll'
15771104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\uxtheme.dll
15781104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
15791104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc04f90000 'C:\Windows\system32\uxtheme.dll'
15801104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\uxtheme.dll
15811104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
15821104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc04f90000 'C:\Windows\system32\uxtheme.dll'
15831104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\uxtheme.dll
15841104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
15851104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc04f90000 'C:\Windows\system32\uxtheme.dll'
15861104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005e8 pwszName=\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
15871104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ff9240
15881104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff9240
15891104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1BB6CE930E60AA7DCEEF33C348F26E17010A36E3
15901104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
15911104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
15921104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_218_for_KB2967917~31bf3856ad364e35~amd64~~6.3.1.2.cat'; file='\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\ink\tiptsf.dll'
15931104.bfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15941104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
15951104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
15961104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'user32.dll'.
15971104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'combase.dll'.
15981104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\ink\tiptsf.dll) WinVerifyTrust
15991104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
16001104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
16011104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume1\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
16021104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\combase.dll [redoing WinVerifyTrust]
16031104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
16041104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
16051104.bfc: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\combase.dll'
16061104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16071104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16081104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
16091104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
16101104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16111104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16121104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
16131104.bfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
16141104.bfc: supR3HardenedDllNotificationCallback: load 00007ffbf92b0000 LB 0x00098000 C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll [fFlags=0x0]
16151104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
16161104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf92b0000 'C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll'
16171104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16181104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'user32.dll'.
16191104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'gdi32.dll'.
16201104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\dwmapi.dll)
16211104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\dwmapi.dll
16221104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc046d0000 LB 0x00020000 C:\Windows\system32\dwmapi.dll [fFlags=0x0]
16231104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
16241104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcrt.dll'.
16251104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
16261104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\kernel.appcore.dll)
16271104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\kernel.appcore.dll
16281104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc050e0000 LB 0x0000a000 C:\Windows\SYSTEM32\kernel.appcore.dll [fFlags=0x0]
16291104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\kernel.appcore.dll [avoiding WinVerifyTrust]
16301104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
16311104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
16321104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16331104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16341104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16351104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16361104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll
16371104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16381104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16391104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16401104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16411104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
16421104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
16431104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\kernel.appcore.dll'
16441104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
16451104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
16461104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\dwmapi.dll'
16471104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll
16481104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16491104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc07e40000 'C:\Windows\system32\shell32.dll'
16501104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll
16511104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16521104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06970000 'C:\Windows\system32\kernel32.dll'
16531104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\uxtheme.dll
16541104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16551104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc04f90000 'C:\Windows\system32\uxtheme.dll'
16561104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\uxtheme.dll
16571104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16581104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc04f90000 'C:\Windows\system32\uxtheme.dll'
16591104.bfc: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
16601104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16611104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll'
16621104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06c90000 'C:\Windows\system32\user32.dll'
16631104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\uxtheme.dll
16641104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16651104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc04f90000 'C:\Windows\system32\uxtheme.dll'
16661104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06c90000 'C:\Windows\system32\user32.dll'
16671104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll
16681104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16691104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc068c0000 'C:\Windows\system32\advapi32.dll'
16701104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
16711104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
16721104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16731104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
16741104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'profapi.dll'.
16751104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\userenv.dll) WinVerifyTrust
16761104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\userenv.dll
16771104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
16781104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
16791104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\profapi.dll
16801104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
16811104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
16821104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16831104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16841104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16851104.bfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\userenv.dll
16861104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc05a80000 LB 0x0001e000 C:\Windows\system32\userenv.dll [fFlags=0x0]
16871104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\userenv.dll
16881104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05a80000 'C:\Windows\system32\userenv.dll'
16891104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll
16901104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16911104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06970000 'C:\Windows\system32\kernel32.dll'
16921104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16931104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
16941104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\clbcatq.dll)
16951104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\clbcatq.dll
16961104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc06810000 LB 0x000a4000 C:\Windows\SYSTEM32\clbcatq.dll [fFlags=0x0]
16971104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\clbcatq.dll [avoiding WinVerifyTrust]
16981104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
16991104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
17001104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17011104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17021104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
17031104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
17041104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\clbcatq.dll'
17051104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
17061104.1c54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
17071104.1c54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
17081104.1c54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
17091104.1c54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'psapi.dll'.
17101104.1c54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
17111104.1c54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
17121104.1c54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'version.dll'.
17131104.1c54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ws2_32.dll'.
17141104.1c54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'.
17151104.1c54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
17161104.1c54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\VMPROGVBOX\VBoxC.dll) WinVerifyTrust
17171104.1c54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\VMPROGVBOX\VBoxC.dll
17181104.1c54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
17191104.1c54: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
17201104.1c54: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
17211104.1c54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
17221104.1c54: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
17231104.1c54: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
17241104.1c54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
17251104.1c54: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
17261104.1c54: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
17271104.1c54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
17281104.1c54: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume1\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
17291104.1c54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
17301104.1c54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
17311104.1c54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
17321104.1c54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\version.dll) WinVerifyTrust
17331104.1c54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\version.dll
17341104.1c54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
17351104.1c54: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
17361104.1c54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
17371104.1c54: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\vboxrt.dll' [rcNtRedir=0xc0150008]
17381104.1c54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'psapi.dll'...
17391104.1c54: supR3HardenedWinVerifyCacheProcessImportTodos: 'psapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\psapi.dll' [rcNtRedir=0xc0150008]
17401104.1c54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17411104.1c54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17421104.1c54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
17431104.1c54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
17441104.1c54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\psapi.dll) WinVerifyTrust
17451104.1c54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\psapi.dll
17461104.1c54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
17471104.1c54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\msvcp100.dll' [rcNtRedir=0xc0150008]
17481104.1c54: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\msvcp100.dll
17491104.1c54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
17501104.1c54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\msvcr100.dll' [rcNtRedir=0xc0150008]
17511104.1c54: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\msvcr100.dll
17521104.1c54: supR3HardenedMonitor_LdrLoadDll: pName=F:\VMPROGVBOX\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
17531104.1c54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxC.dll
17541104.1c54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\version.dll
17551104.1c54: supR3HardenedDllNotificationCallback: load 00007ffc093e0000 LB 0x00007000 C:\Windows\system32\PSAPI.DLL [fFlags=0x0]
17561104.1c54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\psapi.dll
17571104.1c54: supR3HardenedDllNotificationCallback: load 00007ffc03840000 LB 0x0000a000 C:\Windows\SYSTEM32\VERSION.dll [fFlags=0x0]
17581104.1c54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\version.dll
17591104.1c54: supR3HardenedDllNotificationCallback: load 00007ffbebcb0000 LB 0x005d6000 F:\VMPROGVBOX\VBoxC.dll [fFlags=0x0]
17601104.1c54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxC.dll
17611104.1c54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbebcb0000 'F:\VMPROGVBOX\VBoxC.dll'
17621104.1c54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
17631104.1c54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
17641104.1c54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06f70000 'C:\Windows\System32\oleaut32.dll'
17651104.1c54: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\sxs.dll)
17661104.1c54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\sxs.dll
17671104.1c54: supR3HardenedDllNotificationCallback: load 00007ffc06150000 LB 0x00097000 C:\Windows\SYSTEM32\sxs.dll [fFlags=0x0]
17681104.1c54: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\sxs.dll [avoiding WinVerifyTrust]
17691104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000006f8 pwszName=\Device\HarddiskVolume1\Windows\System32\sxs.dll
17701104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ff9240
17711104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff9240
17721104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=687F47861CE02066FB64E8228B3C4D091FA20854
17731104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
17741104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
17751104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntph.cat'; file='\Device\HarddiskVolume1\Windows\System32\sxs.dll'
17761104.bfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17771104.bfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\sxs.dll'
17781104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
17791104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.dll (Input=OLEAUT32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17801104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06f70000 'C:\Windows\system32\OLEAUT32.dll'
17811104.bfc: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
17821104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17831104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll'
17841104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc07350000 'C:\Windows\system32\gdi32.dll'
17851104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06c90000 'C:\Windows\system32\user32.dll'
17861104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
17871104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
17881104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc07690000 'C:\Windows\system32\ole32.dll'
17891104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msctf.dll [redoing WinVerifyTrust]
17901104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
17911104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
17921104.bfc: supR3HardenedScreenImage/LdrLoadDll: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\msctf.dll'
17931104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msctf.dll (Input=msctf.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
17941104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06e10000 'C:\Windows\system32\msctf.dll'
17951104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b2c pwszName=\Device\HarddiskVolume1\Windows\System32\oleacc.dll
17961104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ff9240
17971104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff9240
17981104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=09E7155C8658B38B921127B3251B1D38588DF5C8
17991104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
18001104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
18011104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-windows~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume1\Windows\System32\oleacc.dll'
18021104.bfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18031104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18041104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
18051104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'user32.dll'.
18061104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'combase.dll'.
18071104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\oleacc.dll) WinVerifyTrust
18081104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\oleacc.dll
18091104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
18101104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume1\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
18111104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\combase.dll
18121104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18131104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18141104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
18151104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
18161104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18171104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18181104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\oleacc.dll (Input=oleacc.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18191104.bfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleacc.dll
18201104.bfc: supR3HardenedDllNotificationCallback: load 00007ffc03850000 LB 0x00063000 C:\Windows\system32\oleacc.dll [fFlags=0x0]
18211104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleacc.dll
18221104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc03850000 'C:\Windows\system32\oleacc.dll'
18231104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
18241104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.DLL (Input=OLEAUT32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18251104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06f70000 'C:\Windows\system32\OLEAUT32.DLL'
18261104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleacc.dll
18271104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\oleacc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18281104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc03850000 'C:\Windows\system32\oleacc.dll'
18291104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
18301104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qtguivbox4.dll'.
18311104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qtcorevbox4.dll'.
18321104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcr100.dll'.
18331104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\VMPROGVBOX\accessible\qtaccessiblewidgets4.dll) WinVerifyTrust
18341104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\VMPROGVBOX\accessible\qtaccessiblewidgets4.dll
18351104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
18361104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\msvcr100.dll' [rcNtRedir=0xc0150008]
18371104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
18381104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
18391104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\QtCoreVBox4.dll
18401104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
18411104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\qtguivbox4.dll' [rcNtRedir=0xc0150008]
18421104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\QtGuiVBox4.dll
18431104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=F:\VMPROGVBOX\accessible\qtaccessiblewidgets4.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18441104.bfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\accessible\qtaccessiblewidgets4.dll
18451104.bfc: supR3HardenedDllNotificationCallback: load 00007ffbfbe60000 LB 0x0003b000 F:\VMPROGVBOX\accessible\qtaccessiblewidgets4.dll [fFlags=0x0]
18461104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\accessible\qtaccessiblewidgets4.dll
18471104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbfbe60000 'F:\VMPROGVBOX\accessible\qtaccessiblewidgets4.dll'
18481104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msctf.dll
18491104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
18501104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06e10000 'C:\Windows\system32\MSCTF.dll'
18511104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06c90000 'C:\Windows\system32\user32.dll'
18521104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
18531104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18541104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc07690000 'C:\Windows\system32\ole32.dll'
18551104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
18561104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18571104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06f70000 'C:\Windows\system32\OLEAUT32.dll'
18581104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b1c pwszName=\Device\HarddiskVolume1\Windows\System32\wbem\wbemprox.dll
18591104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ff9240
18601104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff9240
18611104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7236FDED02E3449B6CA92FB6E4246EBF9068E8BF
18621104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll
18631104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18641104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
18651104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
18661104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_110_for_KB2962409~31bf3856ad364e35~amd64~~6.3.1.2.cat'; file='\Device\HarddiskVolume1\Windows\System32\wbem\wbemprox.dll'
18671104.bfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18681104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18691104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
18701104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
18711104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
18721104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wbem\wbemprox.dll
18731104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
18741104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume1\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
18751104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b24 pwszName=\Device\HarddiskVolume1\Windows\System32\wbemcomn.dll
18761104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ff9240
18771104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff9240
18781104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C8CF4605B4B026F3426876C8B971F3B65D680FCA
18791104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
18801104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
18811104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-admin~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume1\Windows\System32\wbemcomn.dll'
18821104.bfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18831104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18841104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'ws2_32.dll'.
18851104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\wbemcomn.dll) WinVerifyTrust
18861104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wbemcomn.dll
18871104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
18881104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
18891104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
18901104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18911104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18921104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll
18931104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
18941104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
18951104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
18961104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18971104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18981104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
18991104.bfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbem\wbemprox.dll
19001104.bfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbemcomn.dll
19011104.bfc: supR3HardenedDllNotificationCallback: load 00007ffbfd3d0000 LB 0x0007f000 C:\Windows\SYSTEM32\wbemcomn.dll [fFlags=0x0]
19021104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbemcomn.dll
19031104.bfc: supR3HardenedDllNotificationCallback: load 00007ffbfd3b0000 LB 0x0000f000 C:\Windows\system32\wbem\wbemprox.dll [fFlags=0x0]
19041104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbem\wbemprox.dll
19051104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
19061104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06350000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
19071104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbfd3b0000 'C:\Windows\system32\wbem\wbemprox.dll'
19081104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b90 pwszName=\Device\HarddiskVolume1\Windows\System32\wbem\wbemsvc.dll
19091104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ff9240
19101104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff9240
19111104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CAF9F72D1022230646E0EDB101D9050122FBB222
19121104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
19131104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
19141104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_110_for_KB2962409~31bf3856ad364e35~amd64~~6.3.1.2.cat'; file='\Device\HarddiskVolume1\Windows\System32\wbem\wbemsvc.dll'
19151104.bfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19161104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19171104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
19181104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
19191104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wbem\wbemsvc.dll
19201104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
19211104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
19221104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll
19231104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19241104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19251104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
19261104.bfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbem\wbemsvc.dll
19271104.bfc: supR3HardenedDllNotificationCallback: load 00007ffbfce10000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [fFlags=0x0]
19281104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbem\wbemsvc.dll
19291104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbfce10000 'C:\Windows\system32\wbem\wbemsvc.dll'
19301104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
19311104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06350000 'api-ms-win-core-localization-l1-2-0.dll'
19321104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
19331104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06350000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
19341104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bf0 pwszName=\Device\HarddiskVolume1\Windows\System32\wbem\fastprox.dll
19351104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ff9240
19361104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff9240
19371104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3F29F8F4F858A7AFDF4CD047A78948C26E8333B6
19381104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
19391104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
19401104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-admin~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume1\Windows\System32\wbem\fastprox.dll'
19411104.bfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19421104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19431104.bfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
19441104.bfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
19451104.bfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wbem\fastprox.dll
19461104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
19471104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume1\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
19481104.bfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbemcomn.dll
19491104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19501104.bfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19511104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
19521104.bfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbem\fastprox.dll
19531104.bfc: supR3HardenedDllNotificationCallback: load 00007ffbfce30000 LB 0x000e4000 C:\Windows\system32\wbem\fastprox.dll [fFlags=0x0]
19541104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbem\fastprox.dll
19551104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbfce30000 'C:\Windows\system32\wbem\fastprox.dll'
19561104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
19571104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
19581104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06f70000 'C:\Windows\system32\OLEAUT32.dll'
19591104.bfc: supR3HardenedMonitor_LdrLoadDll: 'C:\Windows\system32\comctl32.dll' -> 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_34ae2abd958aedeb\comctl32.dll' [redir]
19601104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_34ae2abd958aedeb\comctl32.dll [redoing WinVerifyTrust]
19611104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000500 pwszName=\Device\HarddiskVolume1\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_34ae2abd958aedeb\comctl32.dll
19621104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ff9240
19631104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff9240
19641104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F6522FA6F02EF4787F28DA6C27054084E2173E41
19651104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
19661104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
19671104.bfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB3059317~31bf3856ad364e35~amd64~~6.3.1.0.cat'; file='\Device\HarddiskVolume1\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_34ae2abd958aedeb\comctl32.dll'
19681104.bfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19691104.bfc: supR3HardenedScreenImage/LdrLoadDll: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_34ae2abd958aedeb\comctl32.dll'
19701104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_34ae2abd958aedeb\comctl32.dll (Input=C:\Windows\system32\comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
19711104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf81b0000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_34ae2abd958aedeb\comctl32.dll'
19721104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
19731104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
19741104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc07690000 'C:\Windows\system32\ole32.dll'
19751104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
19761104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
19771104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf92b0000 'C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll'
19781104.1bcc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
19791104.1bcc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
19801104.1bcc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
19811104.1bcc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
19821104.1bcc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\VMPROGVBOX\VBoxVMM.dll) WinVerifyTrust
19831104.1bcc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\VMPROGVBOX\VBoxVMM.dll
19841104.1bcc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
19851104.1bcc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\vboxrt.dll' [rcNtRedir=0xc0150008]
19861104.1bcc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
19871104.1bcc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\vboxrem.dll' [rcNtRedir=0xc0150008]
19881104.1bcc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
19891104.1bcc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
19901104.1bcc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
19911104.1bcc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
19921104.1bcc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\VMPROGVBOX\VBoxREM.dll) WinVerifyTrust
19931104.1bcc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\VMPROGVBOX\VBoxREM.dll
19941104.1bcc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
19951104.1bcc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\msvcr100.dll' [rcNtRedir=0xc0150008]
19961104.1bcc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19971104.1bcc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19981104.1bcc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
19991104.1bcc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\vboxvmm.dll' [rcNtRedir=0xc0150008]
20001104.1bcc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxVMM.dll
20011104.1bcc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
20021104.1bcc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\vboxrt.dll' [rcNtRedir=0xc0150008]
20031104.1bcc: supR3HardenedMonitor_LdrLoadDll: pName=F:\VMPROGVBOX\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20041104.1bcc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxVMM.dll
20051104.1bcc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxREM.dll
20061104.1bcc: supR3HardenedDllNotificationCallback: load 000000006bcb0000 LB 0x0010a000 F:\VMPROGVBOX\VBoxREM.dll [fFlags=0x0]
20071104.1bcc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxREM.dll
20081104.1bcc: supR3HardenedDllNotificationCallback: load 00007ffbe6560000 LB 0x00293000 F:\VMPROGVBOX\VBoxVMM.DLL [fFlags=0x0]
20091104.1bcc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxVMM.dll
20101104.1bcc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6560000 'F:\VMPROGVBOX\VBoxVMM.DLL'
20111104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
20121104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
20131104.12a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\drivers\VBoxUSBMon.sys)
20141104.12a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\drivers\VBoxUSBMon.sys
20151104.12a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\drivers\VBoxUSBMon.sys [avoiding WinVerifyTrust]
20161104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
20171104.12a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\drivers\VBoxDrv.sys)
20181104.12a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\drivers\VBoxDrv.sys
20191104.12a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\drivers\VBoxDrv.sys [avoiding WinVerifyTrust]
20201104.12a8: \Device\HarddiskVolume1\Windows\System32\drivers\VBoxNetAdp6.sys: Owner is administrators group.
20211104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ndis.sys'.
20221104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ntoskrnl.exe'.
20231104.12a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\drivers\VBoxNetAdp6.sys)
20241104.12a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\drivers\VBoxNetAdp6.sys
20251104.12a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\drivers\VBoxNetAdp6.sys [avoiding WinVerifyTrust]
20261104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
20271104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ndis.sys'.
20281104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'netio.sys'.
20291104.12a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\drivers\VBoxNetLwf.sys)
20301104.12a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\drivers\VBoxNetLwf.sys
20311104.12a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\drivers\VBoxNetLwf.sys [avoiding WinVerifyTrust]
20321104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netio.sys'...
20331104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'netio.sys' -> '\Device\HarddiskVolume1\Windows\System32\drivers\netio.sys' [rcNtRedir=0xc0150008]
20341104.1dd4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\drivers\netio.sys'.
20351104.1dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
20361104.1dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ndis.sys'.
20371104.1dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msrpc.sys'.
20381104.1dd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\drivers\netio.sys)
20391104.1dd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\drivers\netio.sys
20401104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ndis.sys'...
20411104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ndis.sys' -> '\Device\HarddiskVolume1\Windows\System32\drivers\ndis.sys' [rcNtRedir=0xc0150008]
20421104.1dd4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\drivers\ndis.sys'.
20431104.1dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
20441104.1dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
20451104.1dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'netio.sys'.
20461104.1dd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\drivers\ndis.sys)
20471104.1dd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\drivers\ndis.sys
20481104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
20491104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
20501104.1dd4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe'.
20511104.1dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'pshed.dll'.
20521104.1dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'hal.dll'.
20531104.1dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'bootvid.dll'.
20541104.1dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'kdcom.dll'.
20551104.1dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'ci.dll'.
20561104.1dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'msrpc.sys'.
20571104.1dd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe)
20581104.1dd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe
20591104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
20601104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
20611104.1dd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
20621104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ndis.sys'...
20631104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ndis.sys' -> '\Device\HarddiskVolume1\Windows\System32\drivers\ndis.sys' [rcNtRedir=0xc0150008]
20641104.1dd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\drivers\ndis.sys [lacks WinVerifyTrust]
20651104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
20661104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
20671104.1dd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
20681104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
20691104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
20701104.1dd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
20711104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msrpc.sys'...
20721104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Failed to locate 'msrpc.sys'
20731104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ci.dll'...
20741104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ci.dll' -> '\Device\HarddiskVolume1\Windows\System32\ci.dll' [rcNtRedir=0xc0150008]
20751104.1dd4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\ci.dll'.
20761104.1dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
20771104.1dd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\ci.dll)
20781104.1dd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ci.dll
20791104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'kdcom.dll'...
20801104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'kdcom.dll' -> '\Device\HarddiskVolume1\Windows\System32\kdcom.dll' [rcNtRedir=0xc0150008]
20811104.1dd4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\kdcom.dll'.
20821104.1dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
20831104.1dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
20841104.1dd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\kdcom.dll)
20851104.1dd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\kdcom.dll
20861104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bootvid.dll'...
20871104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bootvid.dll' -> '\Device\HarddiskVolume1\Windows\System32\bootvid.dll' [rcNtRedir=0xc0150008]
20881104.1dd4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\BOOTVID.DLL'.
20891104.1dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
20901104.1dd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\BOOTVID.DLL)
20911104.1dd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\BOOTVID.DLL
20921104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
20931104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume1\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
20941104.1dd4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\hal.dll'.
20951104.1dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
20961104.1dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'kdcom.dll'.
20971104.1dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'pshed.dll'.
20981104.1dd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\hal.dll)
20991104.1dd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\hal.dll
21001104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'pshed.dll'...
21011104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'pshed.dll' -> '\Device\HarddiskVolume1\Windows\System32\pshed.dll' [rcNtRedir=0xc0150008]
21021104.1dd4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\PSHED.DLL'.
21031104.1dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
21041104.1dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
21051104.1dd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\PSHED.DLL)
21061104.1dd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\PSHED.DLL
21071104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netio.sys'...
21081104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'netio.sys' -> '\Device\HarddiskVolume1\Windows\System32\drivers\netio.sys' [rcNtRedir=0xc0150008]
21091104.1dd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\drivers\netio.sys [lacks WinVerifyTrust]
21101104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
21111104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume1\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
21121104.1dd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\hal.dll [lacks WinVerifyTrust]
21131104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
21141104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
21151104.1dd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
21161104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msrpc.sys'...
21171104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msrpc.sys' -> '\Device\HarddiskVolume1\Windows\System32\drivers\msrpc.sys' [rcNtRedir=0xc0150008]
21181104.1dd4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\drivers\msrpc.sys'.
21191104.1dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
21201104.1dd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\drivers\msrpc.sys)
21211104.1dd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\drivers\msrpc.sys
21221104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ndis.sys'...
21231104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ndis.sys' -> '\Device\HarddiskVolume1\Windows\System32\drivers\ndis.sys' [rcNtRedir=0xc0150008]
21241104.1dd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\drivers\ndis.sys [lacks WinVerifyTrust]
21251104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
21261104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
21271104.1dd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
21281104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
21291104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
21301104.1dd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
21311104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
21321104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume1\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
21331104.1dd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\hal.dll [lacks WinVerifyTrust]
21341104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
21351104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
21361104.1dd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
21371104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'pshed.dll'...
21381104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'pshed.dll' -> '\Device\HarddiskVolume1\Windows\System32\pshed.dll' [rcNtRedir=0xc0150008]
21391104.1dd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\PSHED.DLL [lacks WinVerifyTrust]
21401104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'kdcom.dll'...
21411104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'kdcom.dll' -> '\Device\HarddiskVolume1\Windows\System32\kdcom.dll' [rcNtRedir=0xc0150008]
21421104.1dd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\kdcom.dll [lacks WinVerifyTrust]
21431104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
21441104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
21451104.1dd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
21461104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
21471104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
21481104.1dd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
21491104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
21501104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume1\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
21511104.1dd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\hal.dll [lacks WinVerifyTrust]
21521104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
21531104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
21541104.1dd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
21551104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
21561104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
21571104.1dd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
21581104.1dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
21591104.1dd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\drivers\VBoxNetLwf.sys'
21601104.1dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
21611104.1dd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\drivers\VBoxNetAdp6.sys'
21621104.1dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
21631104.1dd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\drivers\VBoxDrv.sys'
21641104.1dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
21651104.1dd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\drivers\VBoxUSBMon.sys'
21661104.1dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
21671104.1dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
21681104.1dd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\drivers\msrpc.sys'
21691104.1dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
21701104.1dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
21711104.1dd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\PSHED.DLL'
21721104.1dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
21731104.1dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
21741104.1dd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\hal.dll'
21751104.1dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
21761104.1dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
21771104.1dd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\BOOTVID.DLL'
21781104.1dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
21791104.1dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
21801104.1dd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\kdcom.dll'
21811104.1dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
21821104.1dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
21831104.1dd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\ci.dll'
21841104.1dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
21851104.1dd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll
21861104.1dd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21871104.1dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
21881104.1dd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe'
21891104.1dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
21901104.1dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
21911104.1dd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\drivers\ndis.sys'
21921104.1dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
21931104.1dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
21941104.1dd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\drivers\netio.sys'
21951104.1dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
21961104.1dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
21971104.1dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
21981104.1dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
21991104.1dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
22001104.1dd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\VMPROGVBOX\VBoxSharedClipboard.dll) WinVerifyTrust
22011104.1dd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\VMPROGVBOX\VBoxSharedClipboard.dll
22021104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
22031104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
22041104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
22051104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\vboxrt.dll' [rcNtRedir=0xc0150008]
22061104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
22071104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\vboxvmm.dll' [rcNtRedir=0xc0150008]
22081104.1dd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxVMM.dll
22091104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
22101104.1dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\msvcr100.dll' [rcNtRedir=0xc0150008]
22111104.1dd4: supR3HardenedMonitor_LdrLoadDll: pName=F:\VMPROGVBOX\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22121104.1dd4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxSharedClipboard.dll
22131104.1dd4: supR3HardenedDllNotificationCallback: load 00007ffc00a30000 LB 0x0000a000 F:\VMPROGVBOX\VBoxSharedClipboard.DLL [fFlags=0x0]
22141104.1dd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxSharedClipboard.dll
22151104.1dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc00a30000 'F:\VMPROGVBOX\VBoxSharedClipboard.DLL'
22161104.1d08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
22171104.1d08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
22181104.1d08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
22191104.1d08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
22201104.1d08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\VMPROGVBOX\VBoxDragAndDropSvc.dll) WinVerifyTrust
22211104.1d08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\VMPROGVBOX\VBoxDragAndDropSvc.dll
22221104.1d08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
22231104.1d08: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\vboxrt.dll' [rcNtRedir=0xc0150008]
22241104.1d08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
22251104.1d08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\msvcp100.dll' [rcNtRedir=0xc0150008]
22261104.1d08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\msvcp100.dll
22271104.1d08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
22281104.1d08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\msvcr100.dll' [rcNtRedir=0xc0150008]
22291104.1d08: supR3HardenedMonitor_LdrLoadDll: pName=F:\VMPROGVBOX\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22301104.1d08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxDragAndDropSvc.dll
22311104.1d08: supR3HardenedDllNotificationCallback: load 00007ffc008f0000 LB 0x0000d000 F:\VMPROGVBOX\VBoxDragAndDropSvc.DLL [fFlags=0x0]
22321104.1d08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxDragAndDropSvc.dll
22331104.1d08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc008f0000 'F:\VMPROGVBOX\VBoxDragAndDropSvc.DLL'
22341104.1fb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
22351104.1fb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
22361104.1fb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
22371104.1fb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
22381104.1fb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\VMPROGVBOX\VBoxGuestPropSvc.dll) WinVerifyTrust
22391104.1fb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\VMPROGVBOX\VBoxGuestPropSvc.dll
22401104.1fb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
22411104.1fb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\vboxrt.dll' [rcNtRedir=0xc0150008]
22421104.1fb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
22431104.1fb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\msvcp100.dll' [rcNtRedir=0xc0150008]
22441104.1fb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\msvcp100.dll
22451104.1fb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
22461104.1fb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\msvcr100.dll' [rcNtRedir=0xc0150008]
22471104.1fb4: supR3HardenedMonitor_LdrLoadDll: pName=F:\VMPROGVBOX\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22481104.1fb4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxGuestPropSvc.dll
22491104.1fb4: supR3HardenedDllNotificationCallback: load 00007ffc008e0000 LB 0x0000f000 F:\VMPROGVBOX\VBoxGuestPropSvc.DLL [fFlags=0x0]
22501104.1fb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxGuestPropSvc.dll
22511104.1fb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc008e0000 'F:\VMPROGVBOX\VBoxGuestPropSvc.DLL'
22521104.1fc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
22531104.1fc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
22541104.1fc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
22551104.1fc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
22561104.1fc0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\VMPROGVBOX\VBoxGuestControlSvc.dll) WinVerifyTrust
22571104.1fc0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\VMPROGVBOX\VBoxGuestControlSvc.dll
22581104.1fc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
22591104.1fc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\vboxrt.dll' [rcNtRedir=0xc0150008]
22601104.1fc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
22611104.1fc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\msvcp100.dll' [rcNtRedir=0xc0150008]
22621104.1fc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
22631104.1fc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\msvcr100.dll' [rcNtRedir=0xc0150008]
22641104.1fc0: supR3HardenedMonitor_LdrLoadDll: pName=F:\VMPROGVBOX\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22651104.1fc0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxGuestControlSvc.dll
22661104.1fc0: supR3HardenedDllNotificationCallback: load 00007ffc008d0000 LB 0x0000e000 F:\VMPROGVBOX\VBoxGuestControlSvc.DLL [fFlags=0x0]
22671104.1fc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxGuestControlSvc.dll
22681104.1fc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc008d0000 'F:\VMPROGVBOX\VBoxGuestControlSvc.DLL'
22691104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll
22701104.12a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/Shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22711104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc07e40000 'C:\Windows\system32/Shell32.dll'
22721104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
22731104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
22741104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
22751104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
22761104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
22771104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
22781104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
22791104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
22801104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
22811104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
22821104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
22831104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
22841104.12a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\VMPROGVBOX\VBoxDD.dll) WinVerifyTrust
22851104.12a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\VMPROGVBOX\VBoxDD.dll
22861104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
22871104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
22881104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
22891104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
22901104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
22911104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winnsi.dll'.
22921104.12a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
22931104.12a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL
22941104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
22951104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
22961104.12a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
22971104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
22981104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
22991104.12a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
23001104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
23011104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
23021104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
23031104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume1\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
23041104.12a8: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\winnsi.dll'.
23051104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
23061104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
23071104.12a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\winnsi.dll)
23081104.12a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\winnsi.dll
23091104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
23101104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume1\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
23111104.12a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\nsi.dll [lacks WinVerifyTrust]
23121104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
23131104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume1\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
23141104.12a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\nsi.dll [lacks WinVerifyTrust]
23151104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
23161104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
23171104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
23181104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
23191104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'cfgmgr32.dll'.
23201104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
23211104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
23221104.12a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\setupapi.dll) WinVerifyTrust
23231104.12a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\setupapi.dll
23241104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
23251104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
23261104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
23271104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\vboxdd2.dll' [rcNtRedir=0xc0150008]
23281104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
23291104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
23301104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23311104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23321104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
23331104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
23341104.12a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust]
23351104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
23361104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
23371104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
23381104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
23391104.12a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\VMPROGVBOX\VBoxDD2.dll) WinVerifyTrust
23401104.12a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\VMPROGVBOX\VBoxDD2.dll
23411104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
23421104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\vboxddu.dll' [rcNtRedir=0xc0150008]
23431104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
23441104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\vboxrt.dll' [rcNtRedir=0xc0150008]
23451104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
23461104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\vboxvmm.dll' [rcNtRedir=0xc0150008]
23471104.12a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxVMM.dll
23481104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
23491104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\msvcr100.dll' [rcNtRedir=0xc0150008]
23501104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
23511104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
23521104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
23531104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
23541104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
23551104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'newdev.dll'.
23561104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
23571104.12a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\VMPROGVBOX\VBoxDDU.dll) WinVerifyTrust
23581104.12a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\VMPROGVBOX\VBoxDDU.dll
23591104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
23601104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\vboxrt.dll' [rcNtRedir=0xc0150008]
23611104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
23621104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\vboxvmm.dll' [rcNtRedir=0xc0150008]
23631104.12a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxVMM.dll
23641104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
23651104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\msvcr100.dll' [rcNtRedir=0xc0150008]
23661104.12a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\msvcr100.dll
23671104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
23681104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
23691104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'newdev.dll'...
23701104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'newdev.dll' -> '\Device\HarddiskVolume1\Windows\System32\newdev.dll' [rcNtRedir=0xc0150008]
23711104.12a8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000cf8 pwszName=\Device\HarddiskVolume1\Windows\System32\newdev.dll
23721104.12a8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ff9240
23731104.12a8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff9240
23741104.12a8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EAD431E57FCC787ED701559E9AF2ACC33D2DCED0
23751104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
23761104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
23771104.12a8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1722_for_KB2919355~31bf3856ad364e35~amd64~~6.3.1.14.cat'; file='\Device\HarddiskVolume1\Windows\System32\newdev.dll'
23781104.12a8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
23791104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23801104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
23811104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
23821104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
23831104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'uxtheme.dll'.
23841104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'cfgmgr32.dll'.
23851104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'setupapi.dll'.
23861104.12a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\newdev.dll) WinVerifyTrust
23871104.12a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\newdev.dll
23881104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
23891104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
23901104.12a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\setupapi.dll
23911104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
23921104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
23931104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
23941104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\vboxrt.dll' [rcNtRedir=0xc0150008]
23951104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
23961104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\msvcr100.dll' [rcNtRedir=0xc0150008]
23971104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
23981104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
23991104.12a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\setupapi.dll
24001104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
24011104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
24021104.12a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll [redoing WinVerifyTrust]
24031104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
24041104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
24051104.12a8: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll'
24061104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uxtheme.dll'...
24071104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'uxtheme.dll' -> '\Device\HarddiskVolume1\Windows\System32\uxtheme.dll' [rcNtRedir=0xc0150008]
24081104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
24091104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
24101104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
24111104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
24121104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
24131104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
24141104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24151104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24161104.12a8: supR3HardenedMonitor_LdrLoadDll: pName=F:\VMPROGVBOX/VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24171104.12a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxDD.dll
24181104.12a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxDDU.dll
24191104.12a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxDD2.dll
24201104.12a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL
24211104.12a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\newdev.dll
24221104.12a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winnsi.dll [avoiding WinVerifyTrust]
24231104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24241104.12a8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\devrtl.dll)
24251104.12a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\devrtl.dll
24261104.12a8: supR3HardenedDllNotificationCallback: load 00007ffc07970000 LB 0x001d4000 C:\Windows\system32\SETUPAPI.dll [fFlags=0x0]
24271104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\setupapi.dll
24281104.12a8: supR3HardenedDllNotificationCallback: load 00007ffbfd200000 LB 0x00014000 C:\Windows\SYSTEM32\devrtl.DLL [fFlags=0x0]
24291104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\devrtl.dll [avoiding WinVerifyTrust]
24301104.12a8: supR3HardenedDllNotificationCallback: load 00007ffbf2840000 LB 0x00054000 C:\Windows\SYSTEM32\newdev.dll [fFlags=0x0]
24311104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\newdev.dll
24321104.12a8: supR3HardenedDllNotificationCallback: load 00007ffbf1620000 LB 0x00061000 F:\VMPROGVBOX\VBoxDDU.dll [fFlags=0x0]
24331104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxDDU.dll
24341104.12a8: supR3HardenedDllNotificationCallback: load 00007ffbf9900000 LB 0x00035000 F:\VMPROGVBOX\VBoxDD2.dll [fFlags=0x0]
24351104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxDD2.dll
24361104.12a8: supR3HardenedDllNotificationCallback: load 00007ffc01090000 LB 0x0000a000 C:\Windows\SYSTEM32\WINNSI.DLL [fFlags=0x0]
24371104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winnsi.dll [avoiding WinVerifyTrust]
24381104.12a8: supR3HardenedDllNotificationCallback: load 00007ffc010a0000 LB 0x00029000 C:\Windows\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
24391104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL
24401104.12a8: supR3HardenedDllNotificationCallback: load 00007ffbe5c70000 LB 0x008e2000 F:\VMPROGVBOX\VBoxDD.DLL [fFlags=0x0]
24411104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxDD.dll
24421104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5c70000 'F:\VMPROGVBOX/VBoxDD.DLL'
24431104.12a8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e38 pwszName=\Device\HarddiskVolume1\Windows\System32\devrtl.dll
24441104.12a8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ff9240
24451104.12a8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff9240
24461104.12a8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6059B260D211680DF083154CCCE38DE8412914CF
24471104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24481104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24491104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
24501104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
24511104.12a8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-CoreSystem-Base-Package~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume1\Windows\System32\devrtl.dll'
24521104.12a8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24531104.12a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\devrtl.dll'
24541104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
24551104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
24561104.12a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\winnsi.dll'
24571104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
24581104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxC.dll
24591104.12a8: supR3HardenedMonitor_LdrLoadDll: pName=F:\VMPROGVBOX/VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24601104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbebcb0000 'F:\VMPROGVBOX/VBoxC.DLL'
24611104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
24621104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxDD2.dll
24631104.12a8: supR3HardenedMonitor_LdrLoadDll: pName=F:\VMPROGVBOX/VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24641104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf9900000 'F:\VMPROGVBOX/VBoxDD2.DLL'
24651104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
24661104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
24671104.1df8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
24681104.1df8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
24691104.1df8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
24701104.1df8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
24711104.1df8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\VMPROGVBOX\VBoxSharedFolders.dll) WinVerifyTrust
24721104.1df8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\VMPROGVBOX\VBoxSharedFolders.dll
24731104.1df8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
24741104.1df8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\vboxrt.dll' [rcNtRedir=0xc0150008]
24751104.1df8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
24761104.1df8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\vboxvmm.dll' [rcNtRedir=0xc0150008]
24771104.1df8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxVMM.dll
24781104.1df8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24791104.1df8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\VMPROGVBOX\msvcr100.dll' [rcNtRedir=0xc0150008]
24801104.1df8: supR3HardenedMonitor_LdrLoadDll: pName=F:\VMPROGVBOX\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24811104.1df8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxSharedFolders.dll
24821104.1df8: supR3HardenedDllNotificationCallback: load 00007ffbff890000 LB 0x0000d000 F:\VMPROGVBOX\VBoxSharedFolders.DLL [fFlags=0x0]
24831104.1df8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\VMPROGVBOX\VBoxSharedFolders.dll
24841104.1df8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbff890000 'F:\VMPROGVBOX\VBoxSharedFolders.DLL'
24851104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL
24861104.12a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24871104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc010a0000 'C:\Windows\system32/Iphlpapi.dll'
24881104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
24891104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
24901104.12a8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\dhcpcsvc6.dll)
24911104.12a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\dhcpcsvc6.dll
24921104.12a8: supR3HardenedDllNotificationCallback: load 00007ffc004f0000 LB 0x00014000 C:\Windows\SYSTEM32\dhcpcsvc6.DLL [fFlags=0x0]
24931104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\dhcpcsvc6.dll [avoiding WinVerifyTrust]
24941104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
24951104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
24961104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'nsi.dll'.
24971104.12a8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\dhcpcsvc.dll)
24981104.12a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\dhcpcsvc.dll
24991104.12a8: supR3HardenedDllNotificationCallback: load 00007ffc004d0000 LB 0x00019000 C:\Windows\SYSTEM32\dhcpcsvc.DLL [fFlags=0x0]
25001104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\dhcpcsvc.dll [avoiding WinVerifyTrust]
25011104.12a8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f34 pwszName=\Device\HarddiskVolume1\Windows\System32\dhcpcsvc.dll
25021104.12a8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ff9240
25031104.12a8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff9240
25041104.12a8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B2E8A5C503120A11AEA21658FF24E56CA6FD0F29
25051104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
25061104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume1\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
25071104.12a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\nsi.dll [lacks WinVerifyTrust]
25081104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
25091104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
25101104.12a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
25111104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
25121104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
25131104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
25141104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
25151104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
25161104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
25171104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
25181104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
25191104.12a8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_198_for_KB2962409~31bf3856ad364e35~amd64~~6.3.1.2.cat'; file='\Device\HarddiskVolume1\Windows\System32\dhcpcsvc.dll'
25201104.12a8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
25211104.12a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\dhcpcsvc.dll'
25221104.12a8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f28 pwszName=\Device\HarddiskVolume1\Windows\System32\dhcpcsvc6.dll
25231104.12a8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ff9240
25241104.12a8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff9240
25251104.12a8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F1462D922EF889F4B0A9FD14B2DFE30CDCB183D5
25261104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
25271104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
25281104.12a8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_198_for_KB2962409~31bf3856ad364e35~amd64~~6.3.1.2.cat'; file='\Device\HarddiskVolume1\Windows\System32\dhcpcsvc6.dll'
25291104.12a8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
25301104.12a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\dhcpcsvc6.dll'
25311104.12a8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000fb8 pwszName=\Device\HarddiskVolume1\Windows\System32\dsound.dll
25321104.12a8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ff9240
25331104.12a8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff9240
25341104.12a8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=ADB542ACB56917DACFC9792CAC57CDEED29A58E5
25351104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
25361104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
25371104.12a8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-avcore~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume1\Windows\System32\dsound.dll'
25381104.12a8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
25391104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25401104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
25411104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
25421104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
25431104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winmm.dll'.
25441104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'powrprof.dll'.
25451104.12a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\dsound.dll) WinVerifyTrust
25461104.12a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\dsound.dll
25471104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'powrprof.dll'...
25481104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'powrprof.dll' -> '\Device\HarddiskVolume1\Windows\System32\powrprof.dll' [rcNtRedir=0xc0150008]
25491104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
25501104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
25511104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25521104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
25531104.12a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\powrprof.dll) WinVerifyTrust
25541104.12a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\powrprof.dll
25551104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
25561104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume1\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
25571104.12a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
25581104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
25591104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
25601104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
25611104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
25621104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
25631104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
25641104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25651104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25661104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
25671104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
25681104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25691104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25701104.12a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25711104.12a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dsound.dll
25721104.12a8: supR3HardenedDllNotificationCallback: load 00007ffc067c0000 LB 0x00045000 C:\Windows\system32\POWRPROF.dll [fFlags=0x0]
25731104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\powrprof.dll
25741104.12a8: supR3HardenedDllNotificationCallback: load 00007ffc078e0000 LB 0x00087000 C:\Windows\system32\dsound.dll [fFlags=0x0]
25751104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dsound.dll
25761104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dsound.dll
25771104.12a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25781104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc078e0000 'C:\Windows\system32\dsound.dll'
25791104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc078e0000 'C:\Windows\system32/dsound.dll'
25801104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
25811104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
25821104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25831104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'rpcrt4.dll'.
25841104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'devobj.dll'.
25851104.12a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll) WinVerifyTrust
25861104.12a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll
25871104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
25881104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume1\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
25891104.12a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\devobj.dll [redoing WinVerifyTrust]
25901104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
25911104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
25921104.12a8: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\devobj.dll'
25931104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
25941104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
25951104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25961104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25971104.12a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
25981104.12a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll
25991104.12a8: supR3HardenedDllNotificationCallback: load 00007ffc04290000 LB 0x00062000 C:\Windows\System32\MMDevApi.dll [fFlags=0x0]
26001104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll
26011104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc04290000 'C:\Windows\System32\MMDevApi.dll'
26021104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll
26031104.12a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26041104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc04290000 'C:\Windows\system32\MMDEVAPI.DLL'
26051104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
26061104.12a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26071104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06460000 'C:\Windows\system32\winmm.dll'
26081104.12a8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000fa8 pwszName=\Device\HarddiskVolume1\Windows\System32\wdmaud.drv
26091104.12a8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ff9240
26101104.12a8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff9240
26111104.12a8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A1CBABB000F9496EAA31F2C938BD998B09CAF0CC
26121104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
26131104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
26141104.12a8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-avcore~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume1\Windows\System32\wdmaud.drv'
26151104.12a8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
26161104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26171104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'mmdevapi.dll'.
26181104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'user32.dll'.
26191104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'winmm.dll'.
26201104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'ksuser.dll'.
26211104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'avrt.dll'.
26221104.12a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\wdmaud.drv) WinVerifyTrust
26231104.12a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wdmaud.drv
26241104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
26251104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
26261104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
26271104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
26281104.12a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\avrt.dll) WinVerifyTrust
26291104.12a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\avrt.dll
26301104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
26311104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume1\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
26321104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
26331104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
26341104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26351104.12a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\ksuser.dll) WinVerifyTrust
26361104.12a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ksuser.dll
26371104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
26381104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume1\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
26391104.12a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
26401104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
26411104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
26421104.12a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll
26431104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
26441104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
26451104.12a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll
26461104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26471104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26481104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26491104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26501104.12a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26511104.12a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wdmaud.drv
26521104.12a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ksuser.dll
26531104.12a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\avrt.dll
26541104.12a8: supR3HardenedDllNotificationCallback: load 00007ffc021a0000 LB 0x00008000 C:\Windows\SYSTEM32\ksuser.dll [fFlags=0x0]
26551104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ksuser.dll
26561104.12a8: supR3HardenedDllNotificationCallback: load 00007ffc03a10000 LB 0x0000b000 C:\Windows\SYSTEM32\AVRT.dll [fFlags=0x0]
26571104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\avrt.dll
26581104.12a8: supR3HardenedDllNotificationCallback: load 00007ffbf28a0000 LB 0x0003c000 C:\Windows\system32\wdmaud.drv [fFlags=0x0]
26591104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wdmaud.drv
26601104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf28a0000 'C:\Windows\system32\wdmaud.drv'
26611104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wdmaud.drv
26621104.12a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26631104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf28a0000 'C:\Windows\system32\wdmaud.drv'
26641104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wdmaud.drv
26651104.12a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26661104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf28a0000 'C:\Windows\system32\wdmaud.drv'
26671104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wdmaud.drv
26681104.12a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26691104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf28a0000 'C:\Windows\system32\wdmaud.drv'
26701104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wdmaud.drv
26711104.12a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26721104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf28a0000 'C:\Windows\system32\wdmaud.drv'
26731104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
26741104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
26751104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26761104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
26771104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
26781104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'mmdevapi.dll'.
26791104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'combase.dll'.
26801104.12a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\AudioSes.dll) WinVerifyTrust
26811104.12a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\AudioSes.dll
26821104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
26831104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume1\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
26841104.12a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\combase.dll
26851104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
26861104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
26871104.12a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll
26881104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
26891104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
26901104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
26911104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
26921104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26931104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26941104.12a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26951104.12a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\AudioSes.dll
26961104.12a8: supR3HardenedDllNotificationCallback: load 00007ffc00d30000 LB 0x0007e000 C:\Windows\system32\AUDIOSES.DLL [fFlags=0x0]
26971104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\AudioSes.dll
26981104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc00d30000 'C:\Windows\system32\AUDIOSES.DLL'
26991104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wdmaud.drv
27001104.12a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27011104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf28a0000 'C:\Windows\system32\wdmaud.drv'
27021104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wdmaud.drv
27031104.12a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27041104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf28a0000 'C:\Windows\system32\wdmaud.drv'
27051104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf28a0000 'C:\Windows\system32\wdmaud.drv'
27061104.12a8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f38 pwszName=\Device\HarddiskVolume1\Windows\System32\msacm32.drv
27071104.12a8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ff9240
27081104.12a8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff9240
27091104.12a8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D0FA85EFCB35F052852A205B01E87BA502D7D932
27101104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
27111104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
27121104.12a8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-avcore~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume1\Windows\System32\msacm32.drv'
27131104.12a8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
27141104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27151104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
27161104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
27171104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msacm32.dll'.
27181104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'mmdevapi.dll'.
27191104.12a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\msacm32.drv) WinVerifyTrust
27201104.12a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msacm32.drv
27211104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
27221104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
27231104.12a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll
27241104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
27251104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume1\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
27261104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
27271104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
27281104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27291104.12a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\msacm32.dll) WinVerifyTrust
27301104.12a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msacm32.dll
27311104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
27321104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume1\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
27331104.12a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
27341104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
27351104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
27361104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27371104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27381104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27391104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27401104.12a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27411104.12a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.drv
27421104.12a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.dll
27431104.12a8: supR3HardenedDllNotificationCallback: load 00007ffbf8580000 LB 0x0001b000 C:\Windows\SYSTEM32\MSACM32.dll [fFlags=0x0]
27441104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.dll
27451104.12a8: supR3HardenedDllNotificationCallback: load 00007ffc00bb0000 LB 0x0000b000 C:\Windows\system32\msacm32.drv [fFlags=0x0]
27461104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.drv
27471104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc00bb0000 'C:\Windows\system32\msacm32.drv'
27481104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.drv
27491104.12a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27501104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc00bb0000 'C:\Windows\system32\msacm32.drv'
27511104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.drv
27521104.12a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27531104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc00bb0000 'C:\Windows\system32\msacm32.drv'
27541104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.drv
27551104.12a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27561104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc00bb0000 'C:\Windows\system32\msacm32.drv'
27571104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.drv
27581104.12a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27591104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc00bb0000 'C:\Windows\system32\msacm32.drv'
27601104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.drv
27611104.12a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27621104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc00bb0000 'C:\Windows\system32\msacm32.drv'
27631104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.drv
27641104.12a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27651104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc00bb0000 'C:\Windows\system32\msacm32.drv'
27661104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc00bb0000 'C:\Windows\system32\msacm32.drv'
27671104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc00bb0000 'C:\Windows\system32\msacm32.drv'
27681104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc00bb0000 'C:\Windows\system32\msacm32.drv'
27691104.12a8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001030 pwszName=\Device\HarddiskVolume1\Windows\System32\midimap.dll
27701104.12a8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ff9240
27711104.12a8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff9240
27721104.12a8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8BADF8E473237389086DF46C97735398789C3969
27731104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
27741104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
27751104.12a8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-avcore~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume1\Windows\System32\midimap.dll'
27761104.12a8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
27771104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27781104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
27791104.12a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
27801104.12a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\midimap.dll) WinVerifyTrust
27811104.12a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\midimap.dll
27821104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
27831104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume1\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
27841104.12a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
27851104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
27861104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
27871104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27881104.12a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27891104.12a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27901104.12a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\midimap.dll
27911104.12a8: supR3HardenedDllNotificationCallback: load 00007ffc00ba0000 LB 0x0000a000 C:\Windows\system32\midimap.dll [fFlags=0x0]
27921104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\midimap.dll
27931104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc00ba0000 'C:\Windows\system32\midimap.dll'
27941104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\midimap.dll
27951104.12a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27961104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc00ba0000 'C:\Windows\system32\midimap.dll'
27971104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\midimap.dll
27981104.12a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27991104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc00ba0000 'C:\Windows\system32\midimap.dll'
28001104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\midimap.dll
28011104.12a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28021104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc00ba0000 'C:\Windows\system32\midimap.dll'
28031104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06460000 'C:\Windows\system32\winmm.dll'
28041104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06460000 'C:\Windows\system32\winmm.dll'
28051104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06460000 'C:\Windows\system32\winmm.dll'
28061104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06460000 'C:\Windows\system32\winmm.dll'
28071104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06460000 'C:\Windows\system32\winmm.dll'
28081104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06460000 'C:\Windows\system32\winmm.dll'
28091104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dsound.dll
28101104.12a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
28111104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc078e0000 'C:\Windows\System32\dsound.dll'
28121104.12a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll
28131104.12a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28141104.12a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06970000 'C:\Windows\system32/kernel32.dll'
28151104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll
28161104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28171104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc07e40000 'C:\Windows\system32\shell32.dll'
28181104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll
28191104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28201104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc07e40000 'C:\Windows\system32\shell32.dll'
28211104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll
28221104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28231104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc07e40000 'C:\Windows\system32\shell32.dll'
28241104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc07e40000 'C:\Windows\system32\shell32.dll'
28251104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc07e40000 'C:\Windows\system32\shell32.dll'
28261104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc07e40000 'C:\Windows\system32\shell32.dll'
28271104.1d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28281104.1d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
28291104.1d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
28301104.1d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'combase.dll'.
28311104.1d20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\propsys.dll)
28321104.1d20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\propsys.dll
28331104.1d20: supR3HardenedDllNotificationCallback: load 00007ffc024c0000 LB 0x0016f000 C:\Windows\SYSTEM32\PROPSYS.dll [fFlags=0x0]
28341104.1d20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\propsys.dll [avoiding WinVerifyTrust]
28351104.1d20: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\apphelp.dll)
28361104.1d20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\apphelp.dll
28371104.1d20: supR3HardenedDllNotificationCallback: load 00007ffc04e70000 LB 0x0008e000 C:\Windows\SYSTEM32\apphelp.dll [fFlags=0x0]
28381104.1d20: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\apphelp.dll [avoiding WinVerifyTrust]
28391104.1d20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000010b4 pwszName=\Device\HarddiskVolume1\Windows\System32\apphelp.dll
28401104.1d20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ff9240
28411104.1d20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff9240
28421104.1d20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=42E26D076286ECAAC1729250540377F2004F5DC1
28431104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
28441104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume1\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
28451104.1d20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\combase.dll
28461104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
28471104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
28481104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
28491104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
28501104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28511104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28521104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
28531104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
28541104.1d20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB3061468~31bf3856ad364e35~amd64~~6.3.1.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\apphelp.dll'
28551104.1d20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
28561104.1d20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\apphelp.dll'
28571104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
28581104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
28591104.1d20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\propsys.dll'
28601104.1d20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000010dc pwszName=\Device\HarddiskVolume1\Windows\System32\ieframe.dll
28611104.1d20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ff9240
28621104.1d20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff9240
28631104.1d20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C2A45C4287ADEBDF19D2AE4AC8A1FDA79836EF40
28641104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
28651104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
28661104.1d20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_97_for_KB3093983~31bf3856ad364e35~amd64~~6.3.1.0.cat'; file='\Device\HarddiskVolume1\Windows\System32\ieframe.dll'
28671104.1d20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
28681104.1d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'shlwapi.dll'.
28691104.1d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
28701104.1d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'gdi32.dll'.
28711104.1d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'user32.dll'.
28721104.1d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'ole32.dll'.
28731104.1d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'oleaut32.dll'.
28741104.1d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'shell32.dll'.
28751104.1d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'iertutil.dll'.
28761104.1d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
28771104.1d20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\ieframe.dll) WinVerifyTrust
28781104.1d20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ieframe.dll
28791104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
28801104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
28811104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iertutil.dll'...
28821104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'iertutil.dll' -> '\Device\HarddiskVolume1\Windows\System32\iertutil.dll' [rcNtRedir=0xc0150008]
28831104.1d20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000780 pwszName=\Device\HarddiskVolume1\Windows\System32\iertutil.dll
28841104.1d20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ff9240
28851104.1d20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff9240
28861104.1d20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B0507770B598270615A8825D49D347D98E09273A
28871104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
28881104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
28891104.1d20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_43_for_KB3093983~31bf3856ad364e35~amd64~~6.3.1.0.cat'; file='\Device\HarddiskVolume1\Windows\System32\iertutil.dll'
28901104.1d20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
28911104.1d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28921104.1d20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\iertutil.dll) WinVerifyTrust
28931104.1d20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\iertutil.dll
28941104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
28951104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume1\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
28961104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
28971104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
28981104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
28991104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
29001104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
29011104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
29021104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
29031104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
29041104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29051104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29061104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
29071104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
29081104.1d20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shlwapi.dll [redoing WinVerifyTrust]
29091104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29101104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29111104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
29121104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
29131104.1d20: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll'
29141104.1d20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ieframe.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
29151104.1d20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ieframe.dll
29161104.1d20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\iertutil.dll
29171104.1d20: supR3HardenedDllNotificationCallback: load 00007ffbff0b0000 LB 0x002c7000 C:\Windows\System32\iertutil.dll [fFlags=0x0]
29181104.1d20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\iertutil.dll
29191104.1d20: supR3HardenedDllNotificationCallback: load 00007ffbf4790000 LB 0x00dd0000 C:\Windows\System32\ieframe.dll [fFlags=0x0]
29201104.1d20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ieframe.dll
29211104.1d20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll
29221104.1d20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29231104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06970000 'C:\Windows\system32\kernel32.dll'
29241104.1d20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll
29251104.1d20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29261104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06970000 'C:\Windows\system32\kernel32.dll'
29271104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06970000 'C:\Windows\system32\kernel32.dll'
29281104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06970000 'C:\Windows\system32\kernel32.dll'
29291104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06970000 'C:\Windows\system32\kernel32.dll'
29301104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06970000 'C:\Windows\system32\kernel32.dll'
29311104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06970000 'C:\Windows\system32\kernel32.dll'
29321104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06970000 'C:\Windows\system32\kernel32.dll'
29331104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06970000 'C:\Windows\system32\kernel32.dll'
29341104.1d20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll
29351104.1d20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29361104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06970000 'C:\Windows\system32\kernel32.dll'
29371104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06970000 'C:\Windows\system32\kernel32.dll'
29381104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06970000 'C:\Windows\system32\kernel32.dll'
29391104.1d20: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume1\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda\comctl32.dll'.
29401104.1d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29411104.1d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'gdi32.dll'.
29421104.1d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'user32.dll'.
29431104.1d20: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda\comctl32.dll)
29441104.1d20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda\comctl32.dll
29451104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
29461104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
29471104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
29481104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
29491104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29501104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29511104.1d20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda\comctl32.dll (Input=comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29521104.1d20: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda\comctl32.dll [avoiding WinVerifyTrust]
29531104.1d20: supR3HardenedDllNotificationCallback: load 00007ffc04450000 LB 0x0027a000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda\comctl32.dll [fFlags=0x0]
29541104.1d20: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda\comctl32.dll [avoiding WinVerifyTrust]
29551104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc04450000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda\comctl32.dll'
29561104.1d20: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume1\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda\comctl32.dll'.
29571104.1d20: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume1\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda\comctl32.dll' [rescheduled]
29581104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06c90000 'C:\Windows\system32\user32.dll'
29591104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf4790000 'C:\Windows\System32\ieframe.dll'
29601104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06c90000 'C:\Windows\system32\user32.dll'
29611104.1d20: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-downlevel-ole32-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29621104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc074a0000 'api-ms-win-downlevel-ole32-l1-1-0.dll'
29631104.1d20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001090 pwszName=\Device\HarddiskVolume1\Windows\System32\urlmon.dll
29641104.1d20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ff9240
29651104.1d20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff9240
29661104.1d20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C8C1D7858B488E39E5A1988933DBF8338E352786
29671104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
29681104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
29691104.1d20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_43_for_KB3093983~31bf3856ad364e35~amd64~~6.3.1.0.cat'; file='\Device\HarddiskVolume1\Windows\System32\urlmon.dll'
29701104.1d20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
29711104.1d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29721104.1d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'.
29731104.1d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shlwapi.dll'.
29741104.1d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
29751104.1d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'iertutil.dll'.
29761104.1d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'wininet.dll'.
29771104.1d20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\urlmon.dll) WinVerifyTrust
29781104.1d20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\urlmon.dll
29791104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wininet.dll'...
29801104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'wininet.dll' -> '\Device\HarddiskVolume1\Windows\System32\wininet.dll' [rcNtRedir=0xc0150008]
29811104.1d20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001108 pwszName=\Device\HarddiskVolume1\Windows\System32\wininet.dll
29821104.1d20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ff9240
29831104.1d20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff9240
29841104.1d20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E4799DC1AF5A3E28200E5971A5670E15D1C4AB14
29851104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
29861104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
29871104.1d20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_43_for_KB3093983~31bf3856ad364e35~amd64~~6.3.1.0.cat'; file='\Device\HarddiskVolume1\Windows\System32\wininet.dll'
29881104.1d20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
29891104.1d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29901104.1d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
29911104.1d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'iertutil.dll'.
29921104.1d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'userenv.dll'.
29931104.1d20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\wininet.dll) WinVerifyTrust
29941104.1d20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wininet.dll
29951104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iertutil.dll'...
29961104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'iertutil.dll' -> '\Device\HarddiskVolume1\Windows\System32\iertutil.dll' [rcNtRedir=0xc0150008]
29971104.1d20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\iertutil.dll
29981104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
29991104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
30001104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
30011104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
30021104.1d20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shlwapi.dll
30031104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
30041104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
30051104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
30061104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
30071104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'...
30081104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume1\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008]
30091104.1d20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\userenv.dll
30101104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iertutil.dll'...
30111104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'iertutil.dll' -> '\Device\HarddiskVolume1\Windows\System32\iertutil.dll' [rcNtRedir=0xc0150008]
30121104.1d20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\iertutil.dll
30131104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
30141104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
30151104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
30161104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
30171104.1d20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\urlmon.dll (Input=urlmon.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30181104.1d20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\urlmon.dll
30191104.1d20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wininet.dll
30201104.1d20: supR3HardenedDllNotificationCallback: load 00007ffbfee40000 LB 0x00269000 C:\Windows\SYSTEM32\WININET.dll [fFlags=0x0]
30211104.1d20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wininet.dll
30221104.1d20: supR3HardenedDllNotificationCallback: load 00007ffbff380000 LB 0x00185000 C:\Windows\system32\urlmon.dll [fFlags=0x0]
30231104.1d20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\urlmon.dll
30241104.1d20: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-downlevel-advapi32-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30251104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06350000 'api-ms-win-downlevel-advapi32-l1-1-0.dll'
30261104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc068c0000 'C:\Windows\system32\ADVAPI32.dll'
30271104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbff380000 'C:\Windows\system32\urlmon.dll'
30281104.1d20: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-downlevel-shlwapi-l2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30291104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc048a0000 'api-ms-win-downlevel-shlwapi-l2-1-0.dll'
30301104.1d20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\propsys.dll
30311104.1d20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\PROPSYS.dll (Input=PROPSYS.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30321104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc024c0000 'C:\Windows\system32\PROPSYS.dll'
30331104.1d20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\propsys.dll
30341104.1d20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\propsys.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
30351104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc024c0000 'C:\Windows\system32\propsys.dll'
30361104.1d20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001164 pwszName=\Device\HarddiskVolume1\Windows\System32\secur32.dll
30371104.1d20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ff9240
30381104.1d20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff9240
30391104.1d20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F36B2FD292403B29FD567D7FABB5A9F3636DF3BB
30401104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
30411104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
30421104.1d20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-ds~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume1\Windows\System32\secur32.dll'
30431104.1d20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
30441104.1d20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\secur32.dll) WinVerifyTrust
30451104.1d20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\secur32.dll
30461104.1d20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Secur32.dll (Input=Secur32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30471104.1d20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\secur32.dll
30481104.1d20: supR3HardenedDllNotificationCallback: load 00007ffbfc9f0000 LB 0x0000b000 C:\Windows\system32\Secur32.dll [fFlags=0x0]
30491104.1d20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\secur32.dll
30501104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbfc9f0000 'C:\Windows\system32\Secur32.dll'
30511104.1d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
30521104.1d20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\sspicli.dll)
30531104.1d20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\sspicli.dll
30541104.1d20: supR3HardenedDllNotificationCallback: load 00007ffc06050000 LB 0x0002b000 C:\Windows\SYSTEM32\SSPICLI.DLL [fFlags=0x0]
30551104.1d20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\sspicli.dll [avoiding WinVerifyTrust]
30561104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
30571104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
30581104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
30591104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
30601104.1d20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\sspicli.dll'
30611104.1d20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\sspicli.dll
30621104.1d20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\sspicli.dll (Input=sspicli.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
30631104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06050000 'C:\Windows\system32\sspicli.dll'
30641104.1d20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000011cc pwszName=\Device\HarddiskVolume1\Windows\System32\mlang.dll
30651104.1d20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ff9240
30661104.1d20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff9240
30671104.1d20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=98B5A0A95340E85B87AC8033FC6CA9A5D5AB70A2
30681104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc05730000 'C:\Windows\system32\rsaenh.dll'
30691104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc065e0000 'C:\Windows\system32\crypt32.dll'
30701104.1d20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-shell~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume1\Windows\System32\mlang.dll'
30711104.1d20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
30721104.1d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
30731104.1d20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\mlang.dll) WinVerifyTrust
30741104.1d20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\mlang.dll
30751104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
30761104.1d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
30771104.1d20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MLANG.dll (Input=MLANG.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30781104.1d20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\mlang.dll
30791104.1d20: supR3HardenedDllNotificationCallback: load 00007ffbeea10000 LB 0x0003b000 C:\Windows\system32\MLANG.dll [fFlags=0x0]
30801104.1d20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\mlang.dll
30811104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeea10000 'C:\Windows\system32\MLANG.dll'
30821104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06f70000 'C:\Windows\system32\OLEAUT32.dll'
30831104.1d20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wininet.dll
30841104.1d20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WININET.dll (Input=WININET.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30851104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbfee40000 'C:\Windows\system32\WININET.dll'
30861104.1d20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\secur32.dll
30871104.1d20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Secur32.dll (Input=Secur32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30881104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbfc9f0000 'C:\Windows\system32\Secur32.dll'
30891104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc07e40000 'C:\Windows\system32\SHELL32.dll'
30901104.1d20: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-downlevel-ole32-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30911104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc074a0000 'api-ms-win-downlevel-ole32-l1-1-0.dll'
30921104.1d20: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-downlevel-advapi32-l2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30931104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc072f0000 'api-ms-win-downlevel-advapi32-l2-1-0.dll'
30941104.1d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc07e40000 'C:\Windows\system32\shell32.dll'
30951104.1d20: supHardenedWinVerifyImageByHandle: -> -615 (\Device\HarddiskVolume4\Program Files\360se6\Application\360se.exe)
30961104.1d20: Error (rc=0):
30971104.1d20: supR3HardenedScreenImage/NtCreateSection: rc=Unknown Status -615 (0xfffffd99) fImage=1 fProtect=0xf0005 fAccess=0x2 \Device\HarddiskVolume4\Program Files\360se6\Application\360se.exe:
30981104.1d20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\360se6\Application\360se.exe
30991104.1d20: supR3HardenedDllNotificationCallback: Unload 00007ffbf4790000 LB 0x00dd0000 C:\Windows\System32\ieframe.dll [flags=0x0]
31001104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msctf.dll
31011104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msctf.dll (Input=msctf.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
31021104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06e10000 'C:\Windows\system32\msctf.dll'
31031104.bfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msctf.dll
31041104.bfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msctf.dll (Input=msctf.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
31051104.bfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc06e10000 'C:\Windows\system32\msctf.dll'
31061104.1df0: '\Device\HarddiskVolume1\Windows\System32\tzres.dll' has no imports
31071104.1df0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\tzres.dll)
31081104.1df0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\tzres.dll
31091104.1df0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\tzres.dll [avoiding WinVerifyTrust]
31101104.1df8: supR3HardenedDllNotificationCallback: Unload 00007ffbff890000 LB 0x0000d000 F:\VMPROGVBOX\VBoxSharedFolders.DLL [flags=0x0]
31111104.1fc0: supR3HardenedDllNotificationCallback: Unload 00007ffc008d0000 LB 0x0000e000 F:\VMPROGVBOX\VBoxGuestControlSvc.DLL [flags=0x0]
31121104.1fb4: supR3HardenedDllNotificationCallback: Unload 00007ffc008e0000 LB 0x0000f000 F:\VMPROGVBOX\VBoxGuestPropSvc.DLL [flags=0x0]
31131104.1d08: supR3HardenedDllNotificationCallback: Unload 00007ffc008f0000 LB 0x0000d000 F:\VMPROGVBOX\VBoxDragAndDropSvc.DLL [flags=0x0]
31141104.1dd4: supR3HardenedDllNotificationCallback: Unload 00007ffc00a30000 LB 0x0000a000 F:\VMPROGVBOX\VBoxSharedClipboard.DLL [flags=0x0]
31151104.12a8: supR3HardenedDllNotificationCallback: Unload 00007ffbe5c70000 LB 0x008e2000 F:\VMPROGVBOX\VBoxDD.DLL [flags=0x0]
31161104.12a8: supR3HardenedDllNotificationCallback: Unload 00007ffbf1620000 LB 0x00061000 F:\VMPROGVBOX\VBoxDDU.dll [flags=0x0]
31171104.12a8: supR3HardenedDllNotificationCallback: Unload 00007ffbf2840000 LB 0x00054000 C:\Windows\SYSTEM32\newdev.dll [flags=0x0]
31181104.12a8: supR3HardenedDllNotificationCallback: Unload 00007ffbfd200000 LB 0x00014000 C:\Windows\SYSTEM32\devrtl.DLL [flags=0x0]
31191104.12a8: supR3HardenedDllNotificationCallback: Unload 00007ffbf9900000 LB 0x00035000 F:\VMPROGVBOX\VBoxDD2.dll [flags=0x0]
31201104.bfc: supR3HardenedDllNotificationCallback: Unload 00007ffbfce30000 LB 0x000e4000 C:\Windows\system32\wbem\fastprox.dll [flags=0x0]
31211104.bfc: supR3HardenedDllNotificationCallback: Unload 00007ffbfce10000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [flags=0x0]
31221104.bfc: supR3HardenedDllNotificationCallback: Unload 00007ffbfd3b0000 LB 0x0000f000 C:\Windows\system32\wbem\wbemprox.dll [flags=0x0]
31231104.bfc: supR3HardenedDllNotificationCallback: Unload 00007ffbfd3d0000 LB 0x0007f000 C:\Windows\SYSTEM32\wbemcomn.dll [flags=0x0]
31241104.bfc: supR3HardenedDllNotificationCallback: Unload 00007ffbebcb0000 LB 0x005d6000 F:\VMPROGVBOX\VBoxC.dll [flags=0x0]
31251104.bfc: supR3HardenedDllNotificationCallback: Unload 00007ffc093e0000 LB 0x00007000 C:\Windows\system32\PSAPI.DLL [flags=0x0]
31261104.bfc: supR3HardenedDllNotificationCallback: Unload 00007ffc03840000 LB 0x0000a000 C:\Windows\SYSTEM32\VERSION.dll [flags=0x0]
31271104.bfc: Terminating the normal way: rcExit=0
312812dc.1bfc: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 46959 ms, the end);
31291f34.1930: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 47417 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy