VirtualBox

Ticket #14821: windows 3.1-2.log

File windows 3.1-2.log, 334.0 KB (added by Weaser, 9 years ago)

logs

Line 
1161c.274: Log file opened: 5.0.10r104061 g_hStartupLog=0000000000000058 g_uNtVerCombined=0xa0280000
2161c.274: \SystemRoot\System32\ntdll.dll:
3161c.274: CreationTime: 2015-08-12T16:27:36.013870900Z
4161c.274: LastWriteTime: 2015-08-08T07:29:58.168349600Z
5161c.274: ChangeTime: 2015-08-20T13:03:07.199725400Z
6161c.274: FileAttributes: 0x20
7161c.274: Size: 0x1bce48
8161c.274: NT Headers: 0xd8
9161c.274: Timestamp: 0x55c59f92
10161c.274: Machine: 0x8664 - amd64
11161c.274: Timestamp: 0x55c59f92
12161c.274: Image Version: 10.0
13161c.274: SizeOfImage: 0x1c1000 (1839104)
14161c.274: Resource Dir: 0x15a000 LB 0x65718
15161c.274: ProductName: Microsoft® Windows® Operating System
16161c.274: ProductVersion: 10.0.10240.16430
17161c.274: FileVersion: 10.0.10240.16430 (th1.150807-2049)
18161c.274: FileDescription: NT Layer DLL
19161c.274: \SystemRoot\System32\kernel32.dll:
20161c.274: CreationTime: 2015-07-10T10:59:59.699781600Z
21161c.274: LastWriteTime: 2015-07-10T10:59:59.699781600Z
22161c.274: ChangeTime: 2015-10-15T22:36:45.699179000Z
23161c.274: FileAttributes: 0x20
24161c.274: Size: 0xab830
25161c.274: NT Headers: 0xf0
26161c.274: Timestamp: 0x559f38ad
27161c.274: Machine: 0x8664 - amd64
28161c.274: Timestamp: 0x559f38ad
29161c.274: Image Version: 10.0
30161c.274: SizeOfImage: 0xad000 (708608)
31161c.274: Resource Dir: 0xab000 LB 0x518
32161c.274: ProductName: Microsoft® Windows® Operating System
33161c.274: ProductVersion: 10.0.10240.16384
34161c.274: FileVersion: 10.0.10240.16384 (th1.150709-1700)
35161c.274: FileDescription: Windows NT BASE API Client DLL
36161c.274: \SystemRoot\System32\KernelBase.dll:
37161c.274: CreationTime: 2015-07-10T11:00:10.325689700Z
38161c.274: LastWriteTime: 2015-07-10T11:00:10.325689700Z
39161c.274: ChangeTime: 2015-10-15T22:36:46.152255700Z
40161c.274: FileAttributes: 0x20
41161c.274: Size: 0x1dc680
42161c.274: NT Headers: 0x100
43161c.274: Timestamp: 0x559f38c3
44161c.274: Machine: 0x8664 - amd64
45161c.274: Timestamp: 0x559f38c3
46161c.274: Image Version: 10.0
47161c.274: SizeOfImage: 0x1dd000 (1953792)
48161c.274: Resource Dir: 0x1c7000 LB 0x530
49161c.274: ProductName: Microsoft® Windows® Operating System
50161c.274: ProductVersion: 10.0.10240.16384
51161c.274: FileVersion: 10.0.10240.16384 (th1.150709-1700)
52161c.274: FileDescription: Windows NT BASE API Client DLL
53161c.274: \SystemRoot\System32\apisetschema.dll:
54161c.274: CreationTime: 2015-07-10T11:00:04.872098600Z
55161c.274: LastWriteTime: 2015-07-10T11:00:04.872098600Z
56161c.274: ChangeTime: 2015-08-02T00:03:44.005814100Z
57161c.274: FileAttributes: 0x20
58161c.274: Size: 0x16760
59161c.274: NT Headers: 0xc8
60161c.274: Timestamp: 0x559f3e3d
61161c.274: Machine: 0x8664 - amd64
62161c.274: Timestamp: 0x559f3e3d
63161c.274: Image Version: 10.0
64161c.274: SizeOfImage: 0x17000 (94208)
65161c.274: Resource Dir: 0x16000 LB 0x3f0
66161c.274: ProductName: Microsoft® Windows® Operating System
67161c.274: ProductVersion: 10.0.10240.16384
68161c.274: FileVersion: 10.0.10240.16384 (th1.150709-1700)
69161c.274: FileDescription: ApiSet Schema DLL
70161c.274: NtOpenDirectoryObject failed on \Driver: 0xc0000022
71161c.274: supR3HardenedWinFindAdversaries: 0x0
72161c.274: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
73161c.274: Calling main()
74161c.274: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
75161c.274: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
76161c.274: SUPR3HardenedMain: Respawn #1
77161c.274: System32: \Device\HarddiskVolume2\Windows\System32
78161c.274: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
79161c.274: KnownDllPath: C:\Windows\system32
80161c.274: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
81161c.274: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
82161c.274: supR3HardNtEnableThreadCreation:
83161c.274: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff8d404fb70 pvNtTerminateThread=00007ff8d4073a20
84161c.274: supR3HardenedWinDoReSpawn(1): New child 1180.2724 [kernel32].
85161c.274: supR3HardNtChildGatherData: PebBaseAddress=00007ff70dbaf000 cbPeb=0x388
86161c.274: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff8d3fe0000 uNtDllChildAddr=00007ff8d3fe0000
87161c.274: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff8d404fb70
88161c.274: supR3HardenedWinSetupChildInit: Start child.
89161c.274: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
90161c.274: supR3HardNtChildPurify: Startup delay kludge #1/0: 265 ms, 30 sleeps
91161c.274: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
92161c.274: *0000000000000000-ffffffffff86ffff 0x0001/0x0000 0x0000000
93161c.274: *0000000000790000-000000000076ffff 0x0004/0x0004 0x0020000
94161c.274: *00000000007b0000-000000000079bfff 0x0002/0x0002 0x0040000
95161c.274: 00000000007c4000-00000000007b7fff 0x0001/0x0000 0x0000000
96161c.274: *00000000007d0000-00000000006d3fff 0x0000/0x0004 0x0020000
97161c.274: 00000000008cc000-00000000008c8fff 0x0104/0x0004 0x0020000
98161c.274: 00000000008cf000-00000000008cdfff 0x0004/0x0004 0x0020000
99161c.274: *00000000008d0000-00000000008cbfff 0x0002/0x0002 0x0040000
100161c.274: 00000000008d4000-00000000008c7fff 0x0001/0x0000 0x0000000
101161c.274: *00000000008e0000-00000000008ddfff 0x0004/0x0004 0x0020000
102161c.274: 00000000008e2000-ffffffff811e3fff 0x0001/0x0000 0x0000000
103161c.274: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
104161c.274: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
105161c.274: 000000007fff0000-ffff8009f245ffff 0x0001/0x0000 0x0000000
106161c.274: *00007ff70db80000-00007ff70db5cfff 0x0002/0x0002 0x0040000
107161c.274: 00007ff70dba3000-00007ff70db98fff 0x0001/0x0000 0x0000000
108161c.274: *00007ff70dbad000-00007ff70dbaafff 0x0004/0x0004 0x0020000
109161c.274: *00007ff70dbaf000-00007ff70dbadfff 0x0004/0x0004 0x0020000
110161c.274: 00007ff70dbb0000-00007ff70d05ffff 0x0001/0x0000 0x0000000
111161c.274: *00007ff70e700000-00007ff70e700fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
112161c.274: 00007ff70e701000-00007ff70e787fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
113161c.274: 00007ff70e788000-00007ff70e788fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
114161c.274: 00007ff70e789000-00007ff70e7d3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
115161c.274: 00007ff70e7d4000-00007ff70e7d4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
116161c.274: 00007ff70e7d5000-00007ff70e7d5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
117161c.274: 00007ff70e7d6000-00007ff70e7dafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
118161c.274: 00007ff70e7db000-00007ff70e7dbfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
119161c.274: 00007ff70e7dc000-00007ff70e7dcfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
120161c.274: 00007ff70e7dd000-00007ff70e7e0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
121161c.274: 00007ff70e7e1000-00007ff70e82bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
122161c.274: 00007ff70e82c000-00007ff549077fff 0x0001/0x0000 0x0000000
123161c.274: *00007ff8d3fe0000-00007ff8d3fe0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
124161c.274: 00007ff8d3fe1000-00007ff8d40dcfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
125161c.274: 00007ff8d40dd000-00007ff8d411efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
126161c.274: 00007ff8d411f000-00007ff8d4127fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
127161c.274: 00007ff8d4128000-00007ff8d4135fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
128161c.274: 00007ff8d4136000-00007ff8d4136fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
129161c.274: 00007ff8d4137000-00007ff8d4139fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
130161c.274: 00007ff8d413a000-00007ff8d41a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
131161c.274: 00007ff8d41a1000-00007ff1a8361fff 0x0001/0x0000 0x0000000
132161c.274: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
133161c.274: VirtualBox.exe: timestamp 0x564221d3 (rc=VINF_SUCCESS)
134161c.274: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
135161c.274: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
136161c.274: supR3HardNtChildPurify: Done after 310 ms and 0 fixes (loop #0).
1371180.2724: Log file opened: 5.0.10r104061 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa0280000
1381180.2724: supR3HardenedVmProcessInit: uNtDllAddr=00007ff8d3fe0000
139161c.274: supR3HardNtEnableThreadCreation:
1401180.2724: ntdll.dll: timestamp 0x55c59f92 (rc=VINF_SUCCESS)
1411180.2724: New simple heap: #1 00000000009f0000 LB 0x400000 (for 1839104 allocation)
1421180.2724: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
1431180.2724: System32: \Device\HarddiskVolume2\Windows\System32
1441180.2724: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
1451180.2724: KnownDllPath: C:\Windows\system32
1461180.2724: supR3HardenedVmProcessInit: Opening vboxdrv stub...
1471180.2724: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
1481180.2724: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
1491180.2724: Registered Dll notification callback with NTDLL.
1501180.2724: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
1511180.2724: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
1521180.2724: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801:<flags> [calling]
1531180.2724: supR3HardenedDllNotificationCallback: load 00007ff8d0b00000 LB 0x001dd000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
1541180.2724: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
1551180.2724: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
1561180.2724: supR3HardenedDllNotificationCallback: load 00007ff8d3d30000 LB 0x000ad000 C:\Windows\system32\KERNEL32.DLL [fFlags=0x0]
1571180.2724: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
1581180.2724: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d3d30000 'C:\Windows\system32\KERNEL32.DLL'
1591180.2724: supR3HardenedDllNotificationCallback: load 00007ff70e700000 LB 0x0012c000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
1601180.2724: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
1611180.2724: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
1621180.2724: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1631180.2724: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff8d404fb70 pvNtTerminateThread=00007ff8d4073a20
164161c.274: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 95 ms.
1651180.2724: \SystemRoot\System32\ntdll.dll:
1661180.2724: CreationTime: 2015-08-12T16:27:36.013870900Z
1671180.2724: LastWriteTime: 2015-08-08T07:29:58.168349600Z
1681180.2724: ChangeTime: 2015-08-20T13:03:07.199725400Z
1691180.2724: FileAttributes: 0x20
1701180.2724: Size: 0x1bce48
1711180.2724: NT Headers: 0xd8
1721180.2724: Timestamp: 0x55c59f92
1731180.2724: Machine: 0x8664 - amd64
1741180.2724: Timestamp: 0x55c59f92
1751180.2724: Image Version: 10.0
1761180.2724: SizeOfImage: 0x1c1000 (1839104)
1771180.2724: Resource Dir: 0x15a000 LB 0x65718
1781180.2724: ProductName: Microsoft® Windows® Operating System
1791180.2724: ProductVersion: 10.0.10240.16430
1801180.2724: FileVersion: 10.0.10240.16430 (th1.150807-2049)
1811180.2724: FileDescription: NT Layer DLL
1821180.2724: \SystemRoot\System32\kernel32.dll:
1831180.2724: CreationTime: 2015-07-10T10:59:59.699781600Z
1841180.2724: LastWriteTime: 2015-07-10T10:59:59.699781600Z
1851180.2724: ChangeTime: 2015-10-15T22:36:45.699179000Z
1861180.2724: FileAttributes: 0x20
1871180.2724: Size: 0xab830
1881180.2724: NT Headers: 0xf0
1891180.2724: Timestamp: 0x559f38ad
1901180.2724: Machine: 0x8664 - amd64
1911180.2724: Timestamp: 0x559f38ad
1921180.2724: Image Version: 10.0
1931180.2724: SizeOfImage: 0xad000 (708608)
1941180.2724: Resource Dir: 0xab000 LB 0x518
1951180.2724: ProductName: Microsoft® Windows® Operating System
1961180.2724: ProductVersion: 10.0.10240.16384
1971180.2724: FileVersion: 10.0.10240.16384 (th1.150709-1700)
1981180.2724: FileDescription: Windows NT BASE API Client DLL
1991180.2724: \SystemRoot\System32\KernelBase.dll:
2001180.2724: CreationTime: 2015-07-10T11:00:10.325689700Z
2011180.2724: LastWriteTime: 2015-07-10T11:00:10.325689700Z
2021180.2724: ChangeTime: 2015-10-15T22:36:46.152255700Z
2031180.2724: FileAttributes: 0x20
2041180.2724: Size: 0x1dc680
2051180.2724: NT Headers: 0x100
2061180.2724: Timestamp: 0x559f38c3
2071180.2724: Machine: 0x8664 - amd64
2081180.2724: Timestamp: 0x559f38c3
2091180.2724: Image Version: 10.0
2101180.2724: SizeOfImage: 0x1dd000 (1953792)
2111180.2724: Resource Dir: 0x1c7000 LB 0x530
2121180.2724: ProductName: Microsoft® Windows® Operating System
2131180.2724: ProductVersion: 10.0.10240.16384
2141180.2724: FileVersion: 10.0.10240.16384 (th1.150709-1700)
2151180.2724: FileDescription: Windows NT BASE API Client DLL
2161180.2724: \SystemRoot\System32\apisetschema.dll:
2171180.2724: CreationTime: 2015-07-10T11:00:04.872098600Z
2181180.2724: LastWriteTime: 2015-07-10T11:00:04.872098600Z
2191180.2724: ChangeTime: 2015-08-02T00:03:44.005814100Z
2201180.2724: FileAttributes: 0x20
2211180.2724: Size: 0x16760
2221180.2724: NT Headers: 0xc8
2231180.2724: Timestamp: 0x559f3e3d
2241180.2724: Machine: 0x8664 - amd64
2251180.2724: Timestamp: 0x559f3e3d
2261180.2724: Image Version: 10.0
2271180.2724: SizeOfImage: 0x17000 (94208)
2281180.2724: Resource Dir: 0x16000 LB 0x3f0
2291180.2724: ProductName: Microsoft® Windows® Operating System
2301180.2724: ProductVersion: 10.0.10240.16384
2311180.2724: FileVersion: 10.0.10240.16384 (th1.150709-1700)
2321180.2724: FileDescription: ApiSet Schema DLL
2331180.2724: NtOpenDirectoryObject failed on \Driver: 0xc0000022
2341180.2724: supR3HardenedWinFindAdversaries: 0x0
2351180.2724: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
2361180.2724: Calling main()
2371180.2724: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
2381180.2724: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
2391180.2724: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
2401180.2724: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
2411180.2724: SUPR3HardenedMain: Respawn #2
2421180.2724: supR3HardNtEnableThreadCreation:
2431180.2724: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff8d404fb70 pvNtTerminateThread=00007ff8d4073a20
2441180.2724: supR3HardenedWinDoReSpawn(2): New child 1fc0.2750 [kernel32].
2451180.2724: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
2461180.2724: supR3HardNtChildGatherData: PebBaseAddress=00007ff70de3f000 cbPeb=0x388
2471180.2724: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff8d3fe0000 uNtDllChildAddr=00007ff8d3fe0000
2481180.2724: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff8d404fb70
2491180.2724: supR3HardenedWinSetupChildInit: Start child.
2501180.2724: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
2511180.2724: supR3HardNtChildPurify: Startup delay kludge #1/0: 260 ms, 29 sleeps
2521180.2724: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
2531180.2724: *0000000000000000-ffffffffff42ffff 0x0001/0x0000 0x0000000
2541180.2724: *0000000000bd0000-0000000000baffff 0x0004/0x0004 0x0020000
2551180.2724: *0000000000bf0000-0000000000bdbfff 0x0002/0x0002 0x0040000
2561180.2724: 0000000000c04000-0000000000bf7fff 0x0001/0x0000 0x0000000
2571180.2724: *0000000000c10000-0000000000b13fff 0x0000/0x0004 0x0020000
2581180.2724: 0000000000d0c000-0000000000d08fff 0x0104/0x0004 0x0020000
2591180.2724: 0000000000d0f000-0000000000d0dfff 0x0004/0x0004 0x0020000
2601180.2724: *0000000000d10000-0000000000d0bfff 0x0002/0x0002 0x0040000
2611180.2724: 0000000000d14000-0000000000d07fff 0x0001/0x0000 0x0000000
2621180.2724: *0000000000d20000-0000000000d1dfff 0x0004/0x0004 0x0020000
2631180.2724: 0000000000d22000-ffffffff81a63fff 0x0001/0x0000 0x0000000
2641180.2724: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
2651180.2724: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
2661180.2724: 000000007fff0000-ffff8009f21cffff 0x0001/0x0000 0x0000000
2671180.2724: *00007ff70de10000-00007ff70ddecfff 0x0002/0x0002 0x0040000
2681180.2724: 00007ff70de33000-00007ff70de28fff 0x0001/0x0000 0x0000000
2691180.2724: *00007ff70de3d000-00007ff70de3afff 0x0004/0x0004 0x0020000
2701180.2724: *00007ff70de3f000-00007ff70de3dfff 0x0004/0x0004 0x0020000
2711180.2724: 00007ff70de40000-00007ff70d57ffff 0x0001/0x0000 0x0000000
2721180.2724: *00007ff70e700000-00007ff70e700fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2731180.2724: 00007ff70e701000-00007ff70e787fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2741180.2724: 00007ff70e788000-00007ff70e788fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2751180.2724: 00007ff70e789000-00007ff70e7d3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2761180.2724: 00007ff70e7d4000-00007ff70e7d4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2771180.2724: 00007ff70e7d5000-00007ff70e7d5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2781180.2724: 00007ff70e7d6000-00007ff70e7dafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2791180.2724: 00007ff70e7db000-00007ff70e7dbfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2801180.2724: 00007ff70e7dc000-00007ff70e7dcfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2811180.2724: 00007ff70e7dd000-00007ff70e7e0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2821180.2724: 00007ff70e7e1000-00007ff70e82bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2831180.2724: 00007ff70e82c000-00007ff549077fff 0x0001/0x0000 0x0000000
2841180.2724: *00007ff8d3fe0000-00007ff8d3fe0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2851180.2724: 00007ff8d3fe1000-00007ff8d40dcfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2861180.2724: 00007ff8d40dd000-00007ff8d411efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2871180.2724: 00007ff8d411f000-00007ff8d4127fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2881180.2724: 00007ff8d4128000-00007ff8d4135fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2891180.2724: 00007ff8d4136000-00007ff8d4136fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2901180.2724: 00007ff8d4137000-00007ff8d4139fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2911180.2724: 00007ff8d413a000-00007ff8d41a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2921180.2724: 00007ff8d41a1000-00007ff1a8361fff 0x0001/0x0000 0x0000000
2931180.2724: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
2941180.2724: VirtualBox.exe: timestamp 0x564221d3 (rc=VINF_SUCCESS)
2951180.2724: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
2961180.2724: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
2971180.2724: supR3HardNtChildPurify: Done after 307 ms and 0 fixes (loop #0).
2981fc0.2750: Log file opened: 5.0.10r104061 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa0280000
2991fc0.2750: supR3HardenedVmProcessInit: uNtDllAddr=00007ff8d3fe0000
3001fc0.2750: ntdll.dll: timestamp 0x55c59f92 (rc=VINF_SUCCESS)
3011fc0.2750: New simple heap: #1 0000000000e30000 LB 0x400000 (for 1839104 allocation)
3021180.2724: supR3HardenedEarlyCompact: Removed heap 1 (0x000000009f0000 LB 0x400000)
3031180.2724: supR3HardNtEnableThreadCreation:
3041fc0.2750: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
3051fc0.2750: System32: \Device\HarddiskVolume2\Windows\System32
3061fc0.2750: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
3071fc0.2750: KnownDllPath: C:\Windows\system32
3081fc0.2750: supR3HardenedVmProcessInit: Opening vboxdrv...
3091fc0.2750: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
3101fc0.2750: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
3111fc0.2750: Registered Dll notification callback with NTDLL.
3121fc0.2750: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
3131fc0.2750: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
3141fc0.2750: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801:<flags> [calling]
3151fc0.2750: supR3HardenedDllNotificationCallback: load 00007ff8d0b00000 LB 0x001dd000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
3161fc0.2750: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
3171fc0.2750: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
3181fc0.2750: supR3HardenedDllNotificationCallback: load 00007ff8d3d30000 LB 0x000ad000 C:\Windows\system32\KERNEL32.DLL [fFlags=0x0]
3191fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
3201fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d3d30000 'C:\Windows\system32\KERNEL32.DLL'
3211fc0.2750: supR3HardenedDllNotificationCallback: load 00007ff70e700000 LB 0x0012c000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
3221fc0.2750: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
3231fc0.2750: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
3241fc0.2750: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
3251fc0.2750: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff8d404fb70 pvNtTerminateThread=00007ff8d4073a20
3261180.2724: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 102 ms.
3271fc0.2750: \SystemRoot\System32\ntdll.dll:
3281fc0.2750: CreationTime: 2015-08-12T16:27:36.013870900Z
3291fc0.2750: LastWriteTime: 2015-08-08T07:29:58.168349600Z
3301fc0.2750: ChangeTime: 2015-08-20T13:03:07.199725400Z
3311fc0.2750: FileAttributes: 0x20
3321fc0.2750: Size: 0x1bce48
3331fc0.2750: NT Headers: 0xd8
3341fc0.2750: Timestamp: 0x55c59f92
3351fc0.2750: Machine: 0x8664 - amd64
3361fc0.2750: Timestamp: 0x55c59f92
3371fc0.2750: Image Version: 10.0
3381fc0.2750: SizeOfImage: 0x1c1000 (1839104)
3391fc0.2750: Resource Dir: 0x15a000 LB 0x65718
3401fc0.2750: ProductName: Microsoft® Windows® Operating System
3411fc0.2750: ProductVersion: 10.0.10240.16430
3421fc0.2750: FileVersion: 10.0.10240.16430 (th1.150807-2049)
3431fc0.2750: FileDescription: NT Layer DLL
3441fc0.2750: \SystemRoot\System32\kernel32.dll:
3451fc0.2750: CreationTime: 2015-07-10T10:59:59.699781600Z
3461fc0.2750: LastWriteTime: 2015-07-10T10:59:59.699781600Z
3471fc0.2750: ChangeTime: 2015-10-15T22:36:45.699179000Z
3481fc0.2750: FileAttributes: 0x20
3491fc0.2750: Size: 0xab830
3501fc0.2750: NT Headers: 0xf0
3511fc0.2750: Timestamp: 0x559f38ad
3521fc0.2750: Machine: 0x8664 - amd64
3531fc0.2750: Timestamp: 0x559f38ad
3541fc0.2750: Image Version: 10.0
3551fc0.2750: SizeOfImage: 0xad000 (708608)
3561fc0.2750: Resource Dir: 0xab000 LB 0x518
3571fc0.2750: ProductName: Microsoft® Windows® Operating System
3581fc0.2750: ProductVersion: 10.0.10240.16384
3591fc0.2750: FileVersion: 10.0.10240.16384 (th1.150709-1700)
3601fc0.2750: FileDescription: Windows NT BASE API Client DLL
3611fc0.2750: \SystemRoot\System32\KernelBase.dll:
3621fc0.2750: CreationTime: 2015-07-10T11:00:10.325689700Z
3631fc0.2750: LastWriteTime: 2015-07-10T11:00:10.325689700Z
3641fc0.2750: ChangeTime: 2015-10-15T22:36:46.152255700Z
3651fc0.2750: FileAttributes: 0x20
3661fc0.2750: Size: 0x1dc680
3671fc0.2750: NT Headers: 0x100
3681fc0.2750: Timestamp: 0x559f38c3
3691fc0.2750: Machine: 0x8664 - amd64
3701fc0.2750: Timestamp: 0x559f38c3
3711fc0.2750: Image Version: 10.0
3721fc0.2750: SizeOfImage: 0x1dd000 (1953792)
3731fc0.2750: Resource Dir: 0x1c7000 LB 0x530
3741fc0.2750: ProductName: Microsoft® Windows® Operating System
3751fc0.2750: ProductVersion: 10.0.10240.16384
3761fc0.2750: FileVersion: 10.0.10240.16384 (th1.150709-1700)
3771fc0.2750: FileDescription: Windows NT BASE API Client DLL
3781fc0.2750: \SystemRoot\System32\apisetschema.dll:
3791fc0.2750: CreationTime: 2015-07-10T11:00:04.872098600Z
3801fc0.2750: LastWriteTime: 2015-07-10T11:00:04.872098600Z
3811fc0.2750: ChangeTime: 2015-08-02T00:03:44.005814100Z
3821fc0.2750: FileAttributes: 0x20
3831fc0.2750: Size: 0x16760
3841fc0.2750: NT Headers: 0xc8
3851fc0.2750: Timestamp: 0x559f3e3d
3861fc0.2750: Machine: 0x8664 - amd64
3871fc0.2750: Timestamp: 0x559f3e3d
3881fc0.2750: Image Version: 10.0
3891fc0.2750: SizeOfImage: 0x17000 (94208)
3901fc0.2750: Resource Dir: 0x16000 LB 0x3f0
3911fc0.2750: ProductName: Microsoft® Windows® Operating System
3921fc0.2750: ProductVersion: 10.0.10240.16384
3931fc0.2750: FileVersion: 10.0.10240.16384 (th1.150709-1700)
3941fc0.2750: FileDescription: ApiSet Schema DLL
3951fc0.2750: NtOpenDirectoryObject failed on \Driver: 0xc0000022
3961fc0.2750: supR3HardenedWinFindAdversaries: 0x0
3971fc0.2750: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
3981fc0.2750: Calling main()
3991fc0.2750: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
4001fc0.2750: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
4011fc0.2750: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
4021fc0.2750: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
4031fc0.2750: SUPR3HardenedMain: Final process, opening VBoxDrv...
4041fc0.2750: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000e30000 LB 0x400000)
4051fc0.2750: supR3HardNtEnableThreadCreation:
4061fc0.2750: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
4071fc0.2750: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
4081fc0.2750: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
4091fc0.2750: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
4101fc0.2750: supR3HardenedDllNotificationCallback: load 00007ff8cc130000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
4111fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
4121fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
4131fc0.2750: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
4141fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cc130000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
4151fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
4161fc0.2750: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
4171fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cc130000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
4181fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cc130000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
4191fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
4201fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
4211fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
4221fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
4231fc0.2750: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
4241fc0.2750: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
4251fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
4261fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
4271fc0.2750: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
4281fc0.2750: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
4291fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
4301fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
4311fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
4321fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'msasn1.dll'.
4331fc0.2750: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
4341fc0.2750: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
4351fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
4361fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
4371fc0.2750: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
4381fc0.2750: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
4391fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
4401fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
4411fc0.2750: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
4421fc0.2750: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
4431fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
4441fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
4451fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
4461fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
4471fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
4481fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
4491fc0.2750: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
4501fc0.2750: supR3HardenedDllNotificationCallback: load 00007ff8d2680000 LB 0x0009d000 C:\Windows\system32\msvcrt.dll [fFlags=0x0]
4511fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
4521fc0.2750: supR3HardenedDllNotificationCallback: load 00007ff8d0a90000 LB 0x00011000 C:\Windows\system32\MSASN1.dll [fFlags=0x0]
4531fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
4541fc0.2750: supR3HardenedDllNotificationCallback: load 00007ff8d14e0000 LB 0x001c1000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0]
4551fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
4561fc0.2750: supR3HardenedDllNotificationCallback: load 00007ff8d3eb0000 LB 0x00126000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0]
4571fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
4581fc0.2750: supR3HardenedDllNotificationCallback: load 00007ff8d0ce0000 LB 0x00054000 C:\Windows\system32\Wintrust.dll [fFlags=0x0]
4591fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
4601fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d0ce0000 'C:\Windows\system32\Wintrust.dll'
4611fc0.2750: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
4621fc0.2750: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
4631fc0.2750: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
4641fc0.2750: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
4651fc0.2750: supR3HardenedDllNotificationCallback: load 00007ff8d0550000 LB 0x00028000 C:\Windows\system32\bcrypt.dll [fFlags=0x0]
4661fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
4671fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d0550000 'C:\Windows\system32\bcrypt.dll'
4681fc0.2750: bcrypt.dll loaded at 00007ff8d0550000, BCryptOpenAlgorithmProvider at 00007ff8d0554a00, preloading providers:
4691fc0.2750: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
4701fc0.2750: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
4711fc0.2750: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
4721fc0.2750: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
4731fc0.2750: supR3HardenedDllNotificationCallback: load 00007ff8d0860000 LB 0x0006b000 C:\Windows\system32\bcryptprimitives.dll [fFlags=0x0]
4741fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
4751fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d0860000 'C:\Windows\system32\bcryptprimitives.dll'
4761fc0.2750: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=00000000012a9980)
4771fc0.2750: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=00000000012a9fd0)
4781fc0.2750: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=00000000012aa2a0)
4791fc0.2750: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=00000000012aa5c0)
4801fc0.2750: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=00000000012ab0e0)
4811fc0.2750: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=00000000012ab3f0)
4821fc0.2750: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=00000000012ab700)
4831fc0.2750: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=00000000012ab9d0)
4841fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcrypt.dll'.
4851fc0.2750: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
4861fc0.2750: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
4871fc0.2750: supR3HardenedDllNotificationCallback: load 00007ff8d02e0000 LB 0x00017000 C:\Windows\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
4881fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
4891fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'bcrypt.dll'.
4901fc0.2750: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
4911fc0.2750: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
4921fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
4931fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
4941fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
4951fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
4961fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
4971fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
4981fc0.2750: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
4991fc0.2750: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
5001fc0.2750: supR3HardenedDllNotificationCallback: load 00007ff8cff30000 LB 0x00033000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
5011fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
5021fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
5031fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
5041fc0.2750: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
5051fc0.2750: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
5061fc0.2750: supR3HardenedDllNotificationCallback: load 00007ff8d0450000 LB 0x0000b000 C:\Windows\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
5071fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
5081fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
5091fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
5101fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
5111fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
5121fc0.2750: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5131fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d3d30000 'C:\Windows\system32\kernel32.dll'
5141fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5151fc0.2750: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5161fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d0ce0000 'C:\Windows\system32\WINTRUST.DLL'
5171fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
5181fc0.2750: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
5191fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\CRYPT32.dll'
5201fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5211fc0.2750: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5221fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d0ce0000 'C:\Windows\System32\WINTRUST.DLL'
5231fc0.2750: supR3HardenedDllNotificationCallback: load 00007ff8d2490000 LB 0x0001c000 C:\Windows\system32\imagehlp.dll [fFlags=0x0]
5241fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
5251fc0.2750: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
5261fc0.2750: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
5271fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
5281fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
5291fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
5301fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
5311fc0.2750: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5321fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
5331fc0.2750: supR3HardenedDllNotificationCallback: load 00007ff8d27a0000 LB 0x0005b000 C:\Windows\system32\sechost.dll [fFlags=0x0]
5341fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
5351fc0.2750: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
5361fc0.2750: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
5371fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
5381fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
5391fc0.2750: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
5401fc0.2750: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
5411fc0.2750: supR3HardenedDllNotificationCallback: load 00007ff8cf930000 LB 0x00023000 C:\Windows\SYSTEM32\gpapi.dll [fFlags=0x0]
5421fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
5431fc0.2750: supR3HardenedDllNotificationCallback: load 00007ff8d0a60000 LB 0x00013000 C:\Windows\system32\profapi.dll [fFlags=0x0]
5441fc0.2750: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
5451fc0.2750: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
5461fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
5471fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
5481fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'wldap32.dll'.
5491fc0.2750: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
5501fc0.2750: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
5511fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
5521fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
5531fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
5541fc0.2750: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\Wldap32.dll)
5551fc0.2750: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\Wldap32.dll
5561fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
5571fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
5581fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
5591fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
5601fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
5611fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
5621fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
5631fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
5641fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
5651fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
5661fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
5671fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
5681fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
5691fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
5701fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
5711fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
5721fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
5731fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
5741fc0.2750: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5751fc0.2750: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
5761fc0.2750: supR3HardenedDllNotificationCallback: load 00007ff8d2430000 LB 0x0005b000 C:\Windows\system32\WLDAP32.dll [fFlags=0x0]
5771fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
5781fc0.2750: supR3HardenedDllNotificationCallback: load 00007ff8bb570000 LB 0x0002f000 C:\Windows\system32\cryptnet.dll [fFlags=0x0]
5791fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
5801fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
5811fc0.2750: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
5821fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8bb570000 'C:\Windows\system32\cryptnet.dll'
5831fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
5841fc0.2750: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
5851fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8bb570000 'C:\Windows\system32\cryptnet.dll'
5861fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
5871fc0.2750: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
5881fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8bb570000 'C:\Windows\system32\cryptnet.dll'
5891fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
5901fc0.2750: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
5911fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8bb570000 'C:\Windows\system32\cryptnet.dll'
5921fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
5931fc0.2750: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
5941fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8bb570000 'C:\Windows\system32\cryptnet.dll'
5951fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
5961fc0.2750: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
5971fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8bb570000 'C:\Windows\system32\cryptnet.dll'
5981fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
5991fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8bb570000 'C:\Windows\system32\cryptnet.dll'
6001fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6011fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8bb570000 'C:\Windows\system32\cryptnet.dll'
6021fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6031fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8bb570000 'C:\Windows\system32\cryptnet.dll'
6041fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6051fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8bb570000 'C:\Windows\system32\cryptnet.dll'
6061fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6071fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8bb570000 'C:\Windows\system32\cryptnet.dll'
6081fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8bb570000 'C:\Windows\system32\cryptnet.dll'
6091fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6101fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8bb570000 'C:\Windows\System32\cryptnet.dll'
6111fc0.2750: supR3HardenedDllNotificationCallback: load 00007ff8d1810000 LB 0x000a6000 C:\Windows\system32\advapi32.dll [fFlags=0x0]
6121fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6131fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'sechost.dll'.
6141fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'rpcrt4.dll'.
6151fc0.2750: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
6161fc0.2750: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
6171fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6181fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6191fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6201fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
6211fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
6221fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume2\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
6231fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
6241fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6251fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6261fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6271fc0.2750: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6281fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
6291fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
6301fc0.2750: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6311fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
6321fc0.2750: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
6331fc0.2750: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000013252f0
6341fc0.2750: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000013252f0
6351fc0.2750: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=311B4CDD9B998ED36E8EA94DCB004D809301CC36
6361fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
6371fc0.2750: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6381fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d3eb0000 'C:\Windows\system32\rpcrt4.dll'
6391fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6401fc0.2750: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6411fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
6421fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
6431fc0.2750: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6441fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
6451fc0.2750: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_555_for_KB3081455~31bf3856ad364e35~amd64~~10.0.1.3.cat'; file='\SystemRoot\System32\ntdll.dll'
6461fc0.2750: g_pfnWinVerifyTrust=00007ff8d0ce8890
6471fc0.2750: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
6481fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6491fc0.2750: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6501fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
6511fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
6521fc0.2750: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6531fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
6541fc0.2750: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
6551fc0.2750: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
6561fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6571fc0.2750: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6581fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
6591fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
6601fc0.2750: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6611fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
6621fc0.2750: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
6631fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6641fc0.2750: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6651fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
6661fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
6671fc0.2750: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
6681fc0.2750: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000378 pwszName=\Device\HarddiskVolume2\Windows\System32\Wldap32.dll
6691fc0.2750: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000013252f0
6701fc0.2750: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000013252f0
6711fc0.2750: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3E30C00BB3189B639214835B4F4C320DEC5BFA77
6721fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6731fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
6741fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
6751fc0.2750: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-CoreSystem-ds-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
6761fc0.2750: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
6771fc0.2750: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
6781fc0.2750: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000374 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll
6791fc0.2750: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000013252f0
6801fc0.2750: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000013252f0
6811fc0.2750: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5997BB270A09A76A71A9EE8A7ADB154F3D75EEF3
6821fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6831fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
6841fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
6851fc0.2750: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-CoreSystem-ds-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
6861fc0.2750: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
6871fc0.2750: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
6881fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6891fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
6901fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
6911fc0.2750: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
6921fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6931fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
6941fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
6951fc0.2750: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
6961fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6971fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
6981fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
6991fc0.2750: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll'
7001fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7011fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
7021fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
7031fc0.2750: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
7041fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7051fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
7061fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
7071fc0.2750: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7081fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
7091fc0.2750: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
7101fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7111fc0.2750: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7121fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
7131fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
7141fc0.2750: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
7151fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
7161fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
7171fc0.2750: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
7181fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
7191fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
7201fc0.2750: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll'
7211fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
7221fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
7231fc0.2750: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
7241fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
7251fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
7261fc0.2750: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
7271fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
7281fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
7291fc0.2750: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
7301fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
7311fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
7321fc0.2750: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
7331fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
7341fc0.2750: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
7351fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
7361fc0.2750: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe'
7371fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
7381fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
7391fc0.2750: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
7401fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
7411fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
7421fc0.2750: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
7431fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
7441fc0.2750: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
7451fc0.2750: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
7461fc0.2750: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
7471fc0.2750: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
7481fc0.2750: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
7491fc0.2750: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
7501fc0.2750: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
7511fc0.2750: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
7521fc0.2750: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
7531fc0.2750: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
7541fc0.2750: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
7551fc0.2750: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
7561fc0.2750: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
7571fc0.2750: supR3HardenedWinIsDesiredRootCA: Adding 0xe248b7eeee4af00 C=CH, O=SwissSign AG, CN=SwissSign Gold CA - G2
7581fc0.2750: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
7591fc0.2750: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
7601fc0.2750: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
7611fc0.2750: supR3HardenedWinIsDesiredRootCA: Adding 0xeae16ef49d40be00 C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
7621fc0.2750: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
7631fc0.2750: supR3HardenedWinIsDesiredRootCA: Adding 0x1591b8ac8dcabd00 C=CN, O=WoSign CA Limited, CN=Certification Authority of WoSign
7641fc0.2750: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
7651fc0.2750: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
7661fc0.2750: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
7671fc0.2750: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
7681fc0.2750: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
7691fc0.2750: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
7701fc0.2750: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
7711fc0.2750: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
7721fc0.2750: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
7731fc0.2750: supR3HardenedWinIsDesiredRootCA: Adding 0xabd0695c5d11d15e C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
7741fc0.2750: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
7751fc0.2750: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
7761fc0.2750: supR3HardenedWinIsDesiredRootCA: Adding 0x35f812d09650dc00 C=FR, O=Certplus, CN=Class 2 Primary CA
7771fc0.2750: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
7781fc0.2750: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
7791fc0.2750: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
7801fc0.2750: supR3HardenedWinIsDesiredRootCA: Adding 0x16e64d2a56ccf200 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., OU=http://certificates.starfieldtech.com/repository/, CN=Starfield Services Root Certificate Authority
7811fc0.2750: supR3HardenedWinIsDesiredRootCA: Adding 0x6e2ba21058eedf00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN - DATACorp SGC
7821fc0.2750: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
7831fc0.2750: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
7841fc0.2750: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
7851fc0.2750: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
7861fc0.2750: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
7871fc0.2750: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
7881fc0.2750: supR3HardenedWinIsDesiredRootCA: Adding 0x20b7075b3689b600 C=IL, O=StartCom Ltd., CN=StartCom Certification Authority G2
7891fc0.2750: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
7901fc0.2750: supR3HardenedWinIsDesiredRootCA: Adding 0xab549401526569d3 L=Internet, O=VeriSign, Inc., OU=VeriSign Commercial Software Publishers CA
7911fc0.2750: supR3HardenedWinIsDesiredRootCA: Adding 0x1f78fc529cbacb00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
7921fc0.2750: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
7931fc0.2750: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
7941fc0.2750: supR3HardenedWinIsDesiredRootCA: Adding 0xa8b43f38c3f7b100 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware
7951fc0.2750: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
7961fc0.2750: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
7971fc0.2750: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=53
7981fc0.2750: SUPR3HardenedMain: Load Runtime...
7991fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
8001fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
8011fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
8021fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
8031fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
8041fc0.2750: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
8051fc0.2750: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
8061fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8071fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8081fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
8091fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
8101fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
8111fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
8121fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
8131fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'nsi.dll'.
8141fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
8151fc0.2750: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll) WinVerifyTrust
8161fc0.2750: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
8171fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
8181fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
8191fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8201fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8211fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
8221fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
8231fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
8241fc0.2750: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\nsi.dll'.
8251fc0.2750: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll)
8261fc0.2750: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll
8271fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
8281fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
8291fc0.2750: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
8301fc0.2750: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
8311fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
8321fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
8331fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
8341fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
8351fc0.2750: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
8361fc0.2750: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll)
8371fc0.2750: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
8381fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
8391fc0.2750: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
8401fc0.2750: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
8411fc0.2750: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
8421fc0.2750: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
8431fc0.2750: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
8441fc0.2750: supR3HardenedDllNotificationCallback: load 00000000557d0000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
8451fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
8461fc0.2750: supR3HardenedDllNotificationCallback: load 0000000055730000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
8471fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
8481fc0.2750: supR3HardenedDllNotificationCallback: load 00007ff8d22d0000 LB 0x00008000 C:\Windows\system32\NSI.dll [fFlags=0x0]
8491fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll [avoiding WinVerifyTrust]
8501fc0.2750: supR3HardenedDllNotificationCallback: load 00007ff8d2720000 LB 0x00069000 C:\Windows\system32\WS2_32.dll [fFlags=0x0]
8511fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
8521fc0.2750: supR3HardenedDllNotificationCallback: load 00007ff8a4080000 LB 0x0055f000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
8531fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
8541fc0.2750: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
8551fc0.2750: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
8561fc0.2750: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\nsi.dll'.
8571fc0.2750: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rescheduled]
8581fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
8591fc0.2750: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8601fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a4080000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8611fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
8621fc0.2750: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8631fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a4080000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8641fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
8651fc0.2750: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8661fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a4080000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8671fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
8681fc0.2750: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8691fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a4080000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8701fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
8711fc0.2750: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8721fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a4080000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8731fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
8741fc0.2750: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8751fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a4080000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8761fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a4080000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8771fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a4080000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8781fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a4080000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8791fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a4080000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8801fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a4080000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8811fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a4080000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8821fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a4080000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8831fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
8841fc0.2750: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8851fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a4080000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8861fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a4080000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8871fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a4080000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8881fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a4080000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8891fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a4080000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8901fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a4080000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8911fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a4080000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8921fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a4080000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8931fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a4080000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8941fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a4080000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8951fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a4080000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8961fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a4080000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8971fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a4080000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8981fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a4080000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8991fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a4080000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9001fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a4080000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9011fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
9021fc0.2750: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9031fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a4080000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9041fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a4080000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9051fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a4080000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9061fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a4080000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9071fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
9081fc0.2750: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
9091fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d0ce0000 'C:\Windows\system32\Wintrust.dll'
9101fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
9111fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
9121fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
9131fc0.2750: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9141fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
9151fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
9161fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
9171fc0.2750: SUPR3HardenedMain: Load TrustedMain...
9181fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
9191fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
9201fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
9211fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
9221fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
9231fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
9241fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qtguivbox4.dll'.
9251fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qtopenglvbox4.dll'.
9261fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
9271fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
9281fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'advapi32.dll'.
9291fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'shell32.dll'.
9301fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'ole32.dll'.
9311fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'oleaut32.dll'.
9321fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'comdlg32.dll'.
9331fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'.
9341fc0.2750: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
9351fc0.2750: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
9361fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
9371fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
9381fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
9391fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
9401fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
9411fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcrt.dll'.
9421fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'user32.dll'.
9431fc0.2750: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll) WinVerifyTrust
9441fc0.2750: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll
9451fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
9461fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
9471fc0.2750: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004b0 pwszName=\Device\HarddiskVolume2\Windows\System32\comdlg32.dll
9481fc0.2750: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000013252f0
9491fc0.2750: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000013252f0
9501fc0.2750: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=857477BEC0F0F69A9C4898B3680E207E94733C3F
9511fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
9521fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
9531fc0.2750: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
9541fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'gdi32.dll'.
9551fc0.2750: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
9561fc0.2750: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
9571fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9581fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9591fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
9601fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
9611fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
9621fc0.2750: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll'.
9631fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
9641fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'devobj.dll'.
9651fc0.2750: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmmbase.dll)
9661fc0.2750: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmmbase.dll
9671fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
9681fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
9691fc0.2750: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\devobj.dll'.
9701fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9711fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'cfgmgr32.dll'.
9721fc0.2750: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\devobj.dll)
9731fc0.2750: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devobj.dll
9741fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9751fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9761fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
9771fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
9781fc0.2750: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
9791fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'user32.dll'.
9801fc0.2750: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
9811fc0.2750: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
9821fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
9831fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
9841fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
9851fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
9861fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
9871fc0.2750: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'.
9881fc0.2750: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll)
9891fc0.2750: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
9901fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9911fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9921fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
9931fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
9941fc0.2750: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9951fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
9961fc0.2750: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_215_for_KB3081424~31bf3856ad364e35~amd64~~10.0.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'
9971fc0.2750: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
9981fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9991fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'user32.dll'.
10001fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'shlwapi.dll'.
10011fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'gdi32.dll'.
10021fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'comctl32.dll'.
10031fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'shell32.dll'.
10041fc0.2750: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comdlg32.dll) WinVerifyTrust
10051fc0.2750: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
10061fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
10071fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
10081fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
10091fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
10101fc0.2750: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'.
10111fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10121fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #64 'user32.dll'.
10131fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #66 'gdi32.dll'.
10141fc0.2750: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll)
10151fc0.2750: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
10161fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
10171fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
10181fc0.2750: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\comctl32.dll'.
10191fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
10201fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
10211fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
10221fc0.2750: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comctl32.dll)
10231fc0.2750: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comctl32.dll
10241fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
10251fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
10261fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
10271fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
10281fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
10291fc0.2750: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'.
10301fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
10311fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #41 'gdi32.dll'.
10321fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'user32.dll'.
10331fc0.2750: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll)
10341fc0.2750: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
10351fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
10361fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
10371fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
10381fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10391fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10401fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
10411fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
10421fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
10431fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
10441fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
10451fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
10461fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10471fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10481fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
10491fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
10501fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
10511fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
10521fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
10531fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
10541fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
10551fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
10561fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
10571fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
10581fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
10591fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
10601fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
10611fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
10621fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
10631fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10641fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10651fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
10661fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
10671fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10681fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'combase.dll'.
10691fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
10701fc0.2750: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll) WinVerifyTrust
10711fc0.2750: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
10721fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
10731fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
10741fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
10751fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
10761fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
10771fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
10781fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
10791fc0.2750: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
10801fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10811fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
10821fc0.2750: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\combase.dll)
10831fc0.2750: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\combase.dll
10841fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10851fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10861fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
10871fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
10881fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10891fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10901fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
10911fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
10921fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
10931fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'rpcrt4.dll'.
10941fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'gdi32.dll'.
10951fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'user32.dll'.
10961fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'combase.dll'.
10971fc0.2750: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ole32.dll) WinVerifyTrust
10981fc0.2750: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
10991fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
11001fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
11011fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll [redoing WinVerifyTrust]
11021fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
11031fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
11041fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [lacks WinVerifyTrust]
11051fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
11061fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
11071fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
11081fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
11091fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
11101fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
11111fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
11121fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
11131fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11141fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11151fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
11161fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
11171fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
11181fc0.2750: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll'
11191fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
11201fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
11211fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
11221fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
11231fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
11241fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
11251fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
11261fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
11271fc0.2750: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
11281fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
11291fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
11301fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [redoing WinVerifyTrust]
11311fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
11321fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
11331fc0.2750: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll'
11341fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtopenglvbox4.dll'...
11351fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtopenglvbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtopenglvbox4.dll' [rcNtRedir=0xc0150008]
11361fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
11371fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
11381fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
11391fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
11401fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qtguivbox4.dll'.
11411fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
11421fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'.
11431fc0.2750: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll) WinVerifyTrust
11441fc0.2750: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
11451fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
11461fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
11471fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
11481fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
11491fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
11501fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
11511fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
11521fc0.2750: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll'.
11531fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
11541fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
11551fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
11561fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
11571fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
11581fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
11591fc0.2750: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll)
11601fc0.2750: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
11611fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
11621fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
11631fc0.2750: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll'.
11641fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
11651fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'comdlg32.dll'.
11661fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'.
11671fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
11681fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
11691fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
11701fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
11711fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
11721fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'advapi32.dll'.
11731fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shell32.dll'.
11741fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'qtcorevbox4.dll'.
11751fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp100.dll'.
11761fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcr100.dll'.
11771fc0.2750: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll)
11781fc0.2750: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
11791fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
11801fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
11811fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
11821fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
11831fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
11841fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
11851fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
11861fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
11871fc0.2750: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\opengl32.dll'.
11881fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11891fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
11901fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
11911fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
11921fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
11931fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
11941fc0.2750: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll)
11951fc0.2750: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll
11961fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
11971fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
11981fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
11991fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
12001fc0.2750: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\ddraw.dll'.
12011fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12021fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'user32.dll'.
12031fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'gdi32.dll'.
12041fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'dciman32.dll'.
12051fc0.2750: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ddraw.dll)
12061fc0.2750: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ddraw.dll
12071fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
12081fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
12091fc0.2750: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
12101fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12111fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
12121fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
12131fc0.2750: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\glu32.dll)
12141fc0.2750: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll
12151fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12161fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
12171fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
12181fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
12191fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
12201fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
12211fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12221fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12231fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
12241fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
12251fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
12261fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
12271fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
12281fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
12291fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
12301fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
12311fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [lacks WinVerifyTrust]
12321fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
12331fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
12341fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
12351fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
12361fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
12371fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
12381fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12391fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12401fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
12411fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
12421fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
12431fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
12441fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
12451fc0.2750: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\winspool.drv'.
12461fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12471fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'bcrypt.dll'.
12481fc0.2750: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\winspool.drv)
12491fc0.2750: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winspool.drv
12501fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
12511fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
12521fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
12531fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
12541fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
12551fc0.2750: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
12561fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
12571fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'msctf.dll'.
12581fc0.2750: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\imm32.dll)
12591fc0.2750: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll
12601fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
12611fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
12621fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
12631fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
12641fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
12651fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
12661fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12671fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
12681fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
12691fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
12701fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
12711fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
12721fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
12731fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
12741fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
12751fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
12761fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
12771fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
12781fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
12791fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
12801fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
12811fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
12821fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
12831fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12841fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12851fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
12861fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume2\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
12871fc0.2750: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msctf.dll'.
12881fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12891fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
12901fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'gdi32.dll'.
12911fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'imm32.dll'.
12921fc0.2750: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msctf.dll)
12931fc0.2750: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll
12941fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12951fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12961fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
12971fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
12981fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
12991fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13001fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13011fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13021fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13031fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
13041fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
13051fc0.2750: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
13061fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13071fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13081fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
13091fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
13101fc0.2750: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\dciman32.dll'.
13111fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
13121fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
13131fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
13141fc0.2750: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\dciman32.dll)
13151fc0.2750: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dciman32.dll
13161fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13171fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13181fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13191fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13201fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13211fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13221fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13231fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13241fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13251fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13261fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13271fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13281fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
13291fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
13301fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
13311fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13321fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13331fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13341fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13351fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
13361fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13371fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13381fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
13391fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
13401fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'comdlg32.dll'.
13411fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'.
13421fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
13431fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
13441fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
13451fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
13461fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
13471fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'advapi32.dll'.
13481fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shell32.dll'.
13491fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'qtcorevbox4.dll'.
13501fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp100.dll'.
13511fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcr100.dll'.
13521fc0.2750: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll) WinVerifyTrust
13531fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
13541fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
13551fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [redoing WinVerifyTrust]
13561fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
13571fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
13581fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
13591fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
13601fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
13611fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
13621fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
13631fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
13641fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [lacks WinVerifyTrust]
13651fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
13661fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
13671fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
13681fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
13691fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
13701fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
13711fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13721fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13731fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
13741fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
13751fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
13761fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
13771fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
13781fc0.2750: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\winspool.drv [lacks WinVerifyTrust]
13791fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
13801fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
13811fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
13821fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
13831fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
13841fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
13851fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
13861fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
13871fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
13881fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
13891fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
13901fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
13911fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13921fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13931fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
13941fc0.2750: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll'
13951fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
13961fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
13971fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [redoing WinVerifyTrust]
13981fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
13991fc0.2750: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'
14001fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
14011fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
14021fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
14031fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
14041fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
14051fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
14061fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
14071fc0.2750: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
14081fc0.2750: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004ac pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll
14091fc0.2750: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000013252f0
14101fc0.2750: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000013252f0
14111fc0.2750: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5F0CC8DA0E67C8C01864C0783FA867C4BDCE0AAA
14121fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
14131fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
14141fc0.2750: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-windows~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
14151fc0.2750: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14161fc0.2750: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
14171fc0.2750: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
14181fc0.2750: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
14191fc0.2750: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
14201fc0.2750: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
14211fc0.2750: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [avoiding WinVerifyTrust]
14221fc0.2750: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
14231fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
14241fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
14251fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
14261fc0.2750: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll)
14271fc0.2750: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll
14281fc0.2750: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
14291fc0.2750: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
14301fc0.2750: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll [avoiding WinVerifyTrust]
14311fc0.2750: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
14321fc0.2750: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
14331fc0.2750: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll [avoiding WinVerifyTrust]
14341fc0.2750: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll [avoiding WinVerifyTrust]
14351fc0.2750: supR3HardenedDllNotificationCallback: load 00007ff8d22e0000 LB 0x0014e000 C:\Windows\system32\USER32.dll [fFlags=0x0]
14361fc0.2750: supR3HardenedDllNotificationCallback: load 00007ff8d18c0000 LB 0x00186000 C:\Windows\system32\GDI32.dll [fFlags=0x0]
14371fc0.2750: supR3HardenedDllNotificationCallback: load 00007ff8cc120000 LB 0x00008000 C:\Windows\SYSTEM32\DCIMAN32.dll [fFlags=0x0]
14381fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll [avoiding WinVerifyTrust]
14391fc0.2750: supR3HardenedDllNotificationCallback: load 00007ff8a9210000 LB 0x000f6000 C:\Windows\SYSTEM32\DDRAW.dll [fFlags=0x0]
14401fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll [avoiding WinVerifyTrust]
14411fc0.2750: supR3HardenedDllNotificationCallback: load 00007ff8c8660000 LB 0x0002e000 C:\Windows\SYSTEM32\GLU32.dll [fFlags=0x0]
14421fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
14431fc0.2750: supR3HardenedDllNotificationCallback: load 00007ff8b1830000 LB 0x00128000 C:\Windows\SYSTEM32\OPENGL32.dll [fFlags=0x0]
14441fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
14451fc0.2750: supR3HardenedDllNotificationCallback: load 00007ff8d1c00000 LB 0x0027c000 C:\Windows\system32\combase.dll [fFlags=0x0]
14461fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [avoiding WinVerifyTrust]
14471fc0.2750: supR3HardenedDllNotificationCallback: load 00007ff8d1fa0000 LB 0x00141000 C:\Windows\system32\ole32.dll [fFlags=0x0]
14481fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
14491fc0.2750: supR3HardenedDllNotificationCallback: load 0000000054ae0000 LB 0x002de000 C:\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [fFlags=0x0]
14501fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
14511fc0.2750: supR3HardenedDllNotificationCallback: load 00007ff8d0d40000 LB 0x000b3000 C:\Windows\system32\shcore.dll [fFlags=0x0]
14521fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14531fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'combase.dll'.
14541fc0.2750: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\SHCore.dll)
14551fc0.2750: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\SHCore.dll
14561fc0.2750: supR3HardenedDllNotificationCallback: load 00007ff8d3e50000 LB 0x00051000 C:\Windows\system32\shlwapi.dll [fFlags=0x0]
14571fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [avoiding WinVerifyTrust]
14581fc0.2750: supR3HardenedDllNotificationCallback: load 00007ff8af850000 LB 0x000aa000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\COMCTL32.dll [fFlags=0x0]
14591fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll [avoiding WinVerifyTrust]
14601fc0.2750: supR3HardenedDllNotificationCallback: load 00007ff8d0a80000 LB 0x0000f000 C:\Windows\system32\kernel.appcore.dll [fFlags=0x0]
14611fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcrt.dll'.
14621fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
14631fc0.2750: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll)
14641fc0.2750: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll
14651fc0.2750: supR3HardenedDllNotificationCallback: load 00007ff8d0a10000 LB 0x0004a000 C:\Windows\system32\powrprof.dll [fFlags=0x0]
14661fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14671fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
14681fc0.2750: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\powrprof.dll)
14691fc0.2750: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\powrprof.dll
14701fc0.2750: supR3HardenedDllNotificationCallback: load 00007ff8d0eb0000 LB 0x00628000 C:\Windows\system32\windows.storage.dll [fFlags=0x0]
14711fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14721fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'rpcrt4.dll'.
14731fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #58 'combase.dll'.
14741fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #64 'profapi.dll'.
14751fc0.2750: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\windows.storage.dll)
14761fc0.2750: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\windows.storage.dll
14771fc0.2750: supR3HardenedDllNotificationCallback: load 00007ff8d2800000 LB 0x01522000 C:\Windows\system32\SHELL32.dll [fFlags=0x0]
14781fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
14791fc0.2750: supR3HardenedDllNotificationCallback: load 00007ff8d1e80000 LB 0x000d7000 C:\Windows\system32\COMDLG32.dll [fFlags=0x0]
14801fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
14811fc0.2750: supR3HardenedDllNotificationCallback: load 00007ff8d25c0000 LB 0x000be000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
14821fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
14831fc0.2750: supR3HardenedDllNotificationCallback: load 00007ff8d16b0000 LB 0x0015c000 C:\Windows\system32\MSCTF.dll [fFlags=0x0]
14841fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msctf.dll [avoiding WinVerifyTrust]
14851fc0.2750: supR3HardenedDllNotificationCallback: load 00007ff8d1f60000 LB 0x00036000 C:\Windows\system32\IMM32.dll [fFlags=0x0]
14861fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
14871fc0.2750: supR3HardenedDllNotificationCallback: load 00007ff8d0ab0000 LB 0x00044000 C:\Windows\system32\cfgmgr32.dll [fFlags=0x0]
14881fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [avoiding WinVerifyTrust]
14891fc0.2750: supR3HardenedDllNotificationCallback: load 00007ff8cf380000 LB 0x00027000 C:\Windows\SYSTEM32\DEVOBJ.dll [fFlags=0x0]
14901fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll [avoiding WinVerifyTrust]
14911fc0.2750: supR3HardenedDllNotificationCallback: load 00007ff8cea90000 LB 0x0002c000 C:\Windows\SYSTEM32\WINMMBASE.dll [fFlags=0x0]
14921fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
14931fc0.2750: supR3HardenedDllNotificationCallback: load 00007ff8ceac0000 LB 0x00023000 C:\Windows\SYSTEM32\WINMM.dll [fFlags=0x0]
14941fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
14951fc0.2750: supR3HardenedDllNotificationCallback: load 00007ff8c5810000 LB 0x00084000 C:\Windows\SYSTEM32\WINSPOOL.DRV [fFlags=0x0]
14961fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
14971fc0.2750: supR3HardenedDllNotificationCallback: load 0000000054dc0000 LB 0x0096c000 C:\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [fFlags=0x0]
14981fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [avoiding WinVerifyTrust]
14991fc0.2750: supR3HardenedDllNotificationCallback: load 0000000054a00000 LB 0x000dc000 C:\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll [fFlags=0x0]
15001fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
15011fc0.2750: supR3HardenedDllNotificationCallback: load 00007ff8a35c0000 LB 0x00abb000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
15021fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
15031fc0.2750: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\windows.storage.dll'.
15041fc0.2750: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\windows.storage.dll' [rescheduled]
15051fc0.2750: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\powrprof.dll'.
15061fc0.2750: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\powrprof.dll' [rescheduled]
15071fc0.2750: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll'.
15081fc0.2750: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll' [rescheduled]
15091fc0.2750: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\SHCore.dll'.
15101fc0.2750: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\SHCore.dll' [rescheduled]
15111fc0.2750: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll'.
15121fc0.2750: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll' [rescheduled]
15131fc0.2750: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\dciman32.dll'.
15141fc0.2750: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' [rescheduled]
15151fc0.2750: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msctf.dll'.
15161fc0.2750: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll' [rescheduled]
15171fc0.2750: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
15181fc0.2750: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rescheduled]
15191fc0.2750: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\winspool.drv'.
15201fc0.2750: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rescheduled]
15211fc0.2750: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
15221fc0.2750: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
15231fc0.2750: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\ddraw.dll'.
15241fc0.2750: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' [rescheduled]
15251fc0.2750: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll'.
15261fc0.2750: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll' [rescheduled]
15271fc0.2750: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
15281fc0.2750: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
15291fc0.2750: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'.
15301fc0.2750: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rescheduled]
15311fc0.2750: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\comctl32.dll'.
15321fc0.2750: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rescheduled]
15331fc0.2750: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'.
15341fc0.2750: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rescheduled]
15351fc0.2750: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\devobj.dll'.
15361fc0.2750: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rescheduled]
15371fc0.2750: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll'.
15381fc0.2750: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll' [rescheduled]
15391fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [redoing WinVerifyTrust]
15401fc0.2750: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
15411fc0.2750: supR3HardenedScreenImage/LdrLoadDll: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\imm32.dll
15421fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
15431fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
15441fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll
15451fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
15461fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
15471fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [redoing WinVerifyTrust]
15481fc0.2750: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
15491fc0.2750: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\combase.dll
15501fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
15511fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
15521fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15531fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15541fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
15551fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
15561fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15571fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15581fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
15591fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
15601fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15611fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15621fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
15631fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
15641fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [redoing WinVerifyTrust]
15651fc0.2750: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
15661fc0.2750: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\combase.dll
15671fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15681fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15691fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15701fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15711fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15721fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15731fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
15741fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
15751fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
15761fc0.2750: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
15771fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d1f60000 'C:\Windows\system32\imm32.dll'
15781fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a35c0000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
15791fc0.2750: SUPR3HardenedMain: Calling TrustedMain (00007ff8a35c10d0)...
15801fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
15811fc0.2750: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
15821fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ceac0000 'C:\Windows\system32\winmm.dll'
15831fc0.2750: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000006c4 pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll
15841fc0.2750: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000013252f0
15851fc0.2750: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000013252f0
15861fc0.2750: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3717D376EF95470D8C03AD02F97C4DCBCE269CF8
15871fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
15881fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
15891fc0.2750: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_570_for_KB3105210~31bf3856ad364e35~amd64~~10.0.1.3.cat'; file='\Device\HarddiskVolume2\Windows\System32\uxtheme.dll'
15901fc0.2750: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15911fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
15921fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'gdi32.dll'.
15931fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'user32.dll'.
15941fc0.2750: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll) WinVerifyTrust
15951fc0.2750: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
15961fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15971fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15981fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15991fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16001fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
16011fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16021fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16031fc0.2750: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
16041fc0.2750: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
16051fc0.2750: supR3HardenedDllNotificationCallback: load 00007ff8cf2e0000 LB 0x00096000 C:\Windows\system32\uxtheme.dll [fFlags=0x0]
16061fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
16071fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cf2e0000 'C:\Windows\system32\uxtheme.dll'
16081fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16091fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'user32.dll'.
16101fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'gdi32.dll'.
16111fc0.2750: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\dwmapi.dll)
16121fc0.2750: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
16131fc0.2750: supR3HardenedDllNotificationCallback: load 00007ff8ce8f0000 LB 0x00022000 C:\Windows\system32\dwmapi.dll [fFlags=0x0]
16141fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
16151fc0.2750: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000724 pwszName=\Device\HarddiskVolume2\Windows\System32\dwmapi.dll
16161fc0.2750: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000013252f0
16171fc0.2750: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000013252f0
16181fc0.2750: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=71451274041047D99462EA805D3FAD1A9E10F86D
16191fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16201fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16211fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16221fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16231fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16241fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16251fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
16261fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
16271fc0.2750: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_176_for_KB3105210~31bf3856ad364e35~amd64~~10.0.1.3.cat'; file='\Device\HarddiskVolume2\Windows\System32\dwmapi.dll'
16281fc0.2750: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16291fc0.2750: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll'
16301fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
16311fc0.2750: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16321fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d2800000 'C:\Windows\system32\shell32.dll'
16331fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
16341fc0.2750: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16351fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d3d30000 'C:\Windows\system32\kernel32.dll'
16361fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
16371fc0.2750: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16381fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cf2e0000 'C:\Windows\system32\uxtheme.dll'
16391fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
16401fc0.2750: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16411fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cf2e0000 'C:\Windows\system32\uxtheme.dll'
16421fc0.2750: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
16431fc0.2750: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16441fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll'
16451fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d22e0000 'C:\Windows\system32\user32.dll'
16461fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
16471fc0.2750: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16481fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cf2e0000 'C:\Windows\system32\uxtheme.dll'
16491fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d22e0000 'C:\Windows\system32\user32.dll'
16501fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
16511fc0.2750: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16521fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d1810000 'C:\Windows\system32\advapi32.dll'
16531fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
16541fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
16551fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16561fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
16571fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'profapi.dll'.
16581fc0.2750: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\userenv.dll) WinVerifyTrust
16591fc0.2750: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll
16601fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
16611fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
16621fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll
16631fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
16641fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
16651fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16661fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16671fc0.2750: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16681fc0.2750: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
16691fc0.2750: supR3HardenedDllNotificationCallback: load 00007ff8d0020000 LB 0x0001f000 C:\Windows\system32\userenv.dll [fFlags=0x0]
16701fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
16711fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d0020000 'C:\Windows\system32\userenv.dll'
16721fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
16731fc0.2750: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16741fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d3d30000 'C:\Windows\system32\kernel32.dll'
16751fc0.2750: supR3HardenedDllNotificationCallback: load 00007ff8d24b0000 LB 0x000a5000 C:\Windows\system32\clbcatq.dll [fFlags=0x0]
16761fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16771fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
16781fc0.2750: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clbcatq.dll)
16791fc0.2750: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
16801fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
16811fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
16821fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16831fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16841fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
16851fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
16861fc0.2750: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\clbcatq.dll'
16871fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
16881fc0.6d0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
16891fc0.6d0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
16901fc0.6d0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
16911fc0.6d0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'psapi.dll'.
16921fc0.6d0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
16931fc0.6d0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
16941fc0.6d0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'version.dll'.
16951fc0.6d0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ws2_32.dll'.
16961fc0.6d0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'.
16971fc0.6d0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
16981fc0.6d0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
16991fc0.6d0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
17001fc0.6d0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
17011fc0.6d0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
17021fc0.6d0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
17031fc0.6d0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
17041fc0.6d0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
17051fc0.6d0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
17061fc0.6d0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
17071fc0.6d0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
17081fc0.6d0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
17091fc0.6d0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
17101fc0.6d0: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume2\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
17111fc0.6d0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
17121fc0.6d0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
17131fc0.6d0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17141fc0.6d0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\version.dll) WinVerifyTrust
17151fc0.6d0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\version.dll
17161fc0.6d0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
17171fc0.6d0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
17181fc0.6d0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
17191fc0.6d0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
17201fc0.6d0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'psapi.dll'...
17211fc0.6d0: supR3HardenedWinVerifyCacheProcessImportTodos: 'psapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\psapi.dll' [rcNtRedir=0xc0150008]
17221fc0.6d0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17231fc0.6d0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17241fc0.6d0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
17251fc0.6d0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
17261fc0.6d0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\psapi.dll) WinVerifyTrust
17271fc0.6d0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\psapi.dll
17281fc0.6d0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
17291fc0.6d0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
17301fc0.6d0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
17311fc0.6d0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
17321fc0.6d0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
17331fc0.6d0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
17341fc0.6d0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
17351fc0.6d0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
17361fc0.6d0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll
17371fc0.6d0: supR3HardenedDllNotificationCallback: load 00007ff8d2790000 LB 0x00008000 C:\Windows\system32\PSAPI.DLL [fFlags=0x0]
17381fc0.6d0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\psapi.dll
17391fc0.6d0: supR3HardenedDllNotificationCallback: load 00007ff8c70c0000 LB 0x0000a000 C:\Windows\SYSTEM32\VERSION.dll [fFlags=0x0]
17401fc0.6d0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll
17411fc0.6d0: supR3HardenedDllNotificationCallback: load 00007ff8a2fe0000 LB 0x005d7000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
17421fc0.6d0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
17431fc0.6d0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2fe0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
17441fc0.6d0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
17451fc0.6d0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
17461fc0.6d0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d25c0000 'C:\Windows\System32\oleaut32.dll'
17471fc0.6d0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sxs.dll)
17481fc0.6d0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sxs.dll
17491fc0.6d0: supR3HardenedDllNotificationCallback: load 00007ff8d08d0000 LB 0x00098000 C:\Windows\SYSTEM32\sxs.dll [fFlags=0x0]
17501fc0.6d0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sxs.dll [avoiding WinVerifyTrust]
17511fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
17521fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
17531fc0.2750: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sxs.dll'
17541fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
17551fc0.2750: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.dll (Input=OLEAUT32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17561fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d25c0000 'C:\Windows\system32\OLEAUT32.dll'
17571fc0.2750: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
17581fc0.2750: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17591fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll'
17601fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d18c0000 'C:\Windows\system32\gdi32.dll'
17611fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d22e0000 'C:\Windows\system32\user32.dll'
17621fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
17631fc0.2750: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17641fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d2800000 'C:\Windows\system32\shell32.dll'
17651fc0.2750: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b90 pwszName=\Device\HarddiskVolume2\Windows\System32\DataExchange.dll
17661fc0.2750: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000013252f0
17671fc0.2750: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000013252f0
17681fc0.2750: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=030BB80F5AC7982FF01AB351589D64E6D4167B3E
17691fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
17701fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
17711fc0.2750: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-AppRuntime-shell-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\DataExchange.dll'
17721fc0.2750: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17731fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17741fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shcore.dll'.
17751fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'combase.dll'.
17761fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'd2d1.dll'.
17771fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'd3d11.dll'.
17781fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'dcomp.dll'.
17791fc0.2750: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\DataExchange.dll) WinVerifyTrust
17801fc0.2750: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\DataExchange.dll
17811fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'...
17821fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume2\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008]
17831fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
17841fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
17851fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17861fc0.2750: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dcomp.dll) WinVerifyTrust
17871fc0.2750: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dcomp.dll
17881fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
17891fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume2\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
17901fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17911fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17921fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
17931fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
17941fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
17951fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17961fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'dxgi.dll'.
17971fc0.2750: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\d3d11.dll) WinVerifyTrust
17981fc0.2750: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\d3d11.dll
17991fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd2d1.dll'...
18001fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'd2d1.dll' -> '\Device\HarddiskVolume2\Windows\System32\d2d1.dll' [rcNtRedir=0xc0150008]
18011fc0.2750: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000be4 pwszName=\Device\HarddiskVolume2\Windows\System32\d2d1.dll
18021fc0.2750: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000013252f0
18031fc0.2750: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000013252f0
18041fc0.2750: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CA1A7323788F698339FF353F1BA100EF7C556D74
18051fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
18061fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
18071fc0.2750: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\dxgi.dll'.
18081fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18091fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
18101fc0.2750: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dxgi.dll)
18111fc0.2750: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dxgi.dll
18121fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18131fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18141fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18151fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18161fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18171fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18181fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
18191fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
18201fc0.2750: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-Graphics-DirectX-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\d2d1.dll'
18211fc0.2750: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18221fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18231fc0.2750: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\d2d1.dll) WinVerifyTrust
18241fc0.2750: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\d2d1.dll
18251fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
18261fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
18271fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [redoing WinVerifyTrust]
18281fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18291fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18301fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
18311fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
18321fc0.2750: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\combase.dll'
18331fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
18341fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume2\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
18351fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SHCore.dll [redoing WinVerifyTrust]
18361fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
18371fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
18381fc0.2750: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\SHCore.dll'
18391fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18401fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18411fc0.2750: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
18421fc0.2750: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\DataExchange.dll
18431fc0.2750: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\d2d1.dll
18441fc0.2750: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\d3d11.dll
18451fc0.2750: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dcomp.dll
18461fc0.2750: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
18471fc0.2750: supR3HardenedDllNotificationCallback: load 00007ff8ca390000 LB 0x00545000 C:\Windows\system32\d2d1.dll [fFlags=0x0]
18481fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\d2d1.dll
18491fc0.2750: supR3HardenedDllNotificationCallback: load 00007ff8ce5a0000 LB 0x0009c000 C:\Windows\system32\dxgi.dll [fFlags=0x0]
18501fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
18511fc0.2750: supR3HardenedDllNotificationCallback: load 00007ff8ce640000 LB 0x002a3000 C:\Windows\system32\d3d11.dll [fFlags=0x0]
18521fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\d3d11.dll
18531fc0.2750: supR3HardenedDllNotificationCallback: load 00007ff8cee70000 LB 0x000d1000 C:\Windows\system32\dcomp.dll [fFlags=0x0]
18541fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dcomp.dll
18551fc0.2750: supR3HardenedDllNotificationCallback: load 00007ff8c5750000 LB 0x00046000 C:\Windows\system32\dataexchange.dll [fFlags=0x0]
18561fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\DataExchange.dll
18571fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c5750000 'C:\Windows\system32\dataexchange.dll'
18581fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
18591fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
18601fc0.2750: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\dxgi.dll'
18611fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18621fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'userenv.dll'.
18631fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'bcrypt.dll'.
18641fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
18651fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'combase.dll'.
18661fc0.2750: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll)
18671fc0.2750: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll
18681fc0.2750: supR3HardenedDllNotificationCallback: load 00007ff8cf3d0000 LB 0x000ee000 C:\Windows\system32\twinapi.appcore.dll [fFlags=0x0]
18691fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust]
18701fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
18711fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
18721fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll
18731fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
18741fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
18751fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
18761fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
18771fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
18781fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
18791fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'...
18801fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume2\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008]
18811fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
18821fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18831fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18841fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
18851fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
18861fc0.2750: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll'
18871fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
18881fc0.2750: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18891fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d2800000 'C:\Windows\system32\shell32.dll'
18901fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
18911fc0.2750: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18921fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d2800000 'C:\Windows\system32\shell32.dll'
18931fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
18941fc0.2750: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18951fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d1fa0000 'C:\Windows\system32\ole32.dll'
18961fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
18971fc0.2750: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18981fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d25c0000 'C:\Windows\system32\OLEAUT32.dll'
18991fc0.2750: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ca8 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
19001fc0.2750: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000013252f0
19011fc0.2750: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000013252f0
19021fc0.2750: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AA7BAB6C49E4A06208A6E0EE146D0A4385100231
19031fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
19041fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
19051fc0.2750: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-admin-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll'
19061fc0.2750: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19071fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19081fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
19091fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
19101fc0.2750: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
19111fc0.2750: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
19121fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
19131fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
19141fc0.2750: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c84 pwszName=\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
19151fc0.2750: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000013252f0
19161fc0.2750: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000013252f0
19171fc0.2750: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8589CB867869E61D2D0DD902D9F24828D41B3FB4
19181fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
19191fc0.2750: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
19201fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
19211fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
19221fc0.2750: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-admin-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll'
19231fc0.2750: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19241fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19251fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'bcrypt.dll'.
19261fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'ws2_32.dll'.
19271fc0.2750: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll) WinVerifyTrust
19281fc0.2750: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
19291fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
19301fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
19311fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
19321fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19331fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19341fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
19351fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
19361fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
19371fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
19381fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
19391fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
19401fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19411fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19421fc0.2750: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
19431fc0.2750: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
19441fc0.2750: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
19451fc0.2750: supR3HardenedDllNotificationCallback: load 00007ff8c7d40000 LB 0x0007f000 C:\Windows\SYSTEM32\wbemcomn.dll [fFlags=0x0]
19461fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
19471fc0.2750: supR3HardenedDllNotificationCallback: load 00007ff8c4e70000 LB 0x00011000 C:\Windows\system32\wbem\wbemprox.dll [fFlags=0x0]
19481fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
19491fc0.2750: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
19501fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d0b00000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
19511fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c4e70000 'C:\Windows\system32\wbem\wbemprox.dll'
19521fc0.2750: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c40 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
19531fc0.2750: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000013252f0
19541fc0.2750: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000013252f0
19551fc0.2750: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F55A40FEDA5AB0854F7A2A7AE88B827B3F76303B
19561fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
19571fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
19581fc0.2750: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-admin-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll'
19591fc0.2750: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19601fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19611fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
19621fc0.2750: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
19631fc0.2750: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
19641fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
19651fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
19661fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19671fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19681fc0.2750: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
19691fc0.2750: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
19701fc0.2750: supR3HardenedDllNotificationCallback: load 00007ff8c4810000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [fFlags=0x0]
19711fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
19721fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c4810000 'C:\Windows\system32\wbem\wbemsvc.dll'
19731fc0.2750: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
19741fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d0b00000 'api-ms-win-core-localization-l1-2-0.dll'
19751fc0.2750: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
19761fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d0b00000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
19771fc0.2750: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000cec pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
19781fc0.2750: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000013252f0
19791fc0.2750: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000013252f0
19801fc0.2750: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E360AD530F1A62ACF9003C6FE3BA6BBD7638D488
19811fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
19821fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
19831fc0.2750: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-admin-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll'
19841fc0.2750: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19851fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19861fc0.2750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
19871fc0.2750: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
19881fc0.2750: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
19891fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
19901fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
19911fc0.2750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
19921fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19931fc0.2750: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19941fc0.2750: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
19951fc0.2750: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
19961fc0.2750: supR3HardenedDllNotificationCallback: load 00007ff8c48e0000 LB 0x000f8000 C:\Windows\system32\wbem\fastprox.dll [fFlags=0x0]
19971fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
19981fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c48e0000 'C:\Windows\system32\wbem\fastprox.dll'
19991fc0.2750: supR3HardenedMonitor_LdrLoadDll: 'C:\Windows\system32\comctl32.dll' -> 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll' [redir]
20001fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll [redoing WinVerifyTrust]
20011fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
20021fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
20031fc0.2750: supR3HardenedScreenImage/LdrLoadDll: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll'
20041fc0.2750: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll (Input=C:\Windows\system32\comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20051fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8af850000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll'
20061fc0.2750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
20071fc0.2750: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\SYSTEM32\WINMM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20081fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ceac0000 'C:\Windows\SYSTEM32\WINMM.dll'
20091fc0.e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
20101fc0.e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
20111fc0.e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
20121fc0.e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
20131fc0.e04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
20141fc0.e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
20151fc0.e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
20161fc0.e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
20171fc0.e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
20181fc0.e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
20191fc0.e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
20201fc0.e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
20211fc0.e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
20221fc0.e04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
20231fc0.e04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
20241fc0.e04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
20251fc0.e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
20261fc0.e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
20271fc0.e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20281fc0.e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20291fc0.e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
20301fc0.e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
20311fc0.e04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
20321fc0.e04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
20331fc0.e04: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
20341fc0.e04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20351fc0.e04: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
20361fc0.e04: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
20371fc0.e04: supR3HardenedDllNotificationCallback: load 00000000548f0000 LB 0x0010a000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
20381fc0.e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
20391fc0.e04: supR3HardenedDllNotificationCallback: load 00007ff8a64f0000 LB 0x0029c000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
20401fc0.e04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
20411fc0.e04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a64f0000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
20421fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
20431fc0.27f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
20441fc0.27f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\VBoxUSBMon.sys)
20451fc0.27f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\VBoxUSBMon.sys
20461fc0.27f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\VBoxUSBMon.sys [avoiding WinVerifyTrust]
20471fc0.27f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
20481fc0.27f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\VBoxDrv.sys)
20491fc0.27f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\VBoxDrv.sys
20501fc0.27f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\VBoxDrv.sys [avoiding WinVerifyTrust]
20511fc0.27f0: \Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetAdp6.sys: Owner is administrators group.
20521fc0.27f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ndis.sys'.
20531fc0.27f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ntoskrnl.exe'.
20541fc0.27f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetAdp6.sys)
20551fc0.27f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetAdp6.sys
20561fc0.27f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetAdp6.sys [avoiding WinVerifyTrust]
20571fc0.27f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
20581fc0.27f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ndis.sys'.
20591fc0.27f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'netio.sys'.
20601fc0.27f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetLwf.sys)
20611fc0.27f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetLwf.sys
20621fc0.27f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetLwf.sys [avoiding WinVerifyTrust]
20631fc0.2208: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netio.sys'...
20641fc0.2208: supR3HardenedWinVerifyCacheProcessImportTodos: 'netio.sys' -> '\Device\HarddiskVolume2\Windows\System32\drivers\netio.sys' [rcNtRedir=0xc0150008]
20651fc0.2208: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\drivers\netio.sys'.
20661fc0.2208: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
20671fc0.2208: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ndis.sys'.
20681fc0.2208: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msrpc.sys'.
20691fc0.2208: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\netio.sys)
20701fc0.2208: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\netio.sys
20711fc0.2208: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ndis.sys'...
20721fc0.2208: supR3HardenedWinVerifyCacheProcessImportTodos: 'ndis.sys' -> '\Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys' [rcNtRedir=0xc0150008]
20731fc0.2208: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys'.
20741fc0.2208: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
20751fc0.2208: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
20761fc0.2208: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'netio.sys'.
20771fc0.2208: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'wpprecorder.sys'.
20781fc0.2208: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys)
20791fc0.2208: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys
20801fc0.2208: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
20811fc0.2208: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
20821fc0.2208: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe'.
20831fc0.2208: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'hal.dll'.
20841fc0.2208: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'pshed.dll'.
20851fc0.2208: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'bootvid.dll'.
20861fc0.2208: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'kdcom.dll'.
20871fc0.2208: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ci.dll'.
20881fc0.2208: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'msrpc.sys'.
20891fc0.2208: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe)
20901fc0.2208: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe
20911fc0.2208: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
20921fc0.2208: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
20931fc0.2208: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
20941fc0.2208: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ndis.sys'...
20951fc0.2208: supR3HardenedWinVerifyCacheProcessImportTodos: 'ndis.sys' -> '\Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys' [rcNtRedir=0xc0150008]
20961fc0.2208: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys [lacks WinVerifyTrust]
20971fc0.2208: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
20981fc0.2208: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
20991fc0.2208: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
21001fc0.2208: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
21011fc0.2208: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
21021fc0.2208: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
21031fc0.2208: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msrpc.sys'...
21041fc0.2208: supR3HardenedWinVerifyCacheProcessImportTodos: Failed to locate 'msrpc.sys'
21051fc0.2208: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ci.dll'...
21061fc0.2208: supR3HardenedWinVerifyCacheProcessImportTodos: 'ci.dll' -> '\Device\HarddiskVolume2\Windows\System32\ci.dll' [rcNtRedir=0xc0150008]
21071fc0.2208: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\ci.dll'.
21081fc0.2208: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
21091fc0.2208: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
21101fc0.2208: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ci.dll)
21111fc0.2208: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ci.dll
21121fc0.2208: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'kdcom.dll'...
21131fc0.2208: supR3HardenedWinVerifyCacheProcessImportTodos: 'kdcom.dll' -> '\Device\HarddiskVolume2\Windows\System32\kdcom.dll' [rcNtRedir=0xc0150008]
21141fc0.2208: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\kdcom.dll'.
21151fc0.2208: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
21161fc0.2208: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
21171fc0.2208: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kdcom.dll)
21181fc0.2208: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kdcom.dll
21191fc0.2208: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bootvid.dll'...
21201fc0.2208: supR3HardenedWinVerifyCacheProcessImportTodos: 'bootvid.dll' -> '\Device\HarddiskVolume2\Windows\System32\bootvid.dll' [rcNtRedir=0xc0150008]
21211fc0.2208: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\BOOTVID.DLL'.
21221fc0.2208: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
21231fc0.2208: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\BOOTVID.DLL)
21241fc0.2208: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\BOOTVID.DLL
21251fc0.2208: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'pshed.dll'...
21261fc0.2208: supR3HardenedWinVerifyCacheProcessImportTodos: 'pshed.dll' -> '\Device\HarddiskVolume2\Windows\System32\pshed.dll' [rcNtRedir=0xc0150008]
21271fc0.2208: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\PSHED.DLL'.
21281fc0.2208: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
21291fc0.2208: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
21301fc0.2208: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\PSHED.DLL)
21311fc0.2208: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\PSHED.DLL
21321fc0.2208: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
21331fc0.2208: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume2\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
21341fc0.2208: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\hal.dll'.
21351fc0.2208: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
21361fc0.2208: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'kdcom.dll'.
21371fc0.2208: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'pshed.dll'.
21381fc0.2208: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\hal.dll)
21391fc0.2208: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\hal.dll
21401fc0.2208: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wpprecorder.sys'...
21411fc0.2208: supR3HardenedWinVerifyCacheProcessImportTodos: 'wpprecorder.sys' -> '\Device\HarddiskVolume2\Windows\System32\drivers\wpprecorder.sys' [rcNtRedir=0xc0150008]
21421fc0.2208: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\drivers\WppRecorder.sys'.
21431fc0.2208: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
21441fc0.2208: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\WppRecorder.sys)
21451fc0.2208: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\WppRecorder.sys
21461fc0.2208: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netio.sys'...
21471fc0.2208: supR3HardenedWinVerifyCacheProcessImportTodos: 'netio.sys' -> '\Device\HarddiskVolume2\Windows\System32\drivers\netio.sys' [rcNtRedir=0xc0150008]
21481fc0.2208: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\netio.sys [lacks WinVerifyTrust]
21491fc0.2208: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
21501fc0.2208: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume2\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
21511fc0.2208: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\hal.dll [lacks WinVerifyTrust]
21521fc0.2208: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
21531fc0.2208: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
21541fc0.2208: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
21551fc0.2208: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msrpc.sys'...
21561fc0.2208: supR3HardenedWinVerifyCacheProcessImportTodos: 'msrpc.sys' -> '\Device\HarddiskVolume2\Windows\System32\drivers\msrpc.sys' [rcNtRedir=0xc0150008]
21571fc0.2208: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\drivers\msrpc.sys'.
21581fc0.2208: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
21591fc0.2208: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\msrpc.sys)
21601fc0.2208: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\msrpc.sys
21611fc0.2208: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ndis.sys'...
21621fc0.2208: supR3HardenedWinVerifyCacheProcessImportTodos: 'ndis.sys' -> '\Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys' [rcNtRedir=0xc0150008]
21631fc0.2208: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys [lacks WinVerifyTrust]
21641fc0.2208: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
21651fc0.2208: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
21661fc0.2208: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
21671fc0.2208: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
21681fc0.2208: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
21691fc0.2208: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
21701fc0.2208: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
21711fc0.2208: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
21721fc0.2208: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
21731fc0.2208: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'pshed.dll'...
21741fc0.2208: supR3HardenedWinVerifyCacheProcessImportTodos: 'pshed.dll' -> '\Device\HarddiskVolume2\Windows\System32\pshed.dll' [rcNtRedir=0xc0150008]
21751fc0.2208: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\PSHED.DLL [lacks WinVerifyTrust]
21761fc0.2208: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'kdcom.dll'...
21771fc0.2208: supR3HardenedWinVerifyCacheProcessImportTodos: 'kdcom.dll' -> '\Device\HarddiskVolume2\Windows\System32\kdcom.dll' [rcNtRedir=0xc0150008]
21781fc0.2208: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kdcom.dll [lacks WinVerifyTrust]
21791fc0.2208: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
21801fc0.2208: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
21811fc0.2208: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
21821fc0.2208: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
21831fc0.2208: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume2\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
21841fc0.2208: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\hal.dll [lacks WinVerifyTrust]
21851fc0.2208: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
21861fc0.2208: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
21871fc0.2208: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
21881fc0.2208: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
21891fc0.2208: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
21901fc0.2208: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
21911fc0.2208: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
21921fc0.2208: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume2\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
21931fc0.2208: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\hal.dll [lacks WinVerifyTrust]
21941fc0.2208: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
21951fc0.2208: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
21961fc0.2208: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
21971fc0.2208: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
21981fc0.2208: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume2\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
21991fc0.2208: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\hal.dll [lacks WinVerifyTrust]
22001fc0.2208: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
22011fc0.2208: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
22021fc0.2208: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
22031fc0.2208: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
22041fc0.2208: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetLwf.sys'
22051fc0.2208: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
22061fc0.2208: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetAdp6.sys'
22071fc0.2208: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
22081fc0.2208: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\drivers\VBoxDrv.sys'
22091fc0.2208: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
22101fc0.2208: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\drivers\VBoxUSBMon.sys'
22111fc0.2208: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
22121fc0.2208: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
22131fc0.2208: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\drivers\msrpc.sys'
22141fc0.2208: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
22151fc0.2208: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
22161fc0.2208: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\drivers\WppRecorder.sys'
22171fc0.2208: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
22181fc0.2208: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
22191fc0.2208: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\hal.dll'
22201fc0.2208: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
22211fc0.2208: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
22221fc0.2208: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\PSHED.DLL'
22231fc0.2208: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
22241fc0.2208: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
22251fc0.2208: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\BOOTVID.DLL'
22261fc0.2208: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
22271fc0.2208: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
22281fc0.2208: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22291fc0.2208: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
22301fc0.2208: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kdcom.dll'
22311fc0.2208: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
22321fc0.2208: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
22331fc0.2208: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ci.dll'
22341fc0.2208: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
22351fc0.2208: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
22361fc0.2208: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe'
22371fc0.2208: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
22381fc0.2208: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
22391fc0.2208: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys'
22401fc0.2208: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
22411fc0.2208: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
22421fc0.2208: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\drivers\netio.sys'
22431fc0.2208: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
22441fc0.2208: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
22451fc0.2208: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
22461fc0.2208: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
22471fc0.2208: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
22481fc0.2208: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
22491fc0.2208: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
22501fc0.2208: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
22511fc0.2208: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
22521fc0.2208: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
22531fc0.2208: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
22541fc0.2208: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
22551fc0.2208: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
22561fc0.2208: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
22571fc0.2208: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
22581fc0.2208: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
22591fc0.2208: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22601fc0.2208: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
22611fc0.2208: supR3HardenedDllNotificationCallback: load 00007ff8c92a0000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
22621fc0.2208: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
22631fc0.2208: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c92a0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
22641fc0.2370: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
22651fc0.2370: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
22661fc0.2370: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
22671fc0.2370: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
22681fc0.2370: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
22691fc0.2370: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
22701fc0.2370: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
22711fc0.2370: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
22721fc0.2370: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
22731fc0.2370: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
22741fc0.2370: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
22751fc0.2370: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
22761fc0.2370: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
22771fc0.2370: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22781fc0.2370: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
22791fc0.2370: supR3HardenedDllNotificationCallback: load 00007ff8c8650000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
22801fc0.2370: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
22811fc0.2370: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c8650000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
22821fc0.2720: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
22831fc0.2720: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
22841fc0.2720: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
22851fc0.2720: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
22861fc0.2720: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
22871fc0.2720: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
22881fc0.2720: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
22891fc0.2720: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
22901fc0.2720: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
22911fc0.2720: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
22921fc0.2720: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
22931fc0.2720: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
22941fc0.2720: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22951fc0.2720: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
22961fc0.2720: supR3HardenedDllNotificationCallback: load 00007ff8c8010000 LB 0x0000f000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
22971fc0.2720: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
22981fc0.2720: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c8010000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
22991fc0.1afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
23001fc0.1afc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
23011fc0.1afc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
23021fc0.1afc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
23031fc0.1afc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
23041fc0.1afc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
23051fc0.1afc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
23061fc0.1afc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
23071fc0.1afc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
23081fc0.1afc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
23091fc0.1afc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
23101fc0.1afc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
23111fc0.1afc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23121fc0.1afc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
23131fc0.1afc: supR3HardenedDllNotificationCallback: load 00007ff8c7fd0000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
23141fc0.1afc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
23151fc0.1afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c7fd0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
23161fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d2800000 'C:\Windows\system32/Shell32.dll'
23171fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
23181fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
23191fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
23201fc0.27f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
23211fc0.27f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
23221fc0.27f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
23231fc0.27f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
23241fc0.27f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
23251fc0.27f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
23261fc0.27f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
23271fc0.27f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
23281fc0.27f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
23291fc0.27f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
23301fc0.27f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
23311fc0.27f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
23321fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
23331fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
23341fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
23351fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
23361fc0.27f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
23371fc0.27f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winnsi.dll'.
23381fc0.27f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
23391fc0.27f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
23401fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
23411fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
23421fc0.27f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
23431fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
23441fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
23451fc0.27f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
23461fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
23471fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
23481fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
23491fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
23501fc0.27f0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\winnsi.dll'.
23511fc0.27f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
23521fc0.27f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
23531fc0.27f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winnsi.dll)
23541fc0.27f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winnsi.dll
23551fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
23561fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
23571fc0.27f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll [lacks WinVerifyTrust]
23581fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
23591fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
23601fc0.27f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll [lacks WinVerifyTrust]
23611fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
23621fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
23631fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
23641fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
23651fc0.27f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'cfgmgr32.dll'.
23661fc0.27f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
23671fc0.27f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
23681fc0.27f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll) WinVerifyTrust
23691fc0.27f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
23701fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
23711fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
23721fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
23731fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
23741fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
23751fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
23761fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23771fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23781fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
23791fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
23801fc0.27f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust]
23811fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
23821fc0.27f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
23831fc0.27f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
23841fc0.27f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
23851fc0.27f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
23861fc0.27f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
23871fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
23881fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
23891fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
23901fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
23911fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
23921fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
23931fc0.27f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
23941fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
23951fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
23961fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
23971fc0.27f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
23981fc0.27f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
23991fc0.27f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
24001fc0.27f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
24011fc0.27f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'newdev.dll'.
24021fc0.27f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
24031fc0.27f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
24041fc0.27f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
24051fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
24061fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
24071fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
24081fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
24091fc0.27f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
24101fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24111fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
24121fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
24131fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
24141fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'newdev.dll'...
24151fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'newdev.dll' -> '\Device\HarddiskVolume2\Windows\System32\newdev.dll' [rcNtRedir=0xc0150008]
24161fc0.27f0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f20 pwszName=\Device\HarddiskVolume2\Windows\System32\newdev.dll
24171fc0.27f0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000013252f0
24181fc0.27f0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000013252f0
24191fc0.27f0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=793D99A2656EF7BC8AE3D3DA54E1A198969B9F96
24201fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
24211fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
24221fc0.27f0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-base~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\newdev.dll'
24231fc0.27f0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24241fc0.27f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24251fc0.27f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
24261fc0.27f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'gdi32.dll'.
24271fc0.27f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'uxtheme.dll'.
24281fc0.27f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'cfgmgr32.dll'.
24291fc0.27f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'setupapi.dll'.
24301fc0.27f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\newdev.dll) WinVerifyTrust
24311fc0.27f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\newdev.dll
24321fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
24331fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
24341fc0.27f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
24351fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
24361fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
24371fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
24381fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
24391fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24401fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
24411fc0.27f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
24421fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
24431fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
24441fc0.27f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
24451fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
24461fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
24471fc0.27f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [redoing WinVerifyTrust]
24481fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
24491fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
24501fc0.27f0: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
24511fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uxtheme.dll'...
24521fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'uxtheme.dll' -> '\Device\HarddiskVolume2\Windows\System32\uxtheme.dll' [rcNtRedir=0xc0150008]
24531fc0.27f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
24541fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
24551fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
24561fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
24571fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
24581fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24591fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24601fc0.27f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24611fc0.27f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
24621fc0.27f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
24631fc0.27f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
24641fc0.27f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
24651fc0.27f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\newdev.dll
24661fc0.27f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll [avoiding WinVerifyTrust]
24671fc0.27f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24681fc0.27f0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\devrtl.dll)
24691fc0.27f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devrtl.dll
24701fc0.27f0: supR3HardenedDllNotificationCallback: load 00007ff8d2100000 LB 0x001c5000 C:\Windows\system32\SETUPAPI.dll [fFlags=0x0]
24711fc0.27f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
24721fc0.27f0: supR3HardenedDllNotificationCallback: load 00007ff8c4660000 LB 0x00013000 C:\Windows\SYSTEM32\devrtl.DLL [fFlags=0x0]
24731fc0.27f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\devrtl.dll [avoiding WinVerifyTrust]
24741fc0.27f0: supR3HardenedDllNotificationCallback: load 00007ff8b36c0000 LB 0x00058000 C:\Windows\SYSTEM32\newdev.dll [fFlags=0x0]
24751fc0.27f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\newdev.dll
24761fc0.27f0: supR3HardenedDllNotificationCallback: load 00007ff8b4700000 LB 0x00061000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
24771fc0.27f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
24781fc0.27f0: supR3HardenedDllNotificationCallback: load 00007ff8b5770000 LB 0x00035000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
24791fc0.27f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
24801fc0.27f0: supR3HardenedDllNotificationCallback: load 00007ff8ceb20000 LB 0x0000b000 C:\Windows\SYSTEM32\WINNSI.DLL [fFlags=0x0]
24811fc0.27f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll [avoiding WinVerifyTrust]
24821fc0.27f0: supR3HardenedDllNotificationCallback: load 00007ff8cebf0000 LB 0x00038000 C:\Windows\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
24831fc0.27f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
24841fc0.27f0: supR3HardenedDllNotificationCallback: load 00007ff8a26f0000 LB 0x008e3000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
24851fc0.27f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
24861fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a26f0000 'C:\Program Files\Oracle\VirtualBox/VBoxDD.DLL'
24871fc0.27f0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f30 pwszName=\Device\HarddiskVolume2\Windows\System32\devrtl.dll
24881fc0.27f0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000013252f0
24891fc0.27f0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000013252f0
24901fc0.27f0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E4E1A7D70D0B4F04066620172BA9B8A3CADF2EF6
24911fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24921fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24931fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
24941fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
24951fc0.27f0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-base~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\devrtl.dll'
24961fc0.27f0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24971fc0.27f0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\devrtl.dll'
24981fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
24991fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
25001fc0.27f0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\winnsi.dll'
25011fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
25021fc0.27f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
25031fc0.27f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25041fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2fe0000 'C:\Program Files\Oracle\VirtualBox/VBoxC.DLL'
25051fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
25061fc0.27f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
25071fc0.27f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25081fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b5770000 'C:\Program Files\Oracle\VirtualBox/VBoxDD2.DLL'
25091fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
25101fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
25111fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
25121fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
25131fc0.310: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
25141fc0.310: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
25151fc0.310: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
25161fc0.310: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
25171fc0.310: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
25181fc0.310: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
25191fc0.310: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
25201fc0.310: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
25211fc0.310: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
25221fc0.310: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
25231fc0.310: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
25241fc0.310: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
25251fc0.310: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
25261fc0.310: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25271fc0.310: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
25281fc0.310: supR3HardenedDllNotificationCallback: load 00007ff8c5490000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
25291fc0.310: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
25301fc0.310: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c5490000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
25311fc0.27f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
25321fc0.27f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25331fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cebf0000 'C:\Windows\system32/Iphlpapi.dll'
25341fc0.27f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
25351fc0.27f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
25361fc0.27f0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll)
25371fc0.27f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
25381fc0.27f0: supR3HardenedDllNotificationCallback: load 00007ff8cb3c0000 LB 0x00016000 C:\Windows\SYSTEM32\dhcpcsvc6.DLL [fFlags=0x0]
25391fc0.27f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll [avoiding WinVerifyTrust]
25401fc0.27f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
25411fc0.27f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
25421fc0.27f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'nsi.dll'.
25431fc0.27f0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll)
25441fc0.27f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
25451fc0.27f0: supR3HardenedDllNotificationCallback: load 00007ff8cb3a0000 LB 0x0001a000 C:\Windows\SYSTEM32\dhcpcsvc.DLL [fFlags=0x0]
25461fc0.27f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll [avoiding WinVerifyTrust]
25471fc0.27f0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001028 pwszName=\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
25481fc0.27f0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000013252f0
25491fc0.27f0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000013252f0
25501fc0.27f0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EC5