VirtualBox

Ticket #14783: VBoxHardening.log

File VBoxHardening.log, 414.7 KB (added by PHolder, 9 years ago)

VBoxHardening.log

Line 
155b0.3e30: Log file opened: 5.0.9r103713 g_hStartupLog=0000000000000058 g_uNtVerCombined=0xa0280000
255b0.3e30: \SystemRoot\System32\ntdll.dll:
355b0.3e30: CreationTime: 2015-08-11T18:39:22.036029300Z
455b0.3e30: LastWriteTime: 2015-08-08T07:29:58.168349600Z
555b0.3e30: ChangeTime: 2015-08-18T21:22:54.372648300Z
655b0.3e30: FileAttributes: 0x20
755b0.3e30: Size: 0x1bce48
855b0.3e30: NT Headers: 0xd8
955b0.3e30: Timestamp: 0x55c59f92
1055b0.3e30: Machine: 0x8664 - amd64
1155b0.3e30: Timestamp: 0x55c59f92
1255b0.3e30: Image Version: 10.0
1355b0.3e30: SizeOfImage: 0x1c1000 (1839104)
1455b0.3e30: Resource Dir: 0x15a000 LB 0x65718
1555b0.3e30: ProductName: Microsoft® Windows® Operating System
1655b0.3e30: ProductVersion: 10.0.10240.16430
1755b0.3e30: FileVersion: 10.0.10240.16430 (th1.150807-2049)
1855b0.3e30: FileDescription: NT Layer DLL
1955b0.3e30: \SystemRoot\System32\kernel32.dll:
2055b0.3e30: CreationTime: 2015-07-10T10:59:59.699781600Z
2155b0.3e30: LastWriteTime: 2015-07-10T10:59:59.699781600Z
2255b0.3e30: ChangeTime: 2015-10-14T00:43:02.545622400Z
2355b0.3e30: FileAttributes: 0x20
2455b0.3e30: Size: 0xab830
2555b0.3e30: NT Headers: 0xf0
2655b0.3e30: Timestamp: 0x559f38ad
2755b0.3e30: Machine: 0x8664 - amd64
2855b0.3e30: Timestamp: 0x559f38ad
2955b0.3e30: Image Version: 10.0
3055b0.3e30: SizeOfImage: 0xad000 (708608)
3155b0.3e30: Resource Dir: 0xab000 LB 0x518
3255b0.3e30: ProductName: Microsoft® Windows® Operating System
3355b0.3e30: ProductVersion: 10.0.10240.16384
3455b0.3e30: FileVersion: 10.0.10240.16384 (th1.150709-1700)
3555b0.3e30: FileDescription: Windows NT BASE API Client DLL
3655b0.3e30: \SystemRoot\System32\KernelBase.dll:
3755b0.3e30: CreationTime: 2015-07-10T11:00:10.325689700Z
3855b0.3e30: LastWriteTime: 2015-07-10T11:00:10.325689700Z
3955b0.3e30: ChangeTime: 2015-10-14T00:43:02.561253900Z
4055b0.3e30: FileAttributes: 0x20
4155b0.3e30: Size: 0x1dc680
4255b0.3e30: NT Headers: 0x100
4355b0.3e30: Timestamp: 0x559f38c3
4455b0.3e30: Machine: 0x8664 - amd64
4555b0.3e30: Timestamp: 0x559f38c3
4655b0.3e30: Image Version: 10.0
4755b0.3e30: SizeOfImage: 0x1dd000 (1953792)
4855b0.3e30: Resource Dir: 0x1c7000 LB 0x530
4955b0.3e30: ProductName: Microsoft® Windows® Operating System
5055b0.3e30: ProductVersion: 10.0.10240.16384
5155b0.3e30: FileVersion: 10.0.10240.16384 (th1.150709-1700)
5255b0.3e30: FileDescription: Windows NT BASE API Client DLL
5355b0.3e30: \SystemRoot\System32\apisetschema.dll:
5455b0.3e30: CreationTime: 2015-07-10T11:00:04.872098600Z
5555b0.3e30: LastWriteTime: 2015-07-10T11:00:04.872098600Z
5655b0.3e30: ChangeTime: 2015-07-30T02:54:39.655230700Z
5755b0.3e30: FileAttributes: 0x20
5855b0.3e30: Size: 0x16760
5955b0.3e30: NT Headers: 0xc8
6055b0.3e30: Timestamp: 0x559f3e3d
6155b0.3e30: Machine: 0x8664 - amd64
6255b0.3e30: Timestamp: 0x559f3e3d
6355b0.3e30: Image Version: 10.0
6455b0.3e30: SizeOfImage: 0x17000 (94208)
6555b0.3e30: Resource Dir: 0x16000 LB 0x3f0
6655b0.3e30: ProductName: Microsoft® Windows® Operating System
6755b0.3e30: ProductVersion: 10.0.10240.16384
6855b0.3e30: FileVersion: 10.0.10240.16384 (th1.150709-1700)
6955b0.3e30: FileDescription: ApiSet Schema DLL
7055b0.3e30: NtOpenDirectoryObject failed on \Driver: 0xc0000022
7155b0.3e30: supR3HardenedWinFindAdversaries: 0x0
7255b0.3e30: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
7355b0.3e30: Calling main()
7455b0.3e30: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
7555b0.3e30: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
7655b0.3e30: SUPR3HardenedMain: Respawn #1
7755b0.3e30: System32: \Device\HarddiskVolume2\Windows\System32
7855b0.3e30: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
7955b0.3e30: KnownDllPath: C:\WINDOWS\system32
8055b0.3e30: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
8155b0.3e30: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
8255b0.3e30: supR3HardNtEnableThreadCreation:
8355b0.3e30: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffe8c1afb70 pvNtTerminateThread=00007ffe8c1d3a20
8455b0.3e30: supR3HardenedWinDoReSpawn(1): New child 4750.1d50 [kernel32].
8555b0.3e30: supR3HardNtChildGatherData: PebBaseAddress=00007ff7be289000 cbPeb=0x388
8655b0.3e30: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffe8c140000 uNtDllChildAddr=00007ffe8c140000
8755b0.3e30: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffe8c1afb70
8855b0.3e30: supR3HardenedWinSetupChildInit: Start child.
8955b0.3e30: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
9055b0.3e30: supR3HardNtChildPurify: Startup delay kludge #1/0: 261 ms, 28 sleeps
9155b0.3e30: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
9255b0.3e30: *0000000000000000-ffffffffff05ffff 0x0001/0x0000 0x0000000
9355b0.3e30: *0000000000fa0000-0000000000f7ffff 0x0004/0x0004 0x0020000
9455b0.3e30: *0000000000fc0000-0000000000fabfff 0x0002/0x0002 0x0040000
9555b0.3e30: 0000000000fd4000-0000000000fc7fff 0x0001/0x0000 0x0000000
9655b0.3e30: *0000000000fe0000-0000000000ee3fff 0x0000/0x0004 0x0020000
9755b0.3e30: 00000000010dc000-00000000010d8fff 0x0104/0x0004 0x0020000
9855b0.3e30: 00000000010df000-00000000010ddfff 0x0004/0x0004 0x0020000
9955b0.3e30: *00000000010e0000-00000000010dbfff 0x0002/0x0002 0x0040000
10055b0.3e30: 00000000010e4000-00000000010d7fff 0x0001/0x0000 0x0000000
10155b0.3e30: *00000000010f0000-00000000010edfff 0x0004/0x0004 0x0020000
10255b0.3e30: 00000000010f2000-ffffffff82203fff 0x0001/0x0000 0x0000000
10355b0.3e30: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
10455b0.3e30: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
10555b0.3e30: 000000007fff0000-ffff800941d7ffff 0x0001/0x0000 0x0000000
10655b0.3e30: *00007ff7be260000-00007ff7be23cfff 0x0002/0x0002 0x0040000
10755b0.3e30: 00007ff7be283000-00007ff7be27cfff 0x0001/0x0000 0x0000000
10855b0.3e30: *00007ff7be289000-00007ff7be287fff 0x0004/0x0004 0x0020000
10955b0.3e30: 00007ff7be28a000-00007ff7be285fff 0x0001/0x0000 0x0000000
11055b0.3e30: *00007ff7be28e000-00007ff7be28bfff 0x0004/0x0004 0x0020000
11155b0.3e30: 00007ff7be290000-00007ff7bdd4ffff 0x0001/0x0000 0x0000000
11255b0.3e30: *00007ff7be7d0000-00007ff7be7d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
11355b0.3e30: 00007ff7be7d1000-00007ff7be857fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
11455b0.3e30: 00007ff7be858000-00007ff7be858fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
11555b0.3e30: 00007ff7be859000-00007ff7be8a3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
11655b0.3e30: 00007ff7be8a4000-00007ff7be8a4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
11755b0.3e30: 00007ff7be8a5000-00007ff7be8a5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
11855b0.3e30: 00007ff7be8a6000-00007ff7be8aafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
11955b0.3e30: 00007ff7be8ab000-00007ff7be8abfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
12055b0.3e30: 00007ff7be8ac000-00007ff7be8acfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
12155b0.3e30: 00007ff7be8ad000-00007ff7be8b0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
12255b0.3e30: 00007ff7be8b1000-00007ff7be8fbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
12355b0.3e30: 00007ff7be8fc000-00007ff0f10b7fff 0x0001/0x0000 0x0000000
12455b0.3e30: *00007ffe8c140000-00007ffe8c140fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
12555b0.3e30: 00007ffe8c141000-00007ffe8c23cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
12655b0.3e30: 00007ffe8c23d000-00007ffe8c27efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
12755b0.3e30: 00007ffe8c27f000-00007ffe8c287fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
12855b0.3e30: 00007ffe8c288000-00007ffe8c295fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
12955b0.3e30: 00007ffe8c296000-00007ffe8c296fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
13055b0.3e30: 00007ffe8c297000-00007ffe8c299fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
13155b0.3e30: 00007ffe8c29a000-00007ffe8c300fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
13255b0.3e30: 00007ffe8c301000-00007ffd18621fff 0x0001/0x0000 0x0000000
13355b0.3e30: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
13455b0.3e30: VirtualBox.exe: timestamp 0x5630b0b7 (rc=VINF_SUCCESS)
13555b0.3e30: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
13655b0.3e30: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
13755b0.3e30: supR3HardNtChildPurify: Done after 302 ms and 0 fixes (loop #0).
1384750.1d50: Log file opened: 5.0.9r103713 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa0280000
1394750.1d50: supR3HardenedVmProcessInit: uNtDllAddr=00007ffe8c140000
14055b0.3e30: supR3HardNtEnableThreadCreation:
1414750.1d50: ntdll.dll: timestamp 0x55c59f92 (rc=VINF_SUCCESS)
1424750.1d50: New simple heap: #1 0000000001200000 LB 0x400000 (for 1839104 allocation)
1434750.1d50: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
1444750.1d50: System32: \Device\HarddiskVolume2\Windows\System32
1454750.1d50: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
1464750.1d50: KnownDllPath: C:\WINDOWS\system32
1474750.1d50: supR3HardenedVmProcessInit: Opening vboxdrv stub...
1484750.1d50: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
1494750.1d50: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
1504750.1d50: Registered Dll notification callback with NTDLL.
1514750.1d50: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
1524750.1d50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
1534750.1d50: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801:<flags> [calling]
1544750.1d50: supR3HardenedDllNotificationCallback: load 00007ffe89510000 LB 0x001dd000 C:\WINDOWS\system32\KERNELBASE.dll [fFlags=0x0]
1554750.1d50: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
1564750.1d50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
1574750.1d50: supR3HardenedDllNotificationCallback: load 00007ffe8b8b0000 LB 0x000ad000 C:\WINDOWS\system32\KERNEL32.DLL [fFlags=0x0]
1584750.1d50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
1594750.1d50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b8b0000 'C:\WINDOWS\system32\KERNEL32.DLL'
1604750.1d50: supR3HardenedDllNotificationCallback: load 00007ff7be7d0000 LB 0x0012c000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
1614750.1d50: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
1624750.1d50: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
1634750.1d50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1644750.1d50: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffe8c1afb70 pvNtTerminateThread=00007ffe8c1d3a20
16555b0.3e30: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 94 ms.
1664750.1d50: \SystemRoot\System32\ntdll.dll:
1674750.1d50: CreationTime: 2015-08-11T18:39:22.036029300Z
1684750.1d50: LastWriteTime: 2015-08-08T07:29:58.168349600Z
1694750.1d50: ChangeTime: 2015-08-18T21:22:54.372648300Z
1704750.1d50: FileAttributes: 0x20
1714750.1d50: Size: 0x1bce48
1724750.1d50: NT Headers: 0xd8
1734750.1d50: Timestamp: 0x55c59f92
1744750.1d50: Machine: 0x8664 - amd64
1754750.1d50: Timestamp: 0x55c59f92
1764750.1d50: Image Version: 10.0
1774750.1d50: SizeOfImage: 0x1c1000 (1839104)
1784750.1d50: Resource Dir: 0x15a000 LB 0x65718
1794750.1d50: ProductName: Microsoft® Windows® Operating System
1804750.1d50: ProductVersion: 10.0.10240.16430
1814750.1d50: FileVersion: 10.0.10240.16430 (th1.150807-2049)
1824750.1d50: FileDescription: NT Layer DLL
1834750.1d50: \SystemRoot\System32\kernel32.dll:
1844750.1d50: CreationTime: 2015-07-10T10:59:59.699781600Z
1854750.1d50: LastWriteTime: 2015-07-10T10:59:59.699781600Z
1864750.1d50: ChangeTime: 2015-10-14T00:43:02.545622400Z
1874750.1d50: FileAttributes: 0x20
1884750.1d50: Size: 0xab830
1894750.1d50: NT Headers: 0xf0
1904750.1d50: Timestamp: 0x559f38ad
1914750.1d50: Machine: 0x8664 - amd64
1924750.1d50: Timestamp: 0x559f38ad
1934750.1d50: Image Version: 10.0
1944750.1d50: SizeOfImage: 0xad000 (708608)
1954750.1d50: Resource Dir: 0xab000 LB 0x518
1964750.1d50: ProductName: Microsoft® Windows® Operating System
1974750.1d50: ProductVersion: 10.0.10240.16384
1984750.1d50: FileVersion: 10.0.10240.16384 (th1.150709-1700)
1994750.1d50: FileDescription: Windows NT BASE API Client DLL
2004750.1d50: \SystemRoot\System32\KernelBase.dll:
2014750.1d50: CreationTime: 2015-07-10T11:00:10.325689700Z
2024750.1d50: LastWriteTime: 2015-07-10T11:00:10.325689700Z
2034750.1d50: ChangeTime: 2015-10-14T00:43:02.561253900Z
2044750.1d50: FileAttributes: 0x20
2054750.1d50: Size: 0x1dc680
2064750.1d50: NT Headers: 0x100
2074750.1d50: Timestamp: 0x559f38c3
2084750.1d50: Machine: 0x8664 - amd64
2094750.1d50: Timestamp: 0x559f38c3
2104750.1d50: Image Version: 10.0
2114750.1d50: SizeOfImage: 0x1dd000 (1953792)
2124750.1d50: Resource Dir: 0x1c7000 LB 0x530
2134750.1d50: ProductName: Microsoft® Windows® Operating System
2144750.1d50: ProductVersion: 10.0.10240.16384
2154750.1d50: FileVersion: 10.0.10240.16384 (th1.150709-1700)
2164750.1d50: FileDescription: Windows NT BASE API Client DLL
2174750.1d50: \SystemRoot\System32\apisetschema.dll:
2184750.1d50: CreationTime: 2015-07-10T11:00:04.872098600Z
2194750.1d50: LastWriteTime: 2015-07-10T11:00:04.872098600Z
2204750.1d50: ChangeTime: 2015-07-30T02:54:39.655230700Z
2214750.1d50: FileAttributes: 0x20
2224750.1d50: Size: 0x16760
2234750.1d50: NT Headers: 0xc8
2244750.1d50: Timestamp: 0x559f3e3d
2254750.1d50: Machine: 0x8664 - amd64
2264750.1d50: Timestamp: 0x559f3e3d
2274750.1d50: Image Version: 10.0
2284750.1d50: SizeOfImage: 0x17000 (94208)
2294750.1d50: Resource Dir: 0x16000 LB 0x3f0
2304750.1d50: ProductName: Microsoft® Windows® Operating System
2314750.1d50: ProductVersion: 10.0.10240.16384
2324750.1d50: FileVersion: 10.0.10240.16384 (th1.150709-1700)
2334750.1d50: FileDescription: ApiSet Schema DLL
2344750.1d50: NtOpenDirectoryObject failed on \Driver: 0xc0000022
2354750.1d50: supR3HardenedWinFindAdversaries: 0x0
2364750.1d50: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
2374750.1d50: Calling main()
2384750.1d50: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
2394750.1d50: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
2404750.1d50: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
2414750.1d50: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
2424750.1d50: SUPR3HardenedMain: Respawn #2
2434750.1d50: supR3HardNtEnableThreadCreation:
2444750.1d50: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffe8c1afb70 pvNtTerminateThread=00007ffe8c1d3a20
2454750.1d50: supR3HardenedWinDoReSpawn(2): New child 2024.5570 [kernel32].
2464750.1d50: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
2474750.1d50: supR3HardNtChildGatherData: PebBaseAddress=00007ff7be0c7000 cbPeb=0x388
2484750.1d50: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffe8c140000 uNtDllChildAddr=00007ffe8c140000
2494750.1d50: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffe8c1afb70
2504750.1d50: supR3HardenedWinSetupChildInit: Start child.
2514750.1d50: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
2524750.1d50: supR3HardNtChildPurify: Startup delay kludge #1/0: 258 ms, 29 sleeps
2534750.1d50: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
2544750.1d50: *0000000000000000-ffffffffff58ffff 0x0001/0x0000 0x0000000
2554750.1d50: *0000000000a70000-0000000000a4ffff 0x0004/0x0004 0x0020000
2564750.1d50: *0000000000a90000-0000000000a7bfff 0x0002/0x0002 0x0040000
2574750.1d50: 0000000000aa4000-0000000000a97fff 0x0001/0x0000 0x0000000
2584750.1d50: *0000000000ab0000-00000000009b3fff 0x0000/0x0004 0x0020000
2594750.1d50: 0000000000bac000-0000000000ba8fff 0x0104/0x0004 0x0020000
2604750.1d50: 0000000000baf000-0000000000badfff 0x0004/0x0004 0x0020000
2614750.1d50: *0000000000bb0000-0000000000babfff 0x0002/0x0002 0x0040000
2624750.1d50: 0000000000bb4000-0000000000ba7fff 0x0001/0x0000 0x0000000
2634750.1d50: *0000000000bc0000-0000000000bbdfff 0x0004/0x0004 0x0020000
2644750.1d50: 0000000000bc2000-ffffffff817a3fff 0x0001/0x0000 0x0000000
2654750.1d50: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
2664750.1d50: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
2674750.1d50: 000000007fff0000-ffff800941f3ffff 0x0001/0x0000 0x0000000
2684750.1d50: *00007ff7be0a0000-00007ff7be07cfff 0x0002/0x0002 0x0040000
2694750.1d50: 00007ff7be0c3000-00007ff7be0befff 0x0001/0x0000 0x0000000
2704750.1d50: *00007ff7be0c7000-00007ff7be0c5fff 0x0004/0x0004 0x0020000
2714750.1d50: 00007ff7be0c8000-00007ff7be0c1fff 0x0001/0x0000 0x0000000
2724750.1d50: *00007ff7be0ce000-00007ff7be0cbfff 0x0004/0x0004 0x0020000
2734750.1d50: 00007ff7be0d0000-00007ff7bd9cffff 0x0001/0x0000 0x0000000
2744750.1d50: *00007ff7be7d0000-00007ff7be7d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2754750.1d50: 00007ff7be7d1000-00007ff7be857fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2764750.1d50: 00007ff7be858000-00007ff7be858fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2774750.1d50: 00007ff7be859000-00007ff7be8a3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2784750.1d50: 00007ff7be8a4000-00007ff7be8a4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2794750.1d50: 00007ff7be8a5000-00007ff7be8a5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2804750.1d50: 00007ff7be8a6000-00007ff7be8aafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2814750.1d50: 00007ff7be8ab000-00007ff7be8abfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2824750.1d50: 00007ff7be8ac000-00007ff7be8acfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2834750.1d50: 00007ff7be8ad000-00007ff7be8b0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2844750.1d50: 00007ff7be8b1000-00007ff7be8fbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2854750.1d50: 00007ff7be8fc000-00007ff0f10b7fff 0x0001/0x0000 0x0000000
2864750.1d50: *00007ffe8c140000-00007ffe8c140fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2874750.1d50: 00007ffe8c141000-00007ffe8c23cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2884750.1d50: 00007ffe8c23d000-00007ffe8c27efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2894750.1d50: 00007ffe8c27f000-00007ffe8c287fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2904750.1d50: 00007ffe8c288000-00007ffe8c295fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2914750.1d50: 00007ffe8c296000-00007ffe8c296fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2924750.1d50: 00007ffe8c297000-00007ffe8c299fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2934750.1d50: 00007ffe8c29a000-00007ffe8c300fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2944750.1d50: 00007ffe8c301000-00007ffd18621fff 0x0001/0x0000 0x0000000
2954750.1d50: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
2964750.1d50: VirtualBox.exe: timestamp 0x5630b0b7 (rc=VINF_SUCCESS)
2974750.1d50: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
2984750.1d50: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
2994750.1d50: supR3HardNtChildPurify: Done after 298 ms and 0 fixes (loop #0).
3002024.5570: Log file opened: 5.0.9r103713 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa0280000
3012024.5570: supR3HardenedVmProcessInit: uNtDllAddr=00007ffe8c140000
3022024.5570: ntdll.dll: timestamp 0x55c59f92 (rc=VINF_SUCCESS)
3032024.5570: New simple heap: #1 0000000000cd0000 LB 0x400000 (for 1839104 allocation)
3044750.1d50: supR3HardenedEarlyCompact: Removed heap 1 (0x00000001200000 LB 0x400000)
3054750.1d50: supR3HardNtEnableThreadCreation:
3062024.5570: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
3072024.5570: System32: \Device\HarddiskVolume2\Windows\System32
3082024.5570: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
3092024.5570: KnownDllPath: C:\WINDOWS\system32
3102024.5570: supR3HardenedVmProcessInit: Opening vboxdrv...
3112024.5570: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
3122024.5570: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
3132024.5570: Registered Dll notification callback with NTDLL.
3142024.5570: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
3152024.5570: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
3162024.5570: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801:<flags> [calling]
3172024.5570: supR3HardenedDllNotificationCallback: load 00007ffe89510000 LB 0x001dd000 C:\WINDOWS\system32\KERNELBASE.dll [fFlags=0x0]
3182024.5570: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
3192024.5570: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
3202024.5570: supR3HardenedDllNotificationCallback: load 00007ffe8b8b0000 LB 0x000ad000 C:\WINDOWS\system32\KERNEL32.DLL [fFlags=0x0]
3212024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
3222024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b8b0000 'C:\WINDOWS\system32\KERNEL32.DLL'
3232024.5570: supR3HardenedDllNotificationCallback: load 00007ff7be7d0000 LB 0x0012c000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
3242024.5570: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
3252024.5570: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
3262024.5570: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
3272024.5570: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffe8c1afb70 pvNtTerminateThread=00007ffe8c1d3a20
3284750.1d50: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 104 ms.
3292024.5570: \SystemRoot\System32\ntdll.dll:
3302024.5570: CreationTime: 2015-08-11T18:39:22.036029300Z
3312024.5570: LastWriteTime: 2015-08-08T07:29:58.168349600Z
3322024.5570: ChangeTime: 2015-08-18T21:22:54.372648300Z
3332024.5570: FileAttributes: 0x20
3342024.5570: Size: 0x1bce48
3352024.5570: NT Headers: 0xd8
3362024.5570: Timestamp: 0x55c59f92
3372024.5570: Machine: 0x8664 - amd64
3382024.5570: Timestamp: 0x55c59f92
3392024.5570: Image Version: 10.0
3402024.5570: SizeOfImage: 0x1c1000 (1839104)
3412024.5570: Resource Dir: 0x15a000 LB 0x65718
3422024.5570: ProductName: Microsoft® Windows® Operating System
3432024.5570: ProductVersion: 10.0.10240.16430
3442024.5570: FileVersion: 10.0.10240.16430 (th1.150807-2049)
3452024.5570: FileDescription: NT Layer DLL
3462024.5570: \SystemRoot\System32\kernel32.dll:
3472024.5570: CreationTime: 2015-07-10T10:59:59.699781600Z
3482024.5570: LastWriteTime: 2015-07-10T10:59:59.699781600Z
3492024.5570: ChangeTime: 2015-10-14T00:43:02.545622400Z
3502024.5570: FileAttributes: 0x20
3512024.5570: Size: 0xab830
3522024.5570: NT Headers: 0xf0
3532024.5570: Timestamp: 0x559f38ad
3542024.5570: Machine: 0x8664 - amd64
3552024.5570: Timestamp: 0x559f38ad
3562024.5570: Image Version: 10.0
3572024.5570: SizeOfImage: 0xad000 (708608)
3582024.5570: Resource Dir: 0xab000 LB 0x518
3592024.5570: ProductName: Microsoft® Windows® Operating System
3602024.5570: ProductVersion: 10.0.10240.16384
3612024.5570: FileVersion: 10.0.10240.16384 (th1.150709-1700)
3622024.5570: FileDescription: Windows NT BASE API Client DLL
3632024.5570: \SystemRoot\System32\KernelBase.dll:
3642024.5570: CreationTime: 2015-07-10T11:00:10.325689700Z
3652024.5570: LastWriteTime: 2015-07-10T11:00:10.325689700Z
3662024.5570: ChangeTime: 2015-10-14T00:43:02.561253900Z
3672024.5570: FileAttributes: 0x20
3682024.5570: Size: 0x1dc680
3692024.5570: NT Headers: 0x100
3702024.5570: Timestamp: 0x559f38c3
3712024.5570: Machine: 0x8664 - amd64
3722024.5570: Timestamp: 0x559f38c3
3732024.5570: Image Version: 10.0
3742024.5570: SizeOfImage: 0x1dd000 (1953792)
3752024.5570: Resource Dir: 0x1c7000 LB 0x530
3762024.5570: ProductName: Microsoft® Windows® Operating System
3772024.5570: ProductVersion: 10.0.10240.16384
3782024.5570: FileVersion: 10.0.10240.16384 (th1.150709-1700)
3792024.5570: FileDescription: Windows NT BASE API Client DLL
3802024.5570: \SystemRoot\System32\apisetschema.dll:
3812024.5570: CreationTime: 2015-07-10T11:00:04.872098600Z
3822024.5570: LastWriteTime: 2015-07-10T11:00:04.872098600Z
3832024.5570: ChangeTime: 2015-07-30T02:54:39.655230700Z
3842024.5570: FileAttributes: 0x20
3852024.5570: Size: 0x16760
3862024.5570: NT Headers: 0xc8
3872024.5570: Timestamp: 0x559f3e3d
3882024.5570: Machine: 0x8664 - amd64
3892024.5570: Timestamp: 0x559f3e3d
3902024.5570: Image Version: 10.0
3912024.5570: SizeOfImage: 0x17000 (94208)
3922024.5570: Resource Dir: 0x16000 LB 0x3f0
3932024.5570: ProductName: Microsoft® Windows® Operating System
3942024.5570: ProductVersion: 10.0.10240.16384
3952024.5570: FileVersion: 10.0.10240.16384 (th1.150709-1700)
3962024.5570: FileDescription: ApiSet Schema DLL
3972024.5570: NtOpenDirectoryObject failed on \Driver: 0xc0000022
3982024.5570: supR3HardenedWinFindAdversaries: 0x0
3992024.5570: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
4002024.5570: Calling main()
4012024.5570: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
4022024.5570: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
4032024.5570: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
4042024.5570: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
4052024.5570: SUPR3HardenedMain: Final process, opening VBoxDrv...
4062024.5570: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000cd0000 LB 0x400000)
4072024.5570: supR3HardNtEnableThreadCreation:
4082024.5570: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
4092024.5570: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
4102024.5570: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
4112024.5570: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
4122024.5570: supR3HardenedDllNotificationCallback: load 00007ffe850f0000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
4132024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
4142024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
4152024.5570: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
4162024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe850f0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
4172024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
4182024.5570: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
4192024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe850f0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
4202024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe850f0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
4212024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
4222024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
4232024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
4242024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
4252024.5570: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
4262024.5570: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
4272024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
4282024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
4292024.5570: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
4302024.5570: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
4312024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
4322024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
4332024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
4342024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'msasn1.dll'.
4352024.5570: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
4362024.5570: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
4372024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
4382024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
4392024.5570: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
4402024.5570: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
4412024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
4422024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
4432024.5570: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
4442024.5570: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
4452024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
4462024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
4472024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
4482024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
4492024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
4502024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
4512024.5570: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
4522024.5570: supR3HardenedDllNotificationCallback: load 00007ffe8bd30000 LB 0x0009d000 C:\WINDOWS\system32\msvcrt.dll [fFlags=0x0]
4532024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
4542024.5570: supR3HardenedDllNotificationCallback: load 00007ffe88bf0000 LB 0x00011000 C:\WINDOWS\system32\MSASN1.dll [fFlags=0x0]
4552024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
4562024.5570: supR3HardenedDllNotificationCallback: load 00007ffe89240000 LB 0x001c1000 C:\WINDOWS\system32\CRYPT32.dll [fFlags=0x0]
4572024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
4582024.5570: supR3HardenedDllNotificationCallback: load 00007ffe89a90000 LB 0x00126000 C:\WINDOWS\system32\RPCRT4.dll [fFlags=0x0]
4592024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
4602024.5570: supR3HardenedDllNotificationCallback: load 00007ffe896f0000 LB 0x00054000 C:\WINDOWS\system32\Wintrust.dll [fFlags=0x0]
4612024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
4622024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe896f0000 'C:\WINDOWS\system32\Wintrust.dll'
4632024.5570: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
4642024.5570: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
4652024.5570: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
4662024.5570: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
4672024.5570: supR3HardenedDllNotificationCallback: load 00007ffe886b0000 LB 0x00028000 C:\WINDOWS\system32\bcrypt.dll [fFlags=0x0]
4682024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
4692024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe886b0000 'C:\WINDOWS\system32\bcrypt.dll'
4702024.5570: bcrypt.dll loaded at 00007ffe886b0000, BCryptOpenAlgorithmProvider at 00007ffe886b4a00, preloading providers:
4712024.5570: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
4722024.5570: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
4732024.5570: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
4742024.5570: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
4752024.5570: supR3HardenedDllNotificationCallback: load 00007ffe889c0000 LB 0x0006b000 C:\WINDOWS\system32\bcryptprimitives.dll [fFlags=0x0]
4762024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
4772024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe889c0000 'C:\WINDOWS\system32\bcryptprimitives.dll'
4782024.5570: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=00000000011799d0)
4792024.5570: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=000000000117a090)
4802024.5570: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=000000000117a360)
4812024.5570: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=000000000117a6c0)
4822024.5570: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=000000000117b1e0)
4832024.5570: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=000000000117b4f0)
4842024.5570: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=000000000117b800)
4852024.5570: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=000000000117bad0)
4862024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
4872024.5570: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
4882024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe896f0000 'C:\Windows\System32\WINTRUST.DLL'
4892024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
4902024.5570: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
4912024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe896f0000 'C:\Windows\System32\WINTRUST.DLL'
4922024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
4932024.5570: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
4942024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe896f0000 'C:\Windows\System32\WINTRUST.DLL'
4952024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
4962024.5570: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
4972024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe896f0000 'C:\Windows\System32\WINTRUST.DLL'
4982024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
4992024.5570: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5002024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe896f0000 'C:\Windows\System32\WINTRUST.DLL'
5012024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5022024.5570: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5032024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe896f0000 'C:\Windows\System32\WINTRUST.DLL'
5042024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5052024.5570: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5062024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe896f0000 'C:\Windows\System32\WINTRUST.DLL'
5072024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcrypt.dll'.
5082024.5570: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
5092024.5570: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
5102024.5570: supR3HardenedDllNotificationCallback: load 00007ffe88490000 LB 0x00017000 C:\WINDOWS\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
5112024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
5122024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'bcrypt.dll'.
5132024.5570: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
5142024.5570: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
5152024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
5162024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
5172024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
5182024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
5192024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
5202024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
5212024.5570: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5222024.5570: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
5232024.5570: supR3HardenedDllNotificationCallback: load 00007ffe88080000 LB 0x00033000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
5242024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
5252024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
5262024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
5272024.5570: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
5282024.5570: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
5292024.5570: supR3HardenedDllNotificationCallback: load 00007ffe88600000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
5302024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
5312024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
5322024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
5332024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
5342024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
5352024.5570: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5362024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b8b0000 'C:\WINDOWS\system32\kernel32.dll'
5372024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5382024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe896f0000 'C:\Windows\System32\WINTRUST.DLL'
5392024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
5402024.5570: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
5412024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\CRYPT32.dll'
5422024.5570: supR3HardenedDllNotificationCallback: load 00007ffe8b300000 LB 0x0001c000 C:\WINDOWS\system32\imagehlp.dll [fFlags=0x0]
5432024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
5442024.5570: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
5452024.5570: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
5462024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
5472024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
5482024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
5492024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
5502024.5570: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5512024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
5522024.5570: supR3HardenedDllNotificationCallback: load 00007ffe8b240000 LB 0x0005b000 C:\WINDOWS\system32\sechost.dll [fFlags=0x0]
5532024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
5542024.5570: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
5552024.5570: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
5562024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
5572024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
5582024.5570: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
5592024.5570: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
5602024.5570: supR3HardenedDllNotificationCallback: load 00007ffe87a80000 LB 0x00023000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0]
5612024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
5622024.5570: supR3HardenedDllNotificationCallback: load 00007ffe88b70000 LB 0x00013000 C:\WINDOWS\system32\profapi.dll [fFlags=0x0]
5632024.5570: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
5642024.5570: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
5652024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
5662024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
5672024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'wldap32.dll'.
5682024.5570: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
5692024.5570: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
5702024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
5712024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
5722024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
5732024.5570: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\Wldap32.dll)
5742024.5570: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\Wldap32.dll
5752024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
5762024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
5772024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
5782024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
5792024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
5802024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
5812024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
5822024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
5832024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
5842024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
5852024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
5862024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
5872024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
5882024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
5892024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
5902024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
5912024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
5922024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
5932024.5570: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5942024.5570: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
5952024.5570: supR3HardenedDllNotificationCallback: load 00007ffe8be10000 LB 0x0005b000 C:\WINDOWS\system32\WLDAP32.dll [fFlags=0x0]
5962024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
5972024.5570: supR3HardenedDllNotificationCallback: load 00007ffe7bca0000 LB 0x0002f000 C:\WINDOWS\system32\cryptnet.dll [fFlags=0x0]
5982024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
5992024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6002024.5570: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6012024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe7bca0000 'C:\WINDOWS\system32\cryptnet.dll'
6022024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6032024.5570: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6042024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe7bca0000 'C:\WINDOWS\system32\cryptnet.dll'
6052024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6062024.5570: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6072024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe7bca0000 'C:\WINDOWS\system32\cryptnet.dll'
6082024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6092024.5570: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6102024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe7bca0000 'C:\WINDOWS\system32\cryptnet.dll'
6112024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6122024.5570: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6132024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe7bca0000 'C:\WINDOWS\system32\cryptnet.dll'
6142024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6152024.5570: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6162024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe7bca0000 'C:\WINDOWS\system32\cryptnet.dll'
6172024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6182024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe7bca0000 'C:\WINDOWS\system32\cryptnet.dll'
6192024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6202024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe7bca0000 'C:\WINDOWS\system32\cryptnet.dll'
6212024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6222024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe7bca0000 'C:\WINDOWS\system32\cryptnet.dll'
6232024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6242024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe7bca0000 'C:\WINDOWS\system32\cryptnet.dll'
6252024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6262024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe7bca0000 'C:\WINDOWS\system32\cryptnet.dll'
6272024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe7bca0000 'C:\WINDOWS\system32\cryptnet.dll'
6282024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6292024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe7bca0000 'C:\Windows\System32\cryptnet.dll'
6302024.5570: supR3HardenedDllNotificationCallback: load 00007ffe8c090000 LB 0x000a6000 C:\WINDOWS\system32\advapi32.dll [fFlags=0x0]
6312024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6322024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'sechost.dll'.
6332024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'rpcrt4.dll'.
6342024.5570: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
6352024.5570: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
6362024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6372024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6382024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6392024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
6402024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
6412024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume2\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
6422024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
6432024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6442024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6452024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6462024.5570: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6472024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
6482024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
6492024.5570: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6502024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
6512024.5570: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
6522024.5570: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000011c01d0
6532024.5570: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000011c01d0
6542024.5570: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=311B4CDD9B998ED36E8EA94DCB004D809301CC36
6552024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
6562024.5570: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6572024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89a90000 'C:\WINDOWS\system32\rpcrt4.dll'
6582024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
6592024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe896f0000 'C:\Windows\System32\WINTRUST.DLL'
6602024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
6612024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe896f0000 'C:\Windows\System32\WINTRUST.DLL'
6622024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
6632024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe896f0000 'C:\Windows\System32\WINTRUST.DLL'
6642024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
6652024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe896f0000 'C:\Windows\System32\WINTRUST.DLL'
6662024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
6672024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe896f0000 'C:\Windows\System32\WINTRUST.DLL'
6682024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
6692024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe896f0000 'C:\Windows\System32\WINTRUST.DLL'
6702024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
6712024.5570: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6722024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe896f0000 'C:\Windows\System32\WINTRUST.DLL'
6732024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6742024.5570: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6752024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
6762024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
6772024.5570: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6782024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
6792024.5570: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_555_for_KB3081455~31bf3856ad364e35~amd64~~10.0.1.3.cat'; file='\SystemRoot\System32\ntdll.dll'
6802024.5570: g_pfnWinVerifyTrust=00007ffe896f8890
6812024.5570: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
6822024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6832024.5570: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6842024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
6852024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
6862024.5570: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6872024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
6882024.5570: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
6892024.5570: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
6902024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6912024.5570: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6922024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
6932024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
6942024.5570: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6952024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
6962024.5570: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
6972024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6982024.5570: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6992024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
7002024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
7012024.5570: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
7022024.5570: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000380 pwszName=\Device\HarddiskVolume2\Windows\System32\Wldap32.dll
7032024.5570: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000011c01d0
7042024.5570: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000011c01d0
7052024.5570: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3E30C00BB3189B639214835B4F4C320DEC5BFA77
7062024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7072024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
7082024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
7092024.5570: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-CoreSystem-ds-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
7102024.5570: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
7112024.5570: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
7122024.5570: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000037c pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll
7132024.5570: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000011c01d0
7142024.5570: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000011c01d0
7152024.5570: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5997BB270A09A76A71A9EE8A7ADB154F3D75EEF3
7162024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7172024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
7182024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
7192024.5570: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-CoreSystem-ds-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
7202024.5570: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
7212024.5570: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
7222024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7232024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
7242024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
7252024.5570: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
7262024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7272024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
7282024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
7292024.5570: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
7302024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7312024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
7322024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
7332024.5570: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll'
7342024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7352024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
7362024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
7372024.5570: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
7382024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7392024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
7402024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
7412024.5570: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7422024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
7432024.5570: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
7442024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7452024.5570: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7462024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
7472024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
7482024.5570: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
7492024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
7502024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
7512024.5570: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
7522024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
7532024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
7542024.5570: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll'
7552024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
7562024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
7572024.5570: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
7582024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
7592024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
7602024.5570: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
7612024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
7622024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
7632024.5570: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
7642024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
7652024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
7662024.5570: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
7672024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
7682024.5570: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
7692024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
7702024.5570: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe'
7712024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
7722024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
7732024.5570: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
7742024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
7752024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
7762024.5570: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
7772024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
7782024.5570: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
7792024.5570: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
7802024.5570: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
7812024.5570: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
7822024.5570: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
7832024.5570: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
7842024.5570: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
7852024.5570: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
7862024.5570: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
7872024.5570: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
7882024.5570: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
7892024.5570: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
7902024.5570: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
7912024.5570: supR3HardenedWinIsDesiredRootCA: Adding 0xe248b7eeee4af00 C=CH, O=SwissSign AG, CN=SwissSign Gold CA - G2
7922024.5570: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
7932024.5570: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
7942024.5570: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
7952024.5570: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
7962024.5570: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
7972024.5570: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
7982024.5570: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
7992024.5570: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
8002024.5570: supR3HardenedWinIsDesiredRootCA: Adding 0xff3891b54348328 C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Secure Server Certification Authority
8012024.5570: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
8022024.5570: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
8032024.5570: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
8042024.5570: supR3HardenedWinIsDesiredRootCA: Adding 0xabd0695c5d11d15e C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
8052024.5570: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
8062024.5570: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
8072024.5570: supR3HardenedWinIsDesiredRootCA: Adding 0x35f812d09650dc00 C=FR, O=Certplus, CN=Class 2 Primary CA
8082024.5570: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
8092024.5570: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
8102024.5570: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
8112024.5570: supR3HardenedWinIsDesiredRootCA: Adding 0x16e64d2a56ccf200 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., OU=http://certificates.starfieldtech.com/repository/, CN=Starfield Services Root Certificate Authority
8122024.5570: supR3HardenedWinIsDesiredRootCA: Adding 0x6e2ba21058eedf00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN - DATACorp SGC
8132024.5570: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
8142024.5570: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
8152024.5570: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
8162024.5570: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
8172024.5570: supR3HardenedWinIsDesiredRootCA: Adding 0x30669a4e82fa800 C=US, O=America Online Inc., CN=America Online Root Certification Authority 1
8182024.5570: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
8192024.5570: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
8202024.5570: supR3HardenedWinIsDesiredRootCA: Adding 0x20b7075b3689b600 C=IL, O=StartCom Ltd., CN=StartCom Certification Authority G2
8212024.5570: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
8222024.5570: supR3HardenedWinIsDesiredRootCA: Adding 0xe66b56ffc86e50a4 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA, Email=server-certs@thawte.com
8232024.5570: supR3HardenedWinIsDesiredRootCA: Adding 0x92ac5ed85c2d0e9b C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2007 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G4
8242024.5570: supR3HardenedWinIsDesiredRootCA: Adding 0x1f78fc529cbacb00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
8252024.5570: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
8262024.5570: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
8272024.5570: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
8282024.5570: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
8292024.5570: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=51
8302024.5570: SUPR3HardenedMain: Load Runtime...
8312024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
8322024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
8332024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
8342024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
8352024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
8362024.5570: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
8372024.5570: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
8382024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8392024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8402024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
8412024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
8422024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
8432024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
8442024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
8452024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'nsi.dll'.
8462024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
8472024.5570: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll) WinVerifyTrust
8482024.5570: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
8492024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
8502024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
8512024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8522024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8532024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
8542024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
8552024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
8562024.5570: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\nsi.dll'.
8572024.5570: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll)
8582024.5570: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll
8592024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
8602024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
8612024.5570: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
8622024.5570: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
8632024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
8642024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
8652024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
8662024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
8672024.5570: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
8682024.5570: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll)
8692024.5570: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
8702024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
8712024.5570: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
8722024.5570: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
8732024.5570: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
8742024.5570: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
8752024.5570: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
8762024.5570: supR3HardenedDllNotificationCallback: load 0000000050200000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
8772024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
8782024.5570: supR3HardenedDllNotificationCallback: load 00000000502e0000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
8792024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
8802024.5570: supR3HardenedDllNotificationCallback: load 00007ffe8b5a0000 LB 0x00008000 C:\WINDOWS\system32\NSI.dll [fFlags=0x0]
8812024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll [avoiding WinVerifyTrust]
8822024.5570: supR3HardenedDllNotificationCallback: load 00007ffe8bed0000 LB 0x00069000 C:\WINDOWS\system32\WS2_32.dll [fFlags=0x0]
8832024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
8842024.5570: supR3HardenedDllNotificationCallback: load 00007ffe557b0000 LB 0x0055f000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
8852024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
8862024.5570: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
8872024.5570: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
8882024.5570: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\nsi.dll'.
8892024.5570: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rescheduled]
8902024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
8912024.5570: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8922024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe557b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8932024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
8942024.5570: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8952024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe557b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8962024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
8972024.5570: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8982024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe557b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8992024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
9002024.5570: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9012024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe557b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9022024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
9032024.5570: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9042024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe557b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9052024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
9062024.5570: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9072024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe557b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9082024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe557b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9092024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe557b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9102024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe557b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9112024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe557b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9122024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe557b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9132024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe557b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9142024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe557b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9152024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
9162024.5570: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9172024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe557b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9182024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe557b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9192024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe557b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9202024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe557b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9212024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe557b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9222024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe557b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9232024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe557b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9242024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe557b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9252024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe557b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9262024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe557b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9272024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe557b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9282024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe557b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9292024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe557b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9302024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe557b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9312024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe557b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9322024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe557b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9332024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
9342024.5570: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9352024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe557b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9362024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe557b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9372024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe557b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9382024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe557b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9392024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe896f0000 'C:\WINDOWS\system32\Wintrust.dll'
9402024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
9412024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
9422024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
9432024.5570: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9442024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
9452024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
9462024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
9472024.5570: SUPR3HardenedMain: Load TrustedMain...
9482024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
9492024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
9502024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
9512024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
9522024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
9532024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
9542024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qtguivbox4.dll'.
9552024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qtnetworkvbox4.dll'.
9562024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qtopenglvbox4.dll'.
9572024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'user32.dll'.
9582024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'gdi32.dll'.
9592024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
9602024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
9612024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
9622024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
9632024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'comdlg32.dll'.
9642024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'winmm.dll'.
9652024.5570: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
9662024.5570: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
9672024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
9682024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
9692024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
9702024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
9712024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
9722024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcrt.dll'.
9732024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'user32.dll'.
9742024.5570: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll) WinVerifyTrust
9752024.5570: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll
9762024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
9772024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
9782024.5570: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004e8 pwszName=\Device\HarddiskVolume2\Windows\System32\comdlg32.dll
9792024.5570: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000011c01d0
9802024.5570: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000011c01d0
9812024.5570: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=857477BEC0F0F69A9C4898B3680E207E94733C3F
9822024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
9832024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
9842024.5570: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
9852024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'gdi32.dll'.
9862024.5570: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
9872024.5570: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
9882024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9892024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9902024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
9912024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
9922024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
9932024.5570: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll'.
9942024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
9952024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'devobj.dll'.
9962024.5570: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmmbase.dll)
9972024.5570: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmmbase.dll
9982024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
9992024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
10002024.5570: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\devobj.dll'.
10012024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10022024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'cfgmgr32.dll'.
10032024.5570: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\devobj.dll)
10042024.5570: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devobj.dll
10052024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10062024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10072024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
10082024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
10092024.5570: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
10102024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'user32.dll'.
10112024.5570: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
10122024.5570: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
10132024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
10142024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
10152024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
10162024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
10172024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
10182024.5570: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'.
10192024.5570: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll)
10202024.5570: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
10212024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10222024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10232024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
10242024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
10252024.5570: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10262024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
10272024.5570: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_207_for_KB3074683~31bf3856ad364e35~amd64~~10.0.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'
10282024.5570: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10292024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10302024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'user32.dll'.
10312024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'shlwapi.dll'.
10322024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'gdi32.dll'.
10332024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'comctl32.dll'.
10342024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'shell32.dll'.
10352024.5570: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comdlg32.dll) WinVerifyTrust
10362024.5570: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
10372024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
10382024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
10392024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
10402024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
10412024.5570: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'.
10422024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10432024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #64 'user32.dll'.
10442024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #66 'gdi32.dll'.
10452024.5570: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll)
10462024.5570: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
10472024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
10482024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
10492024.5570: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\comctl32.dll'.
10502024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
10512024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
10522024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
10532024.5570: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comctl32.dll)
10542024.5570: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comctl32.dll
10552024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
10562024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
10572024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
10582024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
10592024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
10602024.5570: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'.
10612024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
10622024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #41 'gdi32.dll'.
10632024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'user32.dll'.
10642024.5570: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll)
10652024.5570: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
10662024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
10672024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
10682024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
10692024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10702024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10712024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
10722024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
10732024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
10742024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
10752024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
10762024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
10772024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10782024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10792024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
10802024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
10812024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
10822024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
10832024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
10842024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
10852024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
10862024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
10872024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
10882024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
10892024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
10902024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
10912024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
10922024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
10932024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
10942024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10952024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10962024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
10972024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
10982024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10992024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'combase.dll'.
11002024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
11012024.5570: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll) WinVerifyTrust
11022024.5570: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
11032024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
11042024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
11052024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
11062024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
11072024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
11082024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
11092024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
11102024.5570: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
11112024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11122024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
11132024.5570: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\combase.dll)
11142024.5570: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\combase.dll
11152024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11162024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11172024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
11182024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
11192024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11202024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11212024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
11222024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
11232024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
11242024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'rpcrt4.dll'.
11252024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'gdi32.dll'.
11262024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'user32.dll'.
11272024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'combase.dll'.
11282024.5570: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ole32.dll) WinVerifyTrust
11292024.5570: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
11302024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
11312024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
11322024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll [redoing WinVerifyTrust]
11332024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
11342024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
11352024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [lacks WinVerifyTrust]
11362024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
11372024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
11382024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
11392024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
11402024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
11412024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
11422024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
11432024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
11442024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11452024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11462024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
11472024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
11482024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
11492024.5570: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll'
11502024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
11512024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
11522024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
11532024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
11542024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
11552024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
11562024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
11572024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
11582024.5570: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
11592024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
11602024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
11612024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [redoing WinVerifyTrust]
11622024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
11632024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
11642024.5570: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll'
11652024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtopenglvbox4.dll'...
11662024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtopenglvbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtopenglvbox4.dll' [rcNtRedir=0xc0150008]
11672024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
11682024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
11692024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
11702024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
11712024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qtguivbox4.dll'.
11722024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
11732024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'.
11742024.5570: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll) WinVerifyTrust
11752024.5570: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
11762024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtnetworkvbox4.dll'...
11772024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtnetworkvbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtnetworkvbox4.dll' [rcNtRedir=0xc0150008]
11782024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
11792024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
11802024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
11812024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
11822024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
11832024.5570: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll'.
11842024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
11852024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
11862024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
11872024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
11882024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
11892024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
11902024.5570: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll)
11912024.5570: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
11922024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
11932024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
11942024.5570: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll'.
11952024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
11962024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'comdlg32.dll'.
11972024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'.
11982024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
11992024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
12002024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
12012024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
12022024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
12032024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'advapi32.dll'.
12042024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shell32.dll'.
12052024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'qtcorevbox4.dll'.
12062024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp100.dll'.
12072024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcr100.dll'.
12082024.5570: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll)
12092024.5570: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
12102024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12112024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12122024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
12132024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12142024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
12152024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
12162024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
12172024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
12182024.5570: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\opengl32.dll'.
12192024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12202024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
12212024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
12222024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
12232024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
12242024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
12252024.5570: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll)
12262024.5570: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll
12272024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12282024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12292024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
12302024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
12312024.5570: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\ddraw.dll'.
12322024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12332024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'user32.dll'.
12342024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'gdi32.dll'.
12352024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'dciman32.dll'.
12362024.5570: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ddraw.dll)
12372024.5570: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ddraw.dll
12382024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
12392024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
12402024.5570: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
12412024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12422024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
12432024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
12442024.5570: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\glu32.dll)
12452024.5570: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll
12462024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12472024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
12482024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
12492024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
12502024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
12512024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
12522024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12532024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12542024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
12552024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
12562024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
12572024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
12582024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
12592024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
12602024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
12612024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
12622024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [lacks WinVerifyTrust]
12632024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
12642024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
12652024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
12662024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
12672024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
12682024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
12692024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12702024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12712024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
12722024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
12732024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
12742024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
12752024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
12762024.5570: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\winspool.drv'.
12772024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12782024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'bcrypt.dll'.
12792024.5570: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\winspool.drv)
12802024.5570: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winspool.drv
12812024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
12822024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
12832024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
12842024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
12852024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
12862024.5570: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
12872024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
12882024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'msctf.dll'.
12892024.5570: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\imm32.dll)
12902024.5570: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll
12912024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
12922024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
12932024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
12942024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
12952024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
12962024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
12972024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12982024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
12992024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
13002024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
13012024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
13022024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
13032024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
13042024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
13052024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
13062024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
13072024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
13082024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
13092024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
13102024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
13112024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
13122024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
13132024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
13142024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13152024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13162024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
13172024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume2\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
13182024.5570: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msctf.dll'.
13192024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
13202024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
13212024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'gdi32.dll'.
13222024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'imm32.dll'.
13232024.5570: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msctf.dll)
13242024.5570: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll
13252024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13262024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13272024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
13282024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
13292024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
13302024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13312024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13322024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13332024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13342024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
13352024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
13362024.5570: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
13372024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13382024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13392024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
13402024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
13412024.5570: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\dciman32.dll'.
13422024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
13432024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
13442024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
13452024.5570: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\dciman32.dll)
13462024.5570: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dciman32.dll
13472024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13482024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13492024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13502024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13512024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13522024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13532024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13542024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13552024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13562024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13572024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13582024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13592024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
13602024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
13612024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
13622024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13632024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13642024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13652024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13662024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
13672024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13682024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13692024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
13702024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ws2_32.dll'.
13712024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qtcorevbox4.dll'.
13722024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcr100.dll'.
13732024.5570: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll) WinVerifyTrust
13742024.5570: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
13752024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
13762024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
13772024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [redoing WinVerifyTrust]
13782024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
13792024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
13802024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
13812024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
13822024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
13832024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [lacks WinVerifyTrust]
13842024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
13852024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
13862024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
13872024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
13882024.5570: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll'
13892024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
13902024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
13912024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [redoing WinVerifyTrust]
13922024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
13932024.5570: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll'
13942024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
13952024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
13962024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [redoing WinVerifyTrust]
13972024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
13982024.5570: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'
13992024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
14002024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
14012024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
14022024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
14032024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
14042024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
14052024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
14062024.5570: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
14072024.5570: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000544 pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll
14082024.5570: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000011c01d0
14092024.5570: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000011c01d0
14102024.5570: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5F0CC8DA0E67C8C01864C0783FA867C4BDCE0AAA
14112024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
14122024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
14132024.5570: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-windows~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
14142024.5570: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14152024.5570: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
14162024.5570: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
14172024.5570: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
14182024.5570: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
14192024.5570: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
14202024.5570: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
14212024.5570: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
14222024.5570: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
14232024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
14242024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
14252024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
14262024.5570: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll)
14272024.5570: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll
14282024.5570: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
14292024.5570: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
14302024.5570: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll [avoiding WinVerifyTrust]
14312024.5570: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
14322024.5570: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
14332024.5570: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll [avoiding WinVerifyTrust]
14342024.5570: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll [avoiding WinVerifyTrust]
14352024.5570: supR3HardenedDllNotificationCallback: load 00007ffe8bf40000 LB 0x0014e000 C:\WINDOWS\system32\USER32.dll [fFlags=0x0]
14362024.5570: supR3HardenedDllNotificationCallback: load 00007ffe8b710000 LB 0x00186000 C:\WINDOWS\system32\GDI32.dll [fFlags=0x0]
14372024.5570: supR3HardenedDllNotificationCallback: load 00007ffe82940000 LB 0x00008000 C:\WINDOWS\SYSTEM32\DCIMAN32.dll [fFlags=0x0]
14382024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll [avoiding WinVerifyTrust]
14392024.5570: supR3HardenedDllNotificationCallback: load 00007ffe75900000 LB 0x000f6000 C:\WINDOWS\SYSTEM32\DDRAW.dll [fFlags=0x0]
14402024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll [avoiding WinVerifyTrust]
14412024.5570: supR3HardenedDllNotificationCallback: load 00007ffe7ebb0000 LB 0x0002e000 C:\WINDOWS\SYSTEM32\GLU32.dll [fFlags=0x0]
14422024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
14432024.5570: supR3HardenedDllNotificationCallback: load 00007ffe75a00000 LB 0x00128000 C:\WINDOWS\SYSTEM32\OPENGL32.dll [fFlags=0x0]
14442024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
14452024.5570: supR3HardenedDllNotificationCallback: load 00007ffe8bab0000 LB 0x0027c000 C:\WINDOWS\system32\combase.dll [fFlags=0x0]
14462024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [avoiding WinVerifyTrust]
14472024.5570: supR3HardenedDllNotificationCallback: load 00007ffe8b0f0000 LB 0x00141000 C:\WINDOWS\system32\ole32.dll [fFlags=0x0]
14482024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
14492024.5570: supR3HardenedDllNotificationCallback: load 0000000076880000 LB 0x002de000 C:\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [fFlags=0x0]
14502024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
14512024.5570: supR3HardenedDllNotificationCallback: load 00007ffe89750000 LB 0x000b3000 C:\WINDOWS\system32\shcore.dll [fFlags=0x0]
14522024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14532024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'combase.dll'.
14542024.5570: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\SHCore.dll)
14552024.5570: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\SHCore.dll
14562024.5570: supR3HardenedDllNotificationCallback: load 00007ffe8be70000 LB 0x00051000 C:\WINDOWS\system32\shlwapi.dll [fFlags=0x0]
14572024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [avoiding WinVerifyTrust]
14582024.5570: supR3HardenedDllNotificationCallback: load 00007ffe78dc0000 LB 0x000aa000 C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\COMCTL32.dll [fFlags=0x0]
14592024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll [avoiding WinVerifyTrust]
14602024.5570: supR3HardenedDllNotificationCallback: load 00007ffe88be0000 LB 0x0000f000 C:\WINDOWS\system32\kernel.appcore.dll [fFlags=0x0]
14612024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcrt.dll'.
14622024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
14632024.5570: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll)
14642024.5570: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll
14652024.5570: supR3HardenedDllNotificationCallback: load 00007ffe88b90000 LB 0x0004a000 C:\WINDOWS\system32\powrprof.dll [fFlags=0x0]
14662024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14672024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
14682024.5570: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\powrprof.dll)
14692024.5570: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\powrprof.dll
14702024.5570: supR3HardenedDllNotificationCallback: load 00007ffe88c10000 LB 0x00628000 C:\WINDOWS\system32\windows.storage.dll [fFlags=0x0]
14712024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14722024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'rpcrt4.dll'.
14732024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #58 'combase.dll'.
14742024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #64 'profapi.dll'.
14752024.5570: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\windows.storage.dll)
14762024.5570: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\windows.storage.dll
14772024.5570: supR3HardenedDllNotificationCallback: load 00007ffe89bc0000 LB 0x01522000 C:\WINDOWS\system32\SHELL32.dll [fFlags=0x0]
14782024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
14792024.5570: supR3HardenedDllNotificationCallback: load 00007ffe8b960000 LB 0x000d7000 C:\WINDOWS\system32\COMDLG32.dll [fFlags=0x0]
14802024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
14812024.5570: supR3HardenedDllNotificationCallback: load 00007ffe899d0000 LB 0x000be000 C:\WINDOWS\system32\OLEAUT32.dll [fFlags=0x0]
14822024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
14832024.5570: supR3HardenedDllNotificationCallback: load 00007ffe8b5b0000 LB 0x0015c000 C:\WINDOWS\system32\MSCTF.dll [fFlags=0x0]
14842024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msctf.dll [avoiding WinVerifyTrust]
14852024.5570: supR3HardenedDllNotificationCallback: load 00007ffe8bdd0000 LB 0x00036000 C:\WINDOWS\system32\IMM32.dll [fFlags=0x0]
14862024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
14872024.5570: supR3HardenedDllNotificationCallback: load 00007ffe894c0000 LB 0x00044000 C:\WINDOWS\system32\cfgmgr32.dll [fFlags=0x0]
14882024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [avoiding WinVerifyTrust]
14892024.5570: supR3HardenedDllNotificationCallback: load 00007ffe87440000 LB 0x00027000 C:\WINDOWS\SYSTEM32\DEVOBJ.dll [fFlags=0x0]
14902024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll [avoiding WinVerifyTrust]
14912024.5570: supR3HardenedDllNotificationCallback: load 00007ffe87080000 LB 0x0002c000 C:\WINDOWS\SYSTEM32\WINMMBASE.dll [fFlags=0x0]
14922024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
14932024.5570: supR3HardenedDllNotificationCallback: load 00007ffe870e0000 LB 0x00023000 C:\WINDOWS\SYSTEM32\WINMM.dll [fFlags=0x0]
14942024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
14952024.5570: supR3HardenedDllNotificationCallback: load 00007ffe844e0000 LB 0x00084000 C:\WINDOWS\SYSTEM32\WINSPOOL.DRV [fFlags=0x0]
14962024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
14972024.5570: supR3HardenedDllNotificationCallback: load 0000000075f10000 LB 0x0096c000 C:\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [fFlags=0x0]
14982024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
14992024.5570: supR3HardenedDllNotificationCallback: load 00000000500f0000 LB 0x00105000 C:\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll [fFlags=0x0]
15002024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
15012024.5570: supR3HardenedDllNotificationCallback: load 0000000050010000 LB 0x000dc000 C:\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll [fFlags=0x0]
15022024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
15032024.5570: supR3HardenedDllNotificationCallback: load 00007ffe54cf0000 LB 0x00ab9000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
15042024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
15052024.5570: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\windows.storage.dll'.
15062024.5570: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\windows.storage.dll' [rescheduled]
15072024.5570: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\powrprof.dll'.
15082024.5570: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\powrprof.dll' [rescheduled]
15092024.5570: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll'.
15102024.5570: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll' [rescheduled]
15112024.5570: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\SHCore.dll'.
15122024.5570: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\SHCore.dll' [rescheduled]
15132024.5570: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll'.
15142024.5570: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll' [rescheduled]
15152024.5570: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\dciman32.dll'.
15162024.5570: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' [rescheduled]
15172024.5570: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msctf.dll'.
15182024.5570: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll' [rescheduled]
15192024.5570: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
15202024.5570: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rescheduled]
15212024.5570: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\winspool.drv'.
15222024.5570: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rescheduled]
15232024.5570: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
15242024.5570: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
15252024.5570: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\ddraw.dll'.
15262024.5570: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' [rescheduled]
15272024.5570: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
15282024.5570: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
15292024.5570: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'.
15302024.5570: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rescheduled]
15312024.5570: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\comctl32.dll'.
15322024.5570: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rescheduled]
15332024.5570: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'.
15342024.5570: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rescheduled]
15352024.5570: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\devobj.dll'.
15362024.5570: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rescheduled]
15372024.5570: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll'.
15382024.5570: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll' [rescheduled]
15392024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [redoing WinVerifyTrust]
15402024.5570: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
15412024.5570: supR3HardenedScreenImage/LdrLoadDll: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\imm32.dll
15422024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
15432024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
15442024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll
15452024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
15462024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
15472024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [redoing WinVerifyTrust]
15482024.5570: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
15492024.5570: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\combase.dll
15502024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
15512024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
15522024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15532024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15542024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
15552024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
15562024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15572024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15582024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
15592024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
15602024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15612024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15622024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
15632024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
15642024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [redoing WinVerifyTrust]
15652024.5570: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
15662024.5570: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\combase.dll
15672024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15682024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15692024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15702024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15712024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15722024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15732024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
15742024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
15752024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
15762024.5570: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
15772024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8bdd0000 'C:\WINDOWS\system32\imm32.dll'
15782024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe54cf0000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
15792024.5570: SUPR3HardenedMain: Calling TrustedMain (00007ffe54cf10d0)...
15802024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
15812024.5570: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
15822024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe870e0000 'C:\WINDOWS\system32\winmm.dll'
15832024.5570: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000006ac pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll
15842024.5570: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000011c01d0
15852024.5570: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000011c01d0
15862024.5570: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3717D376EF95470D8C03AD02F97C4DCBCE269CF8
15872024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
15882024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
15892024.5570: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_205_for_KB3074683~31bf3856ad364e35~amd64~~10.0.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\uxtheme.dll'
15902024.5570: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15912024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
15922024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'gdi32.dll'.
15932024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'user32.dll'.
15942024.5570: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll) WinVerifyTrust
15952024.5570: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
15962024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15972024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15982024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15992024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16002024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16012024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16022024.5570: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
16032024.5570: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
16042024.5570: supR3HardenedDllNotificationCallback: load 00007ffe87470000 LB 0x00096000 C:\WINDOWS\system32\uxtheme.dll [fFlags=0x0]
16052024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
16062024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe87470000 'C:\WINDOWS\system32\uxtheme.dll'
16072024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16082024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'user32.dll'.
16092024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'gdi32.dll'.
16102024.5570: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\dwmapi.dll)
16112024.5570: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
16122024.5570: supR3HardenedDllNotificationCallback: load 00007ffe86320000 LB 0x00022000 C:\WINDOWS\system32\dwmapi.dll [fFlags=0x0]
16132024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
16142024.5570: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000070c pwszName=\Device\HarddiskVolume2\Windows\System32\dwmapi.dll
16152024.5570: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000011c01d0
16162024.5570: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000011c01d0
16172024.5570: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=71451274041047D99462EA805D3FAD1A9E10F86D
16182024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16192024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16202024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
16212024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16222024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16232024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16242024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16252024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
16262024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
16272024.5570: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_42_for_KB3074683~31bf3856ad364e35~amd64~~10.0.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\dwmapi.dll'
16282024.5570: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16292024.5570: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll'
16302024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
16312024.5570: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16322024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89bc0000 'C:\WINDOWS\system32\shell32.dll'
16332024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
16342024.5570: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16352024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b8b0000 'C:\WINDOWS\system32\kernel32.dll'
16362024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
16372024.5570: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16382024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe87470000 'C:\WINDOWS\system32\uxtheme.dll'
16392024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
16402024.5570: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16412024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe87470000 'C:\WINDOWS\system32\uxtheme.dll'
16422024.5570: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll; rcNtGetDll=0x0
16432024.5570: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16442024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\WINDOWS\system32\wintab32.dll'
16452024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8bf40000 'C:\WINDOWS\system32\user32.dll'
16462024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
16472024.5570: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16482024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe87470000 'C:\WINDOWS\system32\uxtheme.dll'
16492024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8bf40000 'C:\WINDOWS\system32\user32.dll'
16502024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
16512024.5570: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16522024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8c090000 'C:\WINDOWS\system32\advapi32.dll'
16532024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
16542024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
16552024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16562024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
16572024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'profapi.dll'.
16582024.5570: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\userenv.dll) WinVerifyTrust
16592024.5570: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll
16602024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
16612024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
16622024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll
16632024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
16642024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
16652024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16662024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16672024.5570: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16682024.5570: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
16692024.5570: supR3HardenedDllNotificationCallback: load 00007ffe88370000 LB 0x0001f000 C:\WINDOWS\system32\userenv.dll [fFlags=0x0]
16702024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
16712024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88370000 'C:\WINDOWS\system32\userenv.dll'
16722024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
16732024.5570: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16742024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b8b0000 'C:\WINDOWS\system32\kernel32.dll'
16752024.5570: supR3HardenedDllNotificationCallback: load 00007ffe8b320000 LB 0x000a5000 C:\WINDOWS\system32\clbcatq.dll [fFlags=0x0]
16762024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16772024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
16782024.5570: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clbcatq.dll)
16792024.5570: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
16802024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
16812024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
16822024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16832024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16842024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
16852024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
16862024.5570: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\clbcatq.dll'
16872024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
16882024.2dac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
16892024.2dac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
16902024.2dac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
16912024.2dac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'psapi.dll'.
16922024.2dac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
16932024.2dac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
16942024.2dac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'version.dll'.
16952024.2dac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ws2_32.dll'.
16962024.2dac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'.
16972024.2dac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
16982024.2dac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
16992024.2dac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
17002024.2dac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
17012024.2dac: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
17022024.2dac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
17032024.2dac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
17042024.2dac: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
17052024.2dac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
17062024.2dac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
17072024.2dac: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
17082024.2dac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
17092024.2dac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
17102024.2dac: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume2\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
17112024.2dac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
17122024.2dac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
17132024.2dac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17142024.2dac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\version.dll) WinVerifyTrust
17152024.2dac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\version.dll
17162024.2dac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
17172024.2dac: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
17182024.2dac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
17192024.2dac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
17202024.2dac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
17212024.2dac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'psapi.dll'...
17222024.2dac: supR3HardenedWinVerifyCacheProcessImportTodos: 'psapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\psapi.dll' [rcNtRedir=0xc0150008]
17232024.2dac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17242024.2dac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17252024.2dac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
17262024.2dac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
17272024.2dac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\psapi.dll) WinVerifyTrust
17282024.2dac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\psapi.dll
17292024.2dac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
17302024.2dac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
17312024.2dac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
17322024.2dac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
17332024.2dac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
17342024.2dac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
17352024.2dac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
17362024.2dac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
17372024.2dac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll
17382024.2dac: supR3HardenedDllNotificationCallback: load 00007ffe8b8a0000 LB 0x00008000 C:\WINDOWS\system32\PSAPI.DLL [fFlags=0x0]
17392024.2dac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\psapi.dll
17402024.2dac: supR3HardenedDllNotificationCallback: load 00007ffe859e0000 LB 0x0000a000 C:\WINDOWS\SYSTEM32\VERSION.dll [fFlags=0x0]
17412024.2dac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll
17422024.2dac: supR3HardenedDllNotificationCallback: load 00007ffe50650000 LB 0x005d7000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
17432024.2dac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
17442024.2dac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe50650000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
17452024.2dac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
17462024.2dac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
17472024.2dac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe899d0000 'C:\Windows\System32\oleaut32.dll'
17482024.2dac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sxs.dll)
17492024.2dac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sxs.dll
17502024.2dac: supR3HardenedDllNotificationCallback: load 00007ffe88a30000 LB 0x00098000 C:\WINDOWS\SYSTEM32\sxs.dll [fFlags=0x0]
17512024.2dac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sxs.dll [avoiding WinVerifyTrust]
17522024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
17532024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
17542024.5570: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sxs.dll'
17552024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
17562024.5570: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\OLEAUT32.dll (Input=OLEAUT32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17572024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe899d0000 'C:\WINDOWS\system32\OLEAUT32.dll'
17582024.5570: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll; rcNtGetDll=0x0
17592024.5570: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17602024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\WINDOWS\system32\wintab32.dll'
17612024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b710000 'C:\WINDOWS\system32\gdi32.dll'
17622024.45bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
17632024.45bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
17642024.45bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
17652024.45bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
17662024.45bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
17672024.45bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll) WinVerifyTrust
17682024.45bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
17692024.45bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
17702024.45bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
17712024.45bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
17722024.45bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
17732024.45bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxPuelMain.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17742024.45bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
17752024.45bc: supR3HardenedDllNotificationCallback: load 00007ffe7e340000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL [fFlags=0x0]
17762024.45bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
17772024.45bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe7e340000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxPuelMain.DLL'
17782024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8bf40000 'C:\WINDOWS\system32\user32.dll'
17792024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
17802024.5570: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17812024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89bc0000 'C:\WINDOWS\system32\shell32.dll'
17822024.5570: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bc4 pwszName=\Device\HarddiskVolume2\Windows\System32\DataExchange.dll
17832024.5570: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000011c01d0
17842024.5570: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000011c01d0
17852024.5570: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=030BB80F5AC7982FF01AB351589D64E6D4167B3E
17862024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
17872024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
17882024.5570: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-AppRuntime-shell-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\DataExchange.dll'
17892024.5570: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17902024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17912024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shcore.dll'.
17922024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'combase.dll'.
17932024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'd2d1.dll'.
17942024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'd3d11.dll'.
17952024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'dcomp.dll'.
17962024.5570: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\DataExchange.dll) WinVerifyTrust
17972024.5570: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\DataExchange.dll
17982024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'...
17992024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume2\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008]
18002024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
18012024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
18022024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18032024.5570: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dcomp.dll) WinVerifyTrust
18042024.5570: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dcomp.dll
18052024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
18062024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume2\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
18072024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18082024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18092024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
18102024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
18112024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
18122024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18132024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'dxgi.dll'.
18142024.5570: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\d3d11.dll) WinVerifyTrust
18152024.5570: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\d3d11.dll
18162024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd2d1.dll'...
18172024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'd2d1.dll' -> '\Device\HarddiskVolume2\Windows\System32\d2d1.dll' [rcNtRedir=0xc0150008]
18182024.5570: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c98 pwszName=\Device\HarddiskVolume2\Windows\System32\d2d1.dll
18192024.5570: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000011c01d0
18202024.5570: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000011c01d0
18212024.5570: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CA1A7323788F698339FF353F1BA100EF7C556D74
18222024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
18232024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
18242024.5570: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\dxgi.dll'.
18252024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18262024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
18272024.5570: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dxgi.dll)
18282024.5570: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dxgi.dll
18292024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18302024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18312024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18322024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18332024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18342024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18352024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
18362024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
18372024.5570: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-Graphics-DirectX-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\d2d1.dll'
18382024.5570: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18392024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18402024.5570: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\d2d1.dll) WinVerifyTrust
18412024.5570: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\d2d1.dll
18422024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
18432024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
18442024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [redoing WinVerifyTrust]
18452024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18462024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18472024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
18482024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
18492024.5570: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\combase.dll'
18502024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
18512024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume2\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
18522024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SHCore.dll [redoing WinVerifyTrust]
18532024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
18542024.5570: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18552024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
18562024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
18572024.5570: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\SHCore.dll'
18582024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18592024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18602024.5570: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
18612024.5570: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\DataExchange.dll
18622024.5570: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\d2d1.dll
18632024.5570: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\d3d11.dll
18642024.5570: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dcomp.dll
18652024.5570: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
18662024.5570: supR3HardenedDllNotificationCallback: load 00007ffe823e0000 LB 0x00545000 C:\WINDOWS\system32\d2d1.dll [fFlags=0x0]
18672024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\d2d1.dll
18682024.5570: supR3HardenedDllNotificationCallback: load 00007ffe85c30000 LB 0x0009c000 C:\WINDOWS\system32\dxgi.dll [fFlags=0x0]
18692024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
18702024.5570: supR3HardenedDllNotificationCallback: load 00007ffe85cf0000 LB 0x002a3000 C:\WINDOWS\system32\d3d11.dll [fFlags=0x0]
18712024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\d3d11.dll
18722024.5570: supR3HardenedDllNotificationCallback: load 00007ffe86be0000 LB 0x000d1000 C:\WINDOWS\system32\dcomp.dll [fFlags=0x0]
18732024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dcomp.dll
18742024.5570: supR3HardenedDllNotificationCallback: load 00007ffe783c0000 LB 0x00046000 C:\WINDOWS\system32\dataexchange.dll [fFlags=0x0]
18752024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\DataExchange.dll
18762024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe783c0000 'C:\WINDOWS\system32\dataexchange.dll'
18772024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
18782024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
18792024.5570: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\dxgi.dll'
18802024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18812024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'userenv.dll'.
18822024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'bcrypt.dll'.
18832024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
18842024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'combase.dll'.
18852024.5570: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll)
18862024.5570: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll
18872024.5570: supR3HardenedDllNotificationCallback: load 00007ffe87530000 LB 0x000ee000 C:\WINDOWS\system32\twinapi.appcore.dll [fFlags=0x0]
18882024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust]
18892024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
18902024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
18912024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll
18922024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
18932024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
18942024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
18952024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
18962024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
18972024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
18982024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'...
18992024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume2\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008]
19002024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
19012024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19022024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19032024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
19042024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
19052024.5570: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll'
19062024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msctf.dll [redoing WinVerifyTrust]
19072024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
19082024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
19092024.5570: supR3HardenedScreenImage/LdrLoadDll: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll'
19102024.5570: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
19112024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b5b0000 'C:\WINDOWS\system32\MSCTF.dll'
19122024.5570: \Device\HarddiskVolume2\Program Files\GPSoftware\Directory Opus\dopushlp.dll: Owner is administrators group.
19132024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
19142024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'shell32.dll'.
19152024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'mpr.dll'.
19162024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
19172024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
19182024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
19192024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
19202024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'shlwapi.dll'.
19212024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
19222024.5570: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\GPSoftware\Directory Opus\dopushlp.dll) WinVerifyTrust
19232024.5570: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\GPSoftware\Directory Opus\dopushlp.dll
19242024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
19252024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
19262024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
19272024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
19282024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [redoing WinVerifyTrust]
19292024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
19302024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
19312024.5570: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
19322024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
19332024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
19342024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
19352024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
19362024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
19372024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
19382024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
19392024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
19402024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19412024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19422024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
19432024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
19442024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
19452024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
19462024.5570: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mpr.dll) WinVerifyTrust
19472024.5570: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mpr.dll
19482024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
19492024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
19502024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
19512024.5570: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\GPSoftware\Directory Opus\dopushlp.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
19522024.5570: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\GPSoftware\Directory Opus\dopushlp.dll
19532024.5570: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll
19542024.5570: supR3HardenedDllNotificationCallback: load 00007ffe87de0000 LB 0x0001c000 C:\WINDOWS\SYSTEM32\MPR.dll [fFlags=0x0]
19552024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll
19562024.5570: supR3HardenedDllNotificationCallback: load 00007ffe7b600000 LB 0x0006e000 C:\Program Files\GPSoftware\Directory Opus\dopushlp.dll [fFlags=0x0]
19572024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\GPSoftware\Directory Opus\dopushlp.dll
19582024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe7b600000 'C:\Program Files\GPSoftware\Directory Opus\dopushlp.dll'
19592024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
19602024.5570: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
19612024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b0f0000 'C:\WINDOWS\system32\ole32.dll'
19622024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
19632024.5570: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
19642024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe899d0000 'C:\WINDOWS\system32\OLEAUT32.dll'
19652024.5570: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d70 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
19662024.5570: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000011c01d0
19672024.5570: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000011c01d0
19682024.5570: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AA7BAB6C49E4A06208A6E0EE146D0A4385100231
19692024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
19702024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
19712024.5570: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-admin-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll'
19722024.5570: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19732024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19742024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
19752024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
19762024.5570: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
19772024.5570: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
19782024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
19792024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
19802024.5570: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d84 pwszName=\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
19812024.5570: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000011c01d0
19822024.5570: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000011c01d0
19832024.5570: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8589CB867869E61D2D0DD902D9F24828D41B3FB4
19842024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
19852024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
19862024.5570: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-admin-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll'
19872024.5570: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19882024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19892024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'bcrypt.dll'.
19902024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'ws2_32.dll'.
19912024.5570: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll) WinVerifyTrust
19922024.5570: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
19932024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
19942024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
19952024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
19962024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19972024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19982024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
19992024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
20002024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
20012024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
20022024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
20032024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
20042024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20052024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20062024.5570: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
20072024.5570: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
20082024.5570: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
20092024.5570: supR3HardenedDllNotificationCallback: load 00007ffe7fef0000 LB 0x0007f000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [fFlags=0x0]
20102024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
20112024.5570: supR3HardenedDllNotificationCallback: load 00007ffe7f550000 LB 0x00011000 C:\WINDOWS\system32\wbem\wbemprox.dll [fFlags=0x0]
20122024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
20132024.5570: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
20142024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89510000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
20152024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe7f550000 'C:\WINDOWS\system32\wbem\wbemprox.dll'
20162024.5570: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c48 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
20172024.5570: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000011c01d0
20182024.5570: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000011c01d0
20192024.5570: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F55A40FEDA5AB0854F7A2A7AE88B827B3F76303B
20202024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
20212024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
20222024.5570: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-admin-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll'
20232024.5570: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20242024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20252024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
20262024.5570: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
20272024.5570: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
20282024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
20292024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
20302024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20312024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20322024.5570: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
20332024.5570: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
20342024.5570: supR3HardenedDllNotificationCallback: load 00007ffe7eee0000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [fFlags=0x0]
20352024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
20362024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe7eee0000 'C:\WINDOWS\system32\wbem\wbemsvc.dll'
20372024.5570: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
20382024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89510000 'api-ms-win-core-localization-l1-2-0.dll'
20392024.5570: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
20402024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89510000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
20412024.5570: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d8c pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
20422024.5570: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000011c01d0
20432024.5570: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000011c01d0
20442024.5570: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E360AD530F1A62ACF9003C6FE3BA6BBD7638D488
20452024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
20462024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
20472024.5570: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-admin-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll'
20482024.5570: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20492024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20502024.5570: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
20512024.5570: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
20522024.5570: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
20532024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
20542024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
20552024.5570: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
20562024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20572024.5570: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20582024.5570: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
20592024.5570: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
20602024.5570: supR3HardenedDllNotificationCallback: load 00007ffe7ef40000 LB 0x000f8000 C:\WINDOWS\system32\wbem\fastprox.dll [fFlags=0x0]
20612024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
20622024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe7ef40000 'C:\WINDOWS\system32\wbem\fastprox.dll'
20632024.5570: supR3HardenedMonitor_LdrLoadDll: 'C:\WINDOWS\system32\comctl32.dll' -> 'C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll' [redir]
20642024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll [redoing WinVerifyTrust]
20652024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
20662024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
20672024.5570: supR3HardenedScreenImage/LdrLoadDll: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll'
20682024.5570: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll (Input=C:\WINDOWS\system32\comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20692024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe78dc0000 'C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll'
20702024.5570: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
20712024.5570: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\ole32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
20722024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b0f0000 'C:\WINDOWS\system32\ole32.dll'
20732024.3e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
20742024.3e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
20752024.3e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
20762024.3e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
20772024.3e34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
20782024.3e34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
20792024.3e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
20802024.3e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
20812024.3e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
20822024.3e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
20832024.3e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
20842024.3e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
20852024.3e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
20862024.3e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
20872024.3e34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
20882024.3e34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
20892024.3e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
20902024.3e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
20912024.3e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20922024.3e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20932024.3e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
20942024.3e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
20952024.3e34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
20962024.3e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
20972024.3e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
20982024.3e34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20992024.3e34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
21002024.3e34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
21012024.3e34: supR3HardenedDllNotificationCallback: load 0000000075e00000 LB 0x0010a000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
21022024.3e34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
21032024.3e34: supR3HardenedDllNotificationCallback: load 00007ffe71ad0000 LB 0x00293000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
21042024.3e34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
21052024.3e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe71ad0000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
21062024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
21072024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
21082024.2300: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\VBoxUSBMon.sys)
21092024.2300: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\VBoxUSBMon.sys
21102024.2300: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\VBoxUSBMon.sys [avoiding WinVerifyTrust]
21112024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
21122024.2300: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\VBoxDrv.sys)
21132024.2300: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\VBoxDrv.sys
21142024.2300: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\VBoxDrv.sys [avoiding WinVerifyTrust]
21152024.2300: \Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetAdp6.sys: Owner is administrators group.
21162024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ndis.sys'.
21172024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ntoskrnl.exe'.
21182024.2300: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetAdp6.sys)
21192024.2300: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetAdp6.sys
21202024.2300: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetAdp6.sys [avoiding WinVerifyTrust]
21212024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
21222024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ndis.sys'.
21232024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'netio.sys'.
21242024.2300: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetLwf.sys)
21252024.2300: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetLwf.sys
21262024.2300: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetLwf.sys [avoiding WinVerifyTrust]
21272024.2300: \Device\HarddiskVolume2\Windows\System32\drivers\VBoxUSB.sys: Owner is administrators group.
21282024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
21292024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'usbd.sys'.
21302024.2300: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\VBoxUSB.sys)
21312024.2300: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\VBoxUSB.sys
21322024.2300: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\VBoxUSB.sys [avoiding WinVerifyTrust]
21332024.25dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usbd.sys'...
21342024.25dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'usbd.sys' -> '\Device\HarddiskVolume2\Windows\System32\drivers\usbd.sys' [rcNtRedir=0xc0150008]
21352024.25dc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\drivers\usbd.sys'.
21362024.25dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
21372024.25dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\usbd.sys)
21382024.25dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\usbd.sys
21392024.25dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
21402024.25dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
21412024.25dc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe'.
21422024.25dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'hal.dll'.
21432024.25dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'pshed.dll'.
21442024.25dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'bootvid.dll'.
21452024.25dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'kdcom.dll'.
21462024.25dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ci.dll'.
21472024.25dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'msrpc.sys'.
21482024.25dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe)
21492024.25dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe
21502024.25dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netio.sys'...
21512024.25dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'netio.sys' -> '\Device\HarddiskVolume2\Windows\System32\drivers\netio.sys' [rcNtRedir=0xc0150008]
21522024.25dc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\drivers\netio.sys'.
21532024.25dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
21542024.25dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ndis.sys'.
21552024.25dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msrpc.sys'.
21562024.25dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\netio.sys)
21572024.25dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\netio.sys
21582024.25dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ndis.sys'...
21592024.25dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ndis.sys' -> '\Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys' [rcNtRedir=0xc0150008]
21602024.25dc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys'.
21612024.25dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
21622024.25dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
21632024.25dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'netio.sys'.
21642024.25dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'wpprecorder.sys'.
21652024.25dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys)
21662024.25dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys
21672024.25dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
21682024.25dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
21692024.25dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
21702024.25dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
21712024.25dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
21722024.25dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
21732024.25dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ndis.sys'...
21742024.25dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ndis.sys' -> '\Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys' [rcNtRedir=0xc0150008]
21752024.25dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys [lacks WinVerifyTrust]
21762024.25dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
21772024.25dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
21782024.25dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
21792024.25dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
21802024.25dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
21812024.25dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
21822024.25dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wpprecorder.sys'...
21832024.25dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'wpprecorder.sys' -> '\Device\HarddiskVolume2\Windows\System32\drivers\wpprecorder.sys' [rcNtRedir=0xc0150008]
21842024.25dc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\drivers\WppRecorder.sys'.
21852024.25dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
21862024.25dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\WppRecorder.sys)
21872024.25dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\WppRecorder.sys
21882024.25dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netio.sys'...
21892024.25dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'netio.sys' -> '\Device\HarddiskVolume2\Windows\System32\drivers\netio.sys' [rcNtRedir=0xc0150008]
21902024.25dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\netio.sys [lacks WinVerifyTrust]
21912024.25dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
21922024.25dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume2\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
21932024.25dc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\hal.dll'.
21942024.25dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
21952024.25dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'kdcom.dll'.
21962024.25dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'pshed.dll'.
21972024.25dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\hal.dll)
21982024.25dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\hal.dll
21992024.25dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
22002024.25dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
22012024.25dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
22022024.25dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msrpc.sys'...
22032024.25dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msrpc.sys' -> '\Device\HarddiskVolume2\Windows\System32\drivers\msrpc.sys' [rcNtRedir=0xc0150008]
22042024.25dc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\drivers\msrpc.sys'.
22052024.25dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
22062024.25dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\msrpc.sys)
22072024.25dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\msrpc.sys
22082024.25dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ndis.sys'...
22092024.25dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ndis.sys' -> '\Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys' [rcNtRedir=0xc0150008]
22102024.25dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys [lacks WinVerifyTrust]
22112024.25dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
22122024.25dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
22132024.25dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
22142024.25dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msrpc.sys'...
22152024.25dc: supR3HardenedWinVerifyCacheProcessImportTodos: Failed to locate 'msrpc.sys'
22162024.25dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ci.dll'...
22172024.25dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ci.dll' -> '\Device\HarddiskVolume2\Windows\System32\ci.dll' [rcNtRedir=0xc0150008]
22182024.25dc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\ci.dll'.
22192024.25dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
22202024.25dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
22212024.25dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ci.dll)
22222024.25dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ci.dll
22232024.25dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'kdcom.dll'...
22242024.25dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'kdcom.dll' -> '\Device\HarddiskVolume2\Windows\System32\kdcom.dll' [rcNtRedir=0xc0150008]
22252024.25dc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\kdcom.dll'.
22262024.25dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
22272024.25dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
22282024.25dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kdcom.dll)
22292024.25dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kdcom.dll
22302024.25dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bootvid.dll'...
22312024.25dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'bootvid.dll' -> '\Device\HarddiskVolume2\Windows\System32\bootvid.dll' [rcNtRedir=0xc0150008]
22322024.25dc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\BOOTVID.DLL'.
22332024.25dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
22342024.25dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\BOOTVID.DLL)
22352024.25dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\BOOTVID.DLL
22362024.25dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'pshed.dll'...
22372024.25dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'pshed.dll' -> '\Device\HarddiskVolume2\Windows\System32\pshed.dll' [rcNtRedir=0xc0150008]
22382024.25dc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\PSHED.DLL'.
22392024.25dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
22402024.25dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
22412024.25dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\PSHED.DLL)
22422024.25dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\PSHED.DLL
22432024.25dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
22442024.25dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume2\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
22452024.25dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\hal.dll [lacks WinVerifyTrust]
22462024.25dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
22472024.25dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
22482024.25dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
22492024.25dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
22502024.25dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume2\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
22512024.25dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\hal.dll [lacks WinVerifyTrust]
22522024.25dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
22532024.25dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
22542024.25dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
22552024.25dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
22562024.25dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
22572024.25dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
22582024.25dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
22592024.25dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume2\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
22602024.25dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\hal.dll [lacks WinVerifyTrust]
22612024.25dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
22622024.25dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
22632024.25dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
22642024.25dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
22652024.25dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume2\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
22662024.25dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\hal.dll [lacks WinVerifyTrust]
22672024.25dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
22682024.25dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
22692024.25dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
22702024.25dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
22712024.25dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
22722024.25dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
22732024.25dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'pshed.dll'...
22742024.25dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'pshed.dll' -> '\Device\HarddiskVolume2\Windows\System32\pshed.dll' [rcNtRedir=0xc0150008]
22752024.25dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\PSHED.DLL [lacks WinVerifyTrust]
22762024.25dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'kdcom.dll'...
22772024.25dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'kdcom.dll' -> '\Device\HarddiskVolume2\Windows\System32\kdcom.dll' [rcNtRedir=0xc0150008]
22782024.25dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kdcom.dll [lacks WinVerifyTrust]
22792024.25dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
22802024.25dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
22812024.25dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
22822024.25dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
22832024.25dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
22842024.25dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
22852024.25dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
22862024.25dc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\drivers\VBoxUSB.sys'
22872024.25dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
22882024.25dc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetLwf.sys'
22892024.25dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
22902024.25dc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetAdp6.sys'
22912024.25dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
22922024.25dc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\drivers\VBoxDrv.sys'
22932024.25dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
22942024.25dc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\drivers\VBoxUSBMon.sys'
22952024.25dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
22962024.25dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
22972024.25dc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\PSHED.DLL'
22982024.25dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
22992024.25dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
23002024.25dc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\BOOTVID.DLL'
23012024.25dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
23022024.25dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
23032024.25dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23042024.25dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
23052024.25dc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kdcom.dll'
23062024.25dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
23072024.25dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
23082024.25dc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ci.dll'
23092024.25dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
23102024.25dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
23112024.25dc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\drivers\msrpc.sys'
23122024.25dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
23132024.25dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
23142024.25dc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\hal.dll'
23152024.25dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
23162024.25dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
23172024.25dc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\drivers\WppRecorder.sys'
23182024.25dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
23192024.25dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
23202024.25dc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys'
23212024.25dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
23222024.25dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
23232024.25dc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\drivers\netio.sys'
23242024.25dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
23252024.25dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
23262024.25dc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe'
23272024.25dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
23282024.25dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
23292024.25dc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\drivers\usbd.sys'
23302024.25dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
23312024.25dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
23322024.25dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
23332024.25dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
23342024.25dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
23352024.25dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
23362024.25dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
23372024.25dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
23382024.25dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
23392024.25dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
23402024.25dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
23412024.25dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
23422024.25dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
23432024.25dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
23442024.25dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
23452024.25dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
23462024.25dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23472024.25dc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
23482024.25dc: supR3HardenedDllNotificationCallback: load 00007ffe81380000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
23492024.25dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
23502024.25dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe81380000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
23512024.2158: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
23522024.2158: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
23532024.2158: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
23542024.2158: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
23552024.2158: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
23562024.2158: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
23572024.2158: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
23582024.2158: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
23592024.2158: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
23602024.2158: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
23612024.2158: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
23622024.2158: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
23632024.2158: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
23642024.2158: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23652024.2158: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
23662024.2158: supR3HardenedDllNotificationCallback: load 00007ffe812d0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
23672024.2158: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
23682024.2158: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe812d0000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
23692024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
23702024.3008: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
23712024.3008: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxoglhostcrutil.dll'.
23722024.3008: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
23732024.3008: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxvmm.dll'.
23742024.3008: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxoglrenderspu.dll'.
23752024.3008: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
23762024.3008: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ole32.dll'.
23772024.3008: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'oleaut32.dll'.
23782024.3008: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.dll) WinVerifyTrust
23792024.3008: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.dll
23802024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
23812024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
23822024.3008: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
23832024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
23842024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
23852024.3008: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
23862024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
23872024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
23882024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglrenderspu.dll'...
23892024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglrenderspu.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxoglrenderspu.dll' [rcNtRedir=0xc0150008]
23902024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
23912024.3008: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
23922024.3008: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxoglhostcrutil.dll'.
23932024.3008: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
23942024.3008: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
23952024.3008: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
23962024.3008: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
23972024.3008: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll) WinVerifyTrust
23982024.3008: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll
23992024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
24002024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
24012024.3008: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
24022024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
24032024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
24042024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglhostcrutil.dll'...
24052024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglhostcrutil.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxoglhostcrutil.dll' [rcNtRedir=0xc0150008]
24062024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
24072024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
24082024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
24092024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
24102024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
24112024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
24122024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
24132024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
24142024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglhostcrutil.dll'...
24152024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglhostcrutil.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxoglhostcrutil.dll' [rcNtRedir=0xc0150008]
24162024.3008: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll'.
24172024.3008: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
24182024.3008: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
24192024.3008: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'shlwapi.dll'.
24202024.3008: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
24212024.3008: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll)
24222024.3008: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll
24232024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24242024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
24252024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
24262024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
24272024.3008: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
24282024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
24292024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
24302024.3008: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
24312024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
24322024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
24332024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24342024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
24352024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
24362024.3008: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
24372024.3008: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
24382024.3008: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'shlwapi.dll'.
24392024.3008: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
24402024.3008: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll) WinVerifyTrust
24412024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24422024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
24432024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
24442024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
24452024.3008: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
24462024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
24472024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
24482024.3008: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
24492024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
24502024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
24512024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24522024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
24532024.3008: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
24542024.3008: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24552024.3008: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.dll
24562024.3008: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll [avoiding WinVerifyTrust]
24572024.3008: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll
24582024.3008: supR3HardenedDllNotificationCallback: load 00007ffe748e0000 LB 0x00034000 C:\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll [fFlags=0x0]
24592024.3008: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll [avoiding WinVerifyTrust]
24602024.3008: supR3HardenedDllNotificationCallback: load 00007ffe74870000 LB 0x00028000 C:\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll [fFlags=0x0]
24612024.3008: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll
24622024.3008: supR3HardenedDllNotificationCallback: load 00007ffe73900000 LB 0x0012c000 C:\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.DLL [fFlags=0x0]
24632024.3008: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.dll
24642024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe73900000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.DLL'
24652024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
24662024.3008: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll'
24672024.3008: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll
24682024.3008: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24692024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe74870000 'C:\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll'
24702024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
24712024.3008: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
24722024.3008: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxoglhostcrutil.dll'.
24732024.3008: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll) WinVerifyTrust
24742024.3008: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll
24752024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglhostcrutil.dll'...
24762024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglhostcrutil.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxoglhostcrutil.dll' [rcNtRedir=0xc0150008]
24772024.3008: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll
24782024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24792024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
24802024.3008: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24812024.3008: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll
24822024.3008: supR3HardenedDllNotificationCallback: load 00007ffe7c380000 LB 0x0001a000 C:\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll [fFlags=0x0]
24832024.3008: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll
24842024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe7c380000 'C:\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll'
24852024.3008: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
24862024.3008: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32/opengl32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24872024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe75a00000 'C:\WINDOWS\system32/opengl32.dll'
24882024.3008: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
24892024.3008: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\OPENGL32.dll (Input=OPENGL32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24902024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe75a00000 'C:\WINDOWS\system32\OPENGL32.dll'
24912024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b710000 'C:\WINDOWS\system32\gdi32.dll'
24922024.3008: \Device\HarddiskVolume2\Windows\System32\atig6pxx.dll: Owner is administrators group.
24932024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
24942024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
24952024.3008: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
24962024.3008: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
24972024.3008: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
24982024.3008: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\atig6pxx.dll) WinVerifyTrust
24992024.3008: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\atig6pxx.dll
25002024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
25012024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
25022024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
25032024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
25042024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
25052024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
25062024.3008: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\atig6pxx.dll (Input=atig6pxx.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25072024.3008: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\atig6pxx.dll
25082024.3008: supR3HardenedDllNotificationCallback: load 00007ffe7aae0000 LB 0x00018000 C:\WINDOWS\system32\atig6pxx.dll [fFlags=0x0]
25092024.3008: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\atig6pxx.dll
25102024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe7aae0000 'C:\WINDOWS\system32\atig6pxx.dll'
25112024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b710000 'C:\WINDOWS\system32\gdi32.dll'
25122024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b710000 'C:\WINDOWS\system32\gdi32.dll'
25132024.3008: \Device\HarddiskVolume2\Windows\System32\atio6axx.dll: Owner is administrators group.
25142024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
25152024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
25162024.3008: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
25172024.3008: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
25182024.3008: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'version.dll'.
25192024.3008: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
25202024.3008: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'setupapi.dll'.
25212024.3008: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\atio6axx.dll) WinVerifyTrust
25222024.3008: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\atio6axx.dll
25232024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
25242024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
25252024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
25262024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
25272024.3008: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'cfgmgr32.dll'.
25282024.3008: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
25292024.3008: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
25302024.3008: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll) WinVerifyTrust
25312024.3008: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
25322024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
25332024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
25342024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
25352024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume2\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
25362024.3008: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll
25372024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
25382024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
25392024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
25402024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
25412024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
25422024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
25432024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25442024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25452024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
25462024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
25472024.3008: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [redoing WinVerifyTrust]
25482024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
25492024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
25502024.3008: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
25512024.3008: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\atio6axx.dll (Input=atio6axx.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25522024.3008: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\atio6axx.dll
25532024.3008: supR3HardenedDllNotificationCallback: load 00007ffe8b3d0000 LB 0x001c5000 C:\WINDOWS\system32\SETUPAPI.dll [fFlags=0x0]
25542024.3008: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
25552024.3008: supR3HardenedDllNotificationCallback: load 0000000074000000 LB 0x01e00000 C:\WINDOWS\system32\atio6axx.dll [fFlags=0x0]
25562024.3008: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\atio6axx.dll
25572024.3008: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
25582024.3008: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25592024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe870e0000 'C:\WINDOWS\system32\winmm.dll'
25602024.3008: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
25612024.3008: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25622024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe86320000 'C:\WINDOWS\system32\dwmapi.dll'
25632024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000074000000 'C:\WINDOWS\system32\atio6axx.dll'
25642024.3008: \Device\HarddiskVolume2\Windows\System32\atiadlxx.dll: Owner is administrators group.
25652024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
25662024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
25672024.3008: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
25682024.3008: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
25692024.3008: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'shell32.dll'.
25702024.3008: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
25712024.3008: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'propsys.dll'.
25722024.3008: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
25732024.3008: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'userenv.dll'.
25742024.3008: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'wtsapi32.dll'.
25752024.3008: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'setupapi.dll'.
25762024.3008: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'psapi.dll'.
25772024.3008: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'ws2_32.dll'.
25782024.3008: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'iphlpapi.dll'.
25792024.3008: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\atiadlxx.dll) WinVerifyTrust
25802024.3008: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\atiadlxx.dll
25812024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
25822024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
25832024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
25842024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
25852024.3008: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
25862024.3008: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winnsi.dll'.
25872024.3008: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
25882024.3008: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
25892024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
25902024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
25912024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'psapi.dll'...
25922024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: 'psapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\psapi.dll' [rcNtRedir=0xc0150008]
25932024.3008: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\psapi.dll
25942024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
25952024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
25962024.3008: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
25972024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wtsapi32.dll'...
25982024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: 'wtsapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wtsapi32.dll' [rcNtRedir=0xc0150008]
25992024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
26002024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
26012024.3008: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\winnsi.dll'.
26022024.3008: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
26032024.3008: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
26042024.3008: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winnsi.dll)
26052024.3008: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winnsi.dll
26062024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
26072024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
26082024.3008: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll [lacks WinVerifyTrust]
26092024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
26102024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
26112024.3008: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll [lacks WinVerifyTrust]
26122024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
26132024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
26142024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
26152024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
26162024.3008: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26172024.3008: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wtsapi32.dll) WinVerifyTrust
26182024.3008: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wtsapi32.dll
26192024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'...
26202024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume2\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008]
26212024.3008: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
26222024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
26232024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
26242024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
26252024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume2\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
26262024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26272024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26282024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
26292024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
26302024.3008: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26312024.3008: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
26322024.3008: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
26332024.3008: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\propsys.dll) WinVerifyTrust
26342024.3008: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\propsys.dll
26352024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
26362024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
26372024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
26382024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
26392024.3008: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
26402024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
26412024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
26422024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
26432024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
26442024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
26452024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
26462024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
26472024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
26482024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26492024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26502024.3008: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\atiadlxx.dll (Input=atiadlxx.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26512024.3008: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\atiadlxx.dll
26522024.3008: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
26532024.3008: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wtsapi32.dll
26542024.3008: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
26552024.3008: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll [avoiding WinVerifyTrust]
26562024.3008: supR3HardenedDllNotificationCallback: load 00007ffe86830000 LB 0x00183000 C:\WINDOWS\SYSTEM32\PROPSYS.dll [fFlags=0x0]
26572024.3008: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
26582024.3008: supR3HardenedDllNotificationCallback: load 00007ffe869c0000 LB 0x00013000 C:\WINDOWS\SYSTEM32\WTSAPI32.dll [fFlags=0x0]
26592024.3008: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wtsapi32.dll
26602024.3008: supR3HardenedDllNotificationCallback: load 00007ffe861c0000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\WINNSI.DLL [fFlags=0x0]
26612024.3008: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll [avoiding WinVerifyTrust]
26622024.3008: supR3HardenedDllNotificationCallback: load 00007ffe86200000 LB 0x00038000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
26632024.3008: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
26642024.3008: supR3HardenedDllNotificationCallback: load 00007ffe69f50000 LB 0x00141000 C:\WINDOWS\system32\atiadlxx.dll [fFlags=0x0]
26652024.3008: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\atiadlxx.dll
26662024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe69f50000 'C:\WINDOWS\system32\atiadlxx.dll'
26672024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
26682024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
26692024.3008: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\winnsi.dll'
26702024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b710000 'C:\WINDOWS\system32\gdi32.dll'
26712024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b710000 'C:\WINDOWS\system32\gdi32.dll'
26722024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b710000 'C:\WINDOWS\system32\gdi32.dll'
26732024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b710000 'C:\WINDOWS\system32\gdi32.dll'
26742024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b710000 'C:\WINDOWS\system32\gdi32.dll'
26752024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b710000 'C:\WINDOWS\system32\gdi32.dll'
26762024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b710000 'C:\WINDOWS\system32\gdi32.dll'
26772024.3008: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
26782024.3008: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26792024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b710000 'C:\WINDOWS\system32\gdi32.dll'
26802024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b710000 'C:\WINDOWS\system32\gdi32.dll'
26812024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b710000 'C:\WINDOWS\system32\gdi32.dll'
26822024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b710000 'C:\WINDOWS\system32\gdi32.dll'
26832024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b710000 'C:\WINDOWS\system32\gdi32.dll'
26842024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8bf40000 'C:\WINDOWS\system32\USER32.DLL'
26852024.3008: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
26862024.3008: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\USER32.DLL (Input=USER32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26872024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8bf40000 'C:\WINDOWS\system32\USER32.DLL'
26882024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8bf40000 'C:\WINDOWS\system32\USER32.DLL'
26892024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8bf40000 'C:\WINDOWS\system32\USER32.DLL'
26902024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8bf40000 'C:\WINDOWS\system32\USER32.DLL'
26912024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8bf40000 'C:\WINDOWS\system32\USER32.DLL'
26922024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8bf40000 'C:\WINDOWS\system32\USER32.DLL'
26932024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8bf40000 'C:\WINDOWS\system32\USER32.DLL'
26942024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8bf40000 'C:\WINDOWS\system32\USER32.DLL'
26952024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8bf40000 'C:\WINDOWS\system32\USER32.DLL'
26962024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8bf40000 'C:\WINDOWS\system32\USER32.DLL'
26972024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8bf40000 'C:\WINDOWS\system32\USER32.DLL'
26982024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8bf40000 'C:\WINDOWS\system32\USER32.DLL'
26992024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8bf40000 'C:\WINDOWS\system32\USER32.DLL'
27002024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8bf40000 'C:\WINDOWS\system32\USER32.DLL'
27012024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8bf40000 'C:\WINDOWS\system32\USER32.DLL'
27022024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8bf40000 'C:\WINDOWS\system32\USER32.DLL'
27032024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8bf40000 'C:\WINDOWS\system32\USER32.DLL'
27042024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8bf40000 'C:\WINDOWS\system32\USER32.DLL'
27052024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8bf40000 'C:\WINDOWS\system32\USER32.DLL'
27062024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8bf40000 'C:\WINDOWS\system32\USER32.DLL'
27072024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8bf40000 'C:\WINDOWS\system32\USER32.DLL'
27082024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b710000 'C:\WINDOWS\system32\gdi32.dll'
27092024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b710000 'C:\WINDOWS\system32\gdi32.dll'
27102024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b710000 'C:\WINDOWS\system32\gdi32.dll'
27112024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b710000 'C:\WINDOWS\system32\gdi32.dll'
27122024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b710000 'C:\WINDOWS\system32\gdi32.dll'
27132024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b710000 'C:\WINDOWS\system32\gdi32.dll'
27142024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b710000 'C:\WINDOWS\system32\gdi32.dll'
27152024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b710000 'C:\WINDOWS\system32\gdi32.dll'
27162024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b710000 'C:\WINDOWS\system32\gdi32.dll'
27172024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b710000 'C:\WINDOWS\system32\gdi32.dll'
27182024.3008: \Device\HarddiskVolume2\Windows\System32\atig6txx.dll: Owner is administrators group.
27192024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
27202024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
27212024.3008: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
27222024.3008: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
27232024.3008: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'version.dll'.
27242024.3008: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\atig6txx.dll) WinVerifyTrust
27252024.3008: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\atig6txx.dll
27262024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
27272024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume2\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
27282024.3008: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll
27292024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
27302024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
27312024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
27322024.3008: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
27332024.3008: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\atig6txx.dll (Input=atig6txx.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27342024.3008: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\atig6txx.dll
27352024.3008: supR3HardenedDllNotificationCallback: load 00007ffe74790000 LB 0x0002c000 C:\WINDOWS\system32\atig6txx.dll [fFlags=0x0]
27362024.3008: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\atig6txx.dll
27372024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe74790000 'C:\WINDOWS\system32\atig6txx.dll'
27382024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b710000 'C:\WINDOWS\system32\gdi32.dll'
27392024.3008: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
27402024.3008: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
27412024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe86320000 'C:\WINDOWS\system32\dwmapi.dll'
27422024.3008: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
27432024.3008: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
27442024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe86320000 'C:\WINDOWS\system32\dwmapi.dll'
27452024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8bf40000 'C:\WINDOWS\system32\USER32.DLL'
27462024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8bf40000 'C:\WINDOWS\system32\USER32.DLL'
27472024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b710000 'C:\WINDOWS\system32\gdi32.dll'
27482024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b710000 'C:\WINDOWS\system32\gdi32.dll'
27492024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b710000 'C:\WINDOWS\system32\gdi32.dll'
27502024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b710000 'C:\WINDOWS\system32\gdi32.dll'
27512024.3008: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
27522024.3008: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
27532024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe86320000 'C:\WINDOWS\system32\dwmapi.dll'
27542024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b710000 'C:\WINDOWS\system32\gdi32.dll'
27552024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b710000 'C:\WINDOWS\system32\gdi32.dll'
27562024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b710000 'C:\WINDOWS\system32\gdi32.dll'
27572024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b710000 'C:\WINDOWS\system32\gdi32.dll'
27582024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b710000 'C:\WINDOWS\system32\gdi32.dll'
27592024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b710000 'C:\WINDOWS\system32\gdi32.dll'
27602024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b710000 'C:\WINDOWS\system32\gdi32.dll'
27612024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b710000 'C:\WINDOWS\system32\gdi32.dll'
27622024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b710000 'C:\WINDOWS\system32\gdi32.dll'
27632024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b710000 'C:\WINDOWS\system32\gdi32.dll'
27642024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b710000 'C:\WINDOWS\system32\gdi32.dll'
27652024.3008: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
27662024.3008: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27672024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b710000 'C:\WINDOWS\system32\gdi32.dll'
27682024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8bf40000 'C:\WINDOWS\system32\USER32.DLL'
27692024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8bf40000 'C:\WINDOWS\system32\USER32.DLL'
27702024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8bf40000 'C:\WINDOWS\system32\USER32.DLL'
27712024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8bf40000 'C:\WINDOWS\system32\USER32.DLL'
27722024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8bf40000 'C:\WINDOWS\system32\USER32.DLL'
27732024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8bf40000 'C:\WINDOWS\system32\USER32.DLL'
27742024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8bf40000 'C:\WINDOWS\system32\USER32.DLL'
27752024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8bf40000 'C:\WINDOWS\system32\USER32.DLL'
27762024.3008: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
27772024.3008: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\USER32.DLL (Input=USER32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27782024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8bf40000 'C:\WINDOWS\system32\USER32.DLL'
27792024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8bf40000 'C:\WINDOWS\system32\USER32.DLL'
27802024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8bf40000 'C:\WINDOWS\system32\USER32.DLL'
27812024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8bf40000 'C:\WINDOWS\system32\USER32.DLL'
27822024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8bf40000 'C:\WINDOWS\system32\USER32.DLL'
27832024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8bf40000 'C:\WINDOWS\system32\USER32.DLL'
27842024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8bf40000 'C:\WINDOWS\system32\USER32.DLL'
27852024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8bf40000 'C:\WINDOWS\system32\USER32.DLL'
27862024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8bf40000 'C:\WINDOWS\system32\USER32.DLL'
27872024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8bf40000 'C:\WINDOWS\system32\USER32.DLL'
27882024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8bf40000 'C:\WINDOWS\system32\USER32.DLL'
27892024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8bf40000 'C:\WINDOWS\system32\USER32.DLL'
27902024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8bf40000 'C:\WINDOWS\system32\USER32.DLL'
27912024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8bf40000 'C:\WINDOWS\system32\USER32.DLL'
27922024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b710000 'C:\WINDOWS\system32\gdi32.dll'
27932024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b710000 'C:\WINDOWS\system32\gdi32.dll'
27942024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b710000 'C:\WINDOWS\system32\gdi32.dll'
27952024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b710000 'C:\WINDOWS\system32\gdi32.dll'
27962024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b710000 'C:\WINDOWS\system32\gdi32.dll'
27972024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b710000 'C:\WINDOWS\system32\gdi32.dll'
27982024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b710000 'C:\WINDOWS\system32\gdi32.dll'
27992024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b710000 'C:\WINDOWS\system32\gdi32.dll'
28002024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b710000 'C:\WINDOWS\system32\gdi32.dll'
28012024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b710000 'C:\WINDOWS\system32\gdi32.dll'
28022024.3008: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
28032024.3008: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
28042024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe86320000 'C:\WINDOWS\system32\dwmapi.dll'
28052024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b710000 'C:\WINDOWS\system32\gdi32.dll'
28062024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b710000 'C:\WINDOWS\system32\gdi32.dll'
28072024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b710000 'C:\WINDOWS\system32\gdi32.dll'
28082024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b710000 'C:\WINDOWS\system32\gdi32.dll'
28092024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b710000 'C:\WINDOWS\system32\gdi32.dll'
28102024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b710000 'C:\WINDOWS\system32\gdi32.dll'
28112024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b710000 'C:\WINDOWS\system32\gdi32.dll'
28122024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b710000 'C:\WINDOWS\system32\gdi32.dll'
28132024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b710000 'C:\WINDOWS\system32\gdi32.dll'
28142024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b710000 'C:\WINDOWS\system32\gdi32.dll'
28152024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b710000 'C:\WINDOWS\system32\gdi32.dll'
28162024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b710000 'C:\WINDOWS\system32\gdi32.dll'
28172024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b710000 'C:\WINDOWS\system32\gdi32.dll'
28182024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b710000 'C:\WINDOWS\system32\gdi32.dll'
28192024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b710000 'C:\WINDOWS\system32\gdi32.dll'
28202024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b710000 'C:\WINDOWS\system32\gdi32.dll'
28212024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b710000 'C:\WINDOWS\system32\gdi32.dll'
28222024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b710000 'C:\WINDOWS\system32\gdi32.dll'
28232024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b710000 'C:\WINDOWS\system32\gdi32.dll'
28242024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b710000 'C:\WINDOWS\system32\gdi32.dll'
28252024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b710000 'C:\WINDOWS\system32\gdi32.dll'
28262024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b710000 'C:\WINDOWS\system32\gdi32.dll'
28272024.3008: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
28282024.3008: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
28292024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe86320000 'C:\WINDOWS\system32\dwmapi.dll'
28302024.3008: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
28312024.3008: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
28322024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe86320000 'C:\WINDOWS\system32\dwmapi.dll'
28332024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe86320000 'C:\WINDOWS\system32\dwmapi.dll'
28342024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe86320000 'C:\WINDOWS\system32\dwmapi.dll'
28352024.3008: supR3HardenedDllNotificationCallback: Unload 00007ffe74790000 LB 0x0002c000 C:\WINDOWS\system32\atig6txx.dll [flags=0x0]
28362024.3008: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\atig6txx.dll
28372024.3008: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\atig6txx.dll (Input=atig6txx.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28382024.3008: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\atig6txx.dll
28392024.3008: supR3HardenedDllNotificationCallback: load 00007ffe74790000 LB 0x0002c000 C:\WINDOWS\system32\atig6txx.dll [fFlags=0x0]
28402024.3008: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\atig6txx.dll
28412024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe74790000 'C:\WINDOWS\system32\atig6txx.dll'
28422024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b710000 'C:\WINDOWS\system32\gdi32.dll'
28432024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe86320000 'C:\WINDOWS\system32\dwmapi.dll'
28442024.3008: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
28452024.3008: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Kernel32.dll (Input=Kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28462024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b8b0000 'C:\WINDOWS\system32\Kernel32.dll'
28472024.3008: supHardenedWinVerifyImageByHandle: -> -608 (\Device\HarddiskVolume2\Windows\System32\drivers\atikmdag.sys)
28482024.3008: Error (rc=0):
28492024.3008: supR3HardenedScreenImage/NtCreateSection: rc=Unknown Status -608 (0xfffffda0) fImage=1 fProtect=0x5 fAccess=0x2 \Device\HarddiskVolume2\Windows\System32\drivers\atikmdag.sys:
28502024.3008: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\atikmdag.sys
28512024.3008: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status -608 (0xfffffda0)) on \Device\HarddiskVolume2\Windows\System32\drivers\atikmdag.sys [lacks WinVerifyTrust]
28522024.3008: Error (rc=0):
28532024.3008: supR3HardenedScreenImage/NtCreateSection: cached rc=Unknown Status -608 (0xfffffda0) fImage=1 fProtect=0x2 fAccess=0x5 cHits=1 \Device\HarddiskVolume2\Windows\System32\drivers\atikmdag.sys
28542024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe86320000 'C:\WINDOWS\system32\dwmapi.dll'
28552024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe86320000 'C:\WINDOWS\system32\dwmapi.dll'
28562024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8bf40000 'C:\WINDOWS\system32\USER32.DLL'
28572024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8bf40000 'C:\WINDOWS\system32\USER32.DLL'
28582024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b710000 'C:\WINDOWS\system32\gdi32.dll'
28592024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b710000 'C:\WINDOWS\system32\gdi32.dll'
28602024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8bf40000 'C:\WINDOWS\system32\USER32.DLL'
28612024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8bf40000 'C:\WINDOWS\system32\USER32.DLL'
28622024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b710000 'C:\WINDOWS\system32\gdi32.dll'
28632024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b710000 'C:\WINDOWS\system32\gdi32.dll'
28642024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe86320000 'C:\WINDOWS\system32\dwmapi.dll'
28652024.3008: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
28662024.3008: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\OPENGL32.DLL (Input=OPENGL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28672024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe75a00000 'C:\WINDOWS\system32\OPENGL32.DLL'
28682024.3008: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\perf.dll': 0 (NtPath=\??\C:\WINDOWS\system32\perf.dll; Input=perf.dll; rcNtGetDll=0xc0000135
28692024.3008: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\perf.dll (Input=perf.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28702024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\WINDOWS\system32\perf.dll'
28712024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe86320000 'C:\WINDOWS\system32\dwmapi.dll'
28722024.3008: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
28732024.3008: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\OPENGL32.dll (Input=OPENGL32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28742024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe75a00000 'C:\WINDOWS\system32\OPENGL32.dll'
28752024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe75a00000 'C:\WINDOWS\system32\OPENGL32.dll'
28762024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe75a00000 'C:\WINDOWS\system32\OPENGL32.dll'
28772024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe75a00000 'C:\WINDOWS\system32\OPENGL32.dll'
28782024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe75a00000 'C:\WINDOWS\system32\OPENGL32.dll'
28792024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe75a00000 'C:\WINDOWS\system32\OPENGL32.dll'
28802024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe75a00000 'C:\WINDOWS\system32\OPENGL32.dll'
28812024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe75a00000 'C:\WINDOWS\system32\OPENGL32.dll'
28822024.3008: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
28832024.3008: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
28842024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe86320000 'C:\WINDOWS\system32\dwmapi.dll'
28852024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe86320000 'C:\WINDOWS\system32\dwmapi.dll'
28862024.5324: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
28872024.5324: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
28882024.5324: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
28892024.5324: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
28902024.5324: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
28912024.5324: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
28922024.5324: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
28932024.5324: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
28942024.5324: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
28952024.5324: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
28962024.5324: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
28972024.5324: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
28982024.5324: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
28992024.5324: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29002024.5324: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
29012024.5324: supR3HardenedDllNotificationCallback: load 00007ffe7e210000 LB 0x0000f000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
29022024.5324: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
29032024.5324: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe7e210000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
29042024.5418: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
29052024.5418: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
29062024.5418: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
29072024.5418: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
29082024.5418: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
29092024.5418: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
29102024.5418: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
29112024.5418: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
29122024.5418: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
29132024.5418: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
29142024.5418: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
29152024.5418: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
29162024.5418: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29172024.5418: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
29182024.5418: supR3HardenedDllNotificationCallback: load 00007ffe7bb90000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
29192024.5418: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
29202024.5418: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe7bb90000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
29212024.2300: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
29222024.2300: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32/Shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29232024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89bc0000 'C:\WINDOWS\system32/Shell32.dll'
29242024.2300: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
29252024.2300: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29262024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe71ad0000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
29272024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
29282024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
29292024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
29302024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
29312024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
29322024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
29332024.2300: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll) WinVerifyTrust
29342024.2300: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
29352024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
29362024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
29372024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
29382024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
29392024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
29402024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
29412024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
29422024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
29432024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
29442024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
29452024.2300: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29462024.2300: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
29472024.2300: supR3HardenedDllNotificationCallback: load 00007ffe74120000 LB 0x00033000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
29482024.2300: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
29492024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe74120000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxHostWebcam.DLL'
29502024.2300: supR3HardenedDllNotificationCallback: Unload 00007ffe74120000 LB 0x00033000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
29512024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
29522024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
29532024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
29542024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
29552024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
29562024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
29572024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
29582024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
29592024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
29602024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
29612024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
29622024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
29632024.2300: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
29642024.2300: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
29652024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
29662024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
29672024.2300: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
29682024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
29692024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
29702024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
29712024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
29722024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
29732024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
29742024.2300: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
29752024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
29762024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
29772024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
29782024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
29792024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
29802024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
29812024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
29822024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
29832024.2300: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
29842024.2300: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
29852024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
29862024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
29872024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
29882024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
29892024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
29902024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
29912024.2300: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
29922024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
29932024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
29942024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
29952024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
29962024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
29972024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
29982024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
29992024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'newdev.dll'.
30002024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
30012024.2300: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
30022024.2300: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
30032024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
30042024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
30052024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
30062024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
30072024.2300: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
30082024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
30092024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
30102024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
30112024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
30122024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'newdev.dll'...
30132024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: 'newdev.dll' -> '\Device\HarddiskVolume2\Windows\System32\newdev.dll' [rcNtRedir=0xc0150008]
30142024.2300: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000002aa4 pwszName=\Device\HarddiskVolume2\Windows\System32\newdev.dll
30152024.2300: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000011c01d0
30162024.2300: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000011c01d0
30172024.2300: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=793D99A2656EF7BC8AE3D3DA54E1A198969B9F96
30182024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
30192024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
30202024.2300: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-base~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\newdev.dll'
30212024.2300: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
30222024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
30232024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
30242024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'gdi32.dll'.
30252024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'uxtheme.dll'.
30262024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'cfgmgr32.dll'.
30272024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'setupapi.dll'.
30282024.2300: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\newdev.dll) WinVerifyTrust
30292024.2300: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\newdev.dll
30302024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
30312024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
30322024.2300: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
30332024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
30342024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
30352024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
30362024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
30372024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
30382024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
30392024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
30402024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
30412024.2300: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
30422024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
30432024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
30442024.2300: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
30452024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uxtheme.dll'...
30462024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: 'uxtheme.dll' -> '\Device\HarddiskVolume2\Windows\System32\uxtheme.dll' [rcNtRedir=0xc0150008]
30472024.2300: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
30482024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
30492024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
30502024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
30512024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
30522024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
30532024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
30542024.2300: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30552024.2300: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
30562024.2300: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
30572024.2300: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
30582024.2300: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\newdev.dll
30592024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
30602024.2300: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\devrtl.dll)
30612024.2300: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devrtl.dll
30622024.2300: supR3HardenedDllNotificationCallback: load 00007ffe7a0e0000 LB 0x00013000 C:\WINDOWS\SYSTEM32\devrtl.DLL [fFlags=0x0]
30632024.2300: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\devrtl.dll [avoiding WinVerifyTrust]
30642024.2300: supR3HardenedDllNotificationCallback: load 00007ffe75090000 LB 0x00058000 C:\WINDOWS\SYSTEM32\newdev.dll [fFlags=0x0]
30652024.2300: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\newdev.dll
30662024.2300: supR3HardenedDllNotificationCallback: load 00007ffe747c0000 LB 0x00061000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
30672024.2300: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
30682024.2300: supR3HardenedDllNotificationCallback: load 00007ffe74120000 LB 0x00035000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
30692024.2300: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
30702024.2300: supR3HardenedDllNotificationCallback: load 00007ffe4e560000 LB 0x008e3000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
30712024.2300: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
30722024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe4e560000 'C:\Program Files\Oracle\VirtualBox/VBoxDD.DLL'
30732024.2300: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000002a7c pwszName=\Device\HarddiskVolume2\Windows\System32\devrtl.dll
30742024.2300: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000011c01d0
30752024.2300: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000011c01d0
30762024.2300: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E4E1A7D70D0B4F04066620172BA9B8A3CADF2EF6
30772024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
30782024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
30792024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
30802024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
30812024.2300: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-base~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\devrtl.dll'
30822024.2300: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
30832024.2300: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\devrtl.dll'
30842024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
30852024.2300: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
30862024.2300: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30872024.2300: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
30882024.2300: supR3HardenedDllNotificationCallback: load 00007ffe73ee0000 LB 0x00033000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
30892024.2300: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
30902024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe73ee0000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxHostWebcam.DLL'
30912024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
30922024.2300: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
30932024.2300: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30942024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe50650000 'C:\Program Files\Oracle\VirtualBox/VBoxC.DLL'
30952024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
30962024.2300: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
30972024.2300: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30982024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe74120000 'C:\Program Files\Oracle\VirtualBox/VBoxDD2.DLL'
30992024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
31002024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
31012024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
31022024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
31032024.2300: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll) WinVerifyTrust
31042024.2300: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
31052024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
31062024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
31072024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
31082024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
31092024.2300: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxEhciR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
31102024.2300: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
31112024.2300: supR3HardenedDllNotificationCallback: load 00007ffe7a1e0000 LB 0x0001d000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [fFlags=0x0]
31122024.2300: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
31132024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe7a1e0000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxEhciR3.DLL'
31142024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
31152024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
31162024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
31172024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
31182024.2300: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll) WinVerifyTrust
31192024.2300: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
31202024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
31212024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
31222024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
31232024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
31242024.2300: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxUsbCardReaderR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
31252024.2300: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
31262024.2300: supR3HardenedDllNotificationCallback: load 00007ffe79110000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [fFlags=0x0]
31272024.2300: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
31282024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe79110000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxUsbCardReaderR3.DLL'
31292024.2300: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
31302024.2300: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
31312024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
31322024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
31332024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
31342024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
31352024.2300: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll) WinVerifyTrust
31362024.2300: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
31372024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
31382024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
31392024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
31402024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
31412024.2300: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxUsbWebcamR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
31422024.2300: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
31432024.2300: supR3HardenedDllNotificationCallback: load 00007ffe73c70000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [fFlags=0x0]
31442024.2300: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
31452024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe73c70000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxUsbWebcamR3.DLL'
31462024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
31472024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
31482024.4688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
31492024.4688: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
31502024.4688: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
31512024.4688: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
31522024.4688: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
31532024.4688: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
31542024.4688: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
31552024.4688: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
31562024.4688: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
31572024.4688: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
31582024.4688: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
31592024.4688: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
31602024.4688: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
31612024.4688: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
31622024.4688: supR3HardenedDllNotificationCallback: load 00007ffe7b4c0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
31632024.4688: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
31642024.4688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe7b4c0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
31652024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe71ad0000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
31662024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
31672024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
31682024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
31692024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
31702024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
31712024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
31722024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
31732024.2300: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll) WinVerifyTrust
31742024.2300: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
31752024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
31762024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
31772024.2300: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
31782024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
31792024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
31802024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
31812024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
31822024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
31832024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
31842024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
31852024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
31862024.2300: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VDPluginCrypt.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
31872024.2300: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
31882024.2300: supR3HardenedDllNotificationCallback: load 00007ffe65430000 LB 0x000c4000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL [fFlags=0x0]
31892024.2300: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
31902024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe65430000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VDPluginCrypt.DLL'
31912024.2300: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
31922024.2300: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32/Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
31932024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe86200000 'C:\WINDOWS\system32/Iphlpapi.dll'
31942024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
31952024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
31962024.2300: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll)
31972024.2300: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
31982024.2300: supR3HardenedDllNotificationCallback: load 00007ffe82d30000 LB 0x00016000 C:\WINDOWS\SYSTEM32\dhcpcsvc6.DLL [fFlags=0x0]
31992024.2300: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll [avoiding WinVerifyTrust]
32002024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
32012024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
32022024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'nsi.dll'.
32032024.2300: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll)
32042024.2300: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
32052024.2300: supR3HardenedDllNotificationCallback: load 00007ffe82d10000 LB 0x0001a000 C:\WINDOWS\SYSTEM32\dhcpcsvc.DLL [fFlags=0x0]
32062024.2300: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll [avoiding WinVerifyTrust]
32072024.2300: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000029c0 pwszName=\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
32082024.2300: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000011c01d0
32092024.2300: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000011c01d0
32102024.2300: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EC5F23FF9BE9DCF8E5234FF8C5B6EBE9459DC35E
32112024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
32122024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
32132024.2300: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll [lacks WinVerifyTrust]
32142024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
32152024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
32162024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
32172024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
32182024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
32192024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
32202024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
32212024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
32222024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
32232024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
32242024.2300: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-CoreSystem-minio-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll'
32252024.2300: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
32262024.2300: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll'
32272024.2300: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000002a88 pwszName=\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
32282024.2300: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000011c01d0
32292024.2300: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000011c01d0
32302024.2300: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7F2C6FCDABC75F6CF26C6E8145FC3426AD15DAAC
32312024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
32322024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
32332024.2300: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-CoreSystem-minio-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll'
32342024.2300: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
32352024.2300: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll'
32362024.2300: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000002bf0 pwszName=\Device\HarddiskVolume2\Windows\System32\dsound.dll
32372024.2300: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000011c01d0
32382024.2300: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000011c01d0
32392024.2300: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7FF2119E435E404AD007FD65DA8D286C1635ACA6
32402024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
32412024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
32422024.2300: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SKU-Foundation-Package-avcore-noindeo-Group-avcore-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\dsound.dll'
32432024.2300: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
32442024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
32452024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'advapi32.dll'.
32462024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
32472024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'winmm.dll'.
32482024.2300: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dsound.dll) WinVerifyTrust
32492024.2300: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dsound.dll
32502024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
32512024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
32522024.2300: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
32532024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
32542024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
32552024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
32562024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
32572024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
32582024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
32592024.2300: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32/dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32602024.2300: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
32612024.2300: supR3HardenedDllNotificationCallback: load 00007ffe81c20000 LB 0x0009c000 C:\WINDOWS\system32\dsound.dll [fFlags=0x0]
32622024.2300: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
32632024.2300: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
32642024.2300: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32652024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe81c20000 'C:\WINDOWS\system32\dsound.dll'
32662024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe81c20000 'C:\WINDOWS\system32/dsound.dll'
32672024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
32682024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
32692024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
32702024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
32712024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'devobj.dll'.
32722024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'propsys.dll'.
32732024.2300: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll) WinVerifyTrust
32742024.2300: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
32752024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
32762024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume2\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
32772024.2300: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
32782024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
32792024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
32802024.2300: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll [redoing WinVerifyTrust]
32812024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
32822024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
32832024.2300: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\devobj.dll'
32842024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
32852024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
32862024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
32872024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
32882024.2300: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
32892024.2300: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
32902024.2300: supR3HardenedDllNotificationCallback: load 00007ffe85240000 LB 0x00072000 C:\WINDOWS\System32\MMDevApi.dll [fFlags=0x0]
32912024.2300: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
32922024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe85240000 'C:\WINDOWS\System32\MMDevApi.dll'
32932024.2300: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
32942024.2300: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32952024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe85240000 'C:\WINDOWS\system32\MMDEVAPI.DLL'
32962024.2300: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
32972024.2300: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32982024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe870e0000 'C:\WINDOWS\system32\winmm.dll'
32992024.2300: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000002c28 pwszName=\Device\HarddiskVolume2\Windows\System32\wdmaud.drv
33002024.2300: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000011c01d0
33012024.2300: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000011c01d0
33022024.2300: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=83143779FC4D27950BF3BCBCD430201AA21D5678
33032024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
33042024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
33052024.2300: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Multimedia-MMECoreWdmAudio-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\wdmaud.drv'
33062024.2300: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
33072024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
33082024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'ksuser.dll'.
33092024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'user32.dll'.
33102024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'winmm.dll'.
33112024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'avrt.dll'.
33122024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'mmdevapi.dll'.
33132024.2300: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wdmaud.drv) WinVerifyTrust
33142024.2300: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
33152024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
33162024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
33172024.2300: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
33182024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
33192024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
33202024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
33212024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
33222024.2300: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\avrt.dll) WinVerifyTrust
33232024.2300: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\avrt.dll
33242024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
33252024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
33262024.2300: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
33272024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
33282024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
33292024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
33302024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume2\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
33312024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
33322024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
33332024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
33342024.2300: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ksuser.dll) WinVerifyTrust
33352024.2300: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ksuser.dll
33362024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
33372024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
33382024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
33392024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
33402024.2300: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33412024.2300: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
33422024.2300: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
33432024.2300: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
33442024.2300: supR3HardenedDllNotificationCallback: load 00007ffe84280000 LB 0x00008000 C:\WINDOWS\SYSTEM32\ksuser.dll [fFlags=0x0]
33452024.2300: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
33462024.2300: supR3HardenedDllNotificationCallback: load 00007ffe836b0000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\AVRT.dll [fFlags=0x0]
33472024.2300: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
33482024.2300: supR3HardenedDllNotificationCallback: load 00007ffe64c30000 LB 0x00041000 C:\WINDOWS\system32\wdmaud.drv [fFlags=0x0]
33492024.2300: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
33502024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe64c30000 'C:\WINDOWS\system32\wdmaud.drv'
33512024.2300: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
33522024.2300: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33532024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe64c30000 'C:\WINDOWS\system32\wdmaud.drv'
33542024.2300: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
33552024.2300: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33562024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe64c30000 'C:\WINDOWS\system32\wdmaud.drv'
33572024.2300: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
33582024.2300: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33592024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe64c30000 'C:\WINDOWS\system32\wdmaud.drv'
33602024.2300: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
33612024.2300: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33622024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe64c30000 'C:\WINDOWS\system32\wdmaud.drv'
33632024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
33642024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
33652024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
33662024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
33672024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
33682024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'mmdevapi.dll'.
33692024.2300: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\AudioSes.dll) WinVerifyTrust
33702024.2300: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
33712024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
33722024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
33732024.2300: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
33742024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
33752024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
33762024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
33772024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
33782024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
33792024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
33802024.2300: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33812024.2300: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
33822024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
33832024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'combase.dll'.
33842024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
33852024.2300: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\WinTypes.dll)
33862024.2300: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\WinTypes.dll
33872024.2300: supR3HardenedDllNotificationCallback: load 00007ffe82f90000 LB 0x00131000 C:\WINDOWS\SYSTEM32\wintypes.dll [fFlags=0x0]
33882024.2300: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust]
33892024.2300: supR3HardenedDllNotificationCallback: load 00007ffe72f70000 LB 0x00085000 C:\WINDOWS\system32\AUDIOSES.DLL [fFlags=0x0]
33902024.2300: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
33912024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe72f70000 'C:\WINDOWS\system32\AUDIOSES.DLL'
33922024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
33932024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
33942024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
33952024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
33962024.2300: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll
33972024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
33982024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
33992024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
34002024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
34012024.2300: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\WinTypes.dll'
34022024.2300: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000029c4 pwszName=\Device\HarddiskVolume2\Windows\System32\msacm32.drv
34032024.2300: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000011c01d0
34042024.2300: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000011c01d0
34052024.2300: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3EAA362874D7E19DE11B8B4782838AD2981FC207
34062024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
34072024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
34082024.2300: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SKU-Foundation-Package-avcore-noindeo-Group-avcore-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\msacm32.drv'
34092024.2300: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
34102024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
34112024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'mmdevapi.dll'.
34122024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msacm32.dll'.
34132024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'user32.dll'.
34142024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'winmm.dll'.
34152024.2300: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.drv) WinVerifyTrust
34162024.2300: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.drv
34172024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
34182024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
34192024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
34202024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
34212024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
34222024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
34232024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
34242024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
34252024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
34262024.2300: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.dll) WinVerifyTrust
34272024.2300: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.dll
34282024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
34292024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
34302024.2300: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
34312024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
34322024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
34332024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
34342024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
34352024.2300: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
34362024.2300: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
34372024.2300: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
34382024.2300: supR3HardenedDllNotificationCallback: load 00007ffe69170000 LB 0x0001c000 C:\WINDOWS\SYSTEM32\MSACM32.dll [fFlags=0x0]
34392024.2300: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
34402024.2300: supR3HardenedDllNotificationCallback: load 00007ffe75870000 LB 0x0000c000 C:\WINDOWS\system32\msacm32.drv [fFlags=0x0]
34412024.2300: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
34422024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe75870000 'C:\WINDOWS\system32\msacm32.drv'
34432024.2300: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
34442024.2300: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
34452024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe75870000 'C:\WINDOWS\system32\msacm32.drv'
34462024.2300: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
34472024.2300: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
34482024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe75870000 'C:\WINDOWS\system32\msacm32.drv'
34492024.2300: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
34502024.2300: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
34512024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe75870000 'C:\WINDOWS\system32\msacm32.drv'
34522024.2300: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
34532024.2300: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
34542024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe75870000 'C:\WINDOWS\system32\msacm32.drv'
34552024.2300: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
34562024.2300: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
34572024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe75870000 'C:\WINDOWS\system32\msacm32.drv'
34582024.2300: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
34592024.2300: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
34602024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe75870000 'C:\WINDOWS\system32\msacm32.drv'
34612024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe75870000 'C:\WINDOWS\system32\msacm32.drv'
34622024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe75870000 'C:\WINDOWS\system32\msacm32.drv'
34632024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe75870000 'C:\WINDOWS\system32\msacm32.drv'
34642024.2300: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000002c90 pwszName=\Device\HarddiskVolume2\Windows\System32\midimap.dll
34652024.2300: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000011c01d0
34662024.2300: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000011c01d0
34672024.2300: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=96AFFE7289EA0FE318F97A9F3C88DF66DCB2B4F6
34682024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
34692024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
34702024.2300: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SKU-Foundation-Package-avcore-noindeo-Group-avcore-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\midimap.dll'
34712024.2300: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
34722024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
34732024.2300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'winmm.dll'.
34742024.2300: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\midimap.dll) WinVerifyTrust
34752024.2300: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\midimap.dll
34762024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
34772024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
34782024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
34792024.2300: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
34802024.2300: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
34812024.2300: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
34822024.2300: supR3HardenedDllNotificationCallback: load 00007ffe75860000 LB 0x0000a000 C:\WINDOWS\system32\midimap.dll [fFlags=0x0]
34832024.2300: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
34842024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe75860000 'C:\WINDOWS\system32\midimap.dll'
34852024.2300: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
34862024.2300: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
34872024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe75860000 'C:\WINDOWS\system32\midimap.dll'
34882024.2300: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
34892024.2300: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
34902024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe75860000 'C:\WINDOWS\system32\midimap.dll'
34912024.2300: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
34922024.2300: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
34932024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe75860000 'C:\WINDOWS\system32\midimap.dll'
34942024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe870e0000 'C:\WINDOWS\system32\winmm.dll'
34952024.2300: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
34962024.2300: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
34972024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe81c20000 'C:\WINDOWS\System32\dsound.dll'
34982024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe870e0000 'C:\WINDOWS\system32\winmm.dll'
34992024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe870e0000 'C:\WINDOWS\system32\winmm.dll'
35002024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe71ad0000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
35012024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
35022024.2300: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
35032024.2300: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32/kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
35042024.2300: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8b8b0000 'C:\WINDOWS\system32/kernel32.dll'
35052024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89bc0000 'C:\WINDOWS\system32\shell32.dll'
35062024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89bc0000 'C:\WINDOWS\system32\shell32.dll'
35072024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89bc0000 'C:\WINDOWS\system32\shell32.dll'
35082024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89bc0000 'C:\WINDOWS\system32\shell32.dll'
35092024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89bc0000 'C:\WINDOWS\system32\shell32.dll'
35102024.5570: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89bc0000 'C:\WINDOWS\system32\shell32.dll'
35112024.5218: '\Device\HarddiskVolume2\Windows\System32\tzres.dll' has no imports
35122024.5218: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\tzres.dll)
35132024.5218: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\tzres.dll
35142024.5218: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\tzres.dll [avoiding WinVerifyTrust]
35152024.4688: supR3HardenedDllNotificationCallback: Unload 00007ffe7b4c0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [flags=0x0]
35162024.5418: supR3HardenedDllNotificationCallback: Unload 00007ffe7bb90000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [flags=0x0]
35172024.5324: supR3HardenedDllNotificationCallback: Unload 00007ffe7e210000 LB 0x0000f000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [flags=0x0]
35182024.3008: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000295c pwszName=\Device\HarddiskVolume2\Windows\System32\tzres.dll
35192024.3008: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000011c01d0
35202024.3008: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000011c01d0
35212024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe896f0000 'C:\Windows\System32\WINTRUST.DLL'
35222024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\CRYPT32.dll'
35232024.3008: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=70B49B85D2F7BA5E6F42836FF363155E8051A249
35242024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88080000 'C:\WINDOWS\system32\rsaenh.dll'
35252024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe89240000 'C:\WINDOWS\system32\crypt32.dll'
35262024.3008: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-base~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\tzres.dll'
35272024.3008: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
35282024.3008: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\tzres.dll'
35292024.3008: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
35302024.3008: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\OPENGL32.dll (Input=OPENGL32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
35312024.3008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe75a00000 'C:\WINDOWS\system32\OPENGL32.dll'
35322024.3008: supR3HardenedDllNotificationCallback: Unload 00007ffe7c380000 LB 0x0001a000 C:\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll [flags=0x0]
35332024.3008: supR3HardenedDllNotificationCallback: Unload 00007ffe73900000 LB 0x0012c000 C:\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.DLL [flags=0x0]
35342024.3008: supR3HardenedDllNotificationCallback: Unload 00007ffe74870000 LB 0x00028000 C:\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll [flags=0x0]
35352024.3008: supR3HardenedDllNotificationCallback: Unload 00007ffe748e0000 LB 0x00034000 C:\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll [flags=0x0]
35362024.2158: supR3HardenedDllNotificationCallback: Unload 00007ffe812d0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [flags=0x0]
35372024.25dc: supR3HardenedDllNotificationCallback: Unload 00007ffe81380000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [flags=0x0]
35382024.2300: supR3HardenedDllNotificationCallback: Unload 00007ffe73c70000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [flags=0x0]
35392024.2300: supR3HardenedDllNotificationCallback: Unload 00007ffe79110000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [flags=0x0]
35402024.2300: supR3HardenedDllNotificationCallback: Unload 00007ffe7a1e0000 LB 0x0001d000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [flags=0x0]
35412024.2300: supR3HardenedDllNotificationCallback: Unload 00007ffe73ee0000 LB 0x00033000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
35422024.2300: supR3HardenedDllNotificationCallback: Unload 00007ffe4e560000 LB 0x008e3000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [flags=0x0]
35432024.2300: supR3HardenedDllNotificationCallback: Unload 00007ffe747c0000 LB 0x00061000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [flags=0x0]
35442024.2300: supR3HardenedDllNotificationCallback: Unload 00007ffe75090000 LB 0x00058000 C:\WINDOWS\SYSTEM32\newdev.dll [flags=0x0]
35452024.2300: supR3HardenedDllNotificationCallback: Unload 00007ffe7a0e0000 LB 0x00013000 C:\WINDOWS\SYSTEM32\devrtl.DLL [flags=0x0]
35462024.2300: supR3HardenedDllNotificationCallback: Unload 00007ffe74120000 LB 0x00035000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [flags=0x0]
35472024.5570: supR3HardenedDllNotificationCallback: Unload 00007ffe7e340000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL [flags=0x0]
35482024.5570: supR3HardenedDllNotificationCallback: Unload 00007ffe7eee0000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [flags=0x0]
35492024.5570: supR3HardenedDllNotificationCallback: Unload 00007ffe783c0000 LB 0x00046000 C:\WINDOWS\system32\dataexchange.dll [flags=0x0]
35502024.5570: supR3HardenedDllNotificationCallback: Unload 00007ffe823e0000 LB 0x00545000 C:\WINDOWS\system32\d2d1.dll [flags=0x0]
35512024.5570: supR3HardenedDllNotificationCallback: Unload 00007ffe85cf0000 LB 0x002a3000 C:\WINDOWS\system32\d3d11.dll [flags=0x0]
35522024.5570: supR3HardenedDllNotificationCallback: Unload 00007ffe85c30000 LB 0x0009c000 C:\WINDOWS\system32\dxgi.dll [flags=0x0]
35532024.5570: supR3HardenedDllNotificationCallback: Unload 00007ffe86be0000 LB 0x000d1000 C:\WINDOWS\system32\dcomp.dll [flags=0x0]
35542024.5570: supR3HardenedDllNotificationCallback: Unload 00007ffe87530000 LB 0x000ee000 C:\WINDOWS\system32\twinapi.appcore.dll [flags=0x0]
35552024.5570: supR3HardenedDllNotificationCallback: Unload 00007ffe7ef40000 LB 0x000f8000 C:\WINDOWS\system32\wbem\fastprox.dll [flags=0x0]
35562024.5570: supR3HardenedDllNotificationCallback: Unload 00007ffe7f550000 LB 0x00011000 C:\WINDOWS\system32\wbem\wbemprox.dll [flags=0x0]
35572024.5570: supR3HardenedDllNotificationCallback: Unload 00007ffe7fef0000 LB 0x0007f000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [flags=0x0]
35582024.5570: supR3HardenedDllNotificationCallback: Unload 00007ffe50650000 LB 0x005d7000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [flags=0x0]
35592024.5570: Terminating the normal way: rcExit=0
35604750.1d50: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 236830 ms, the end);
356155b0.3e30: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 237252 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy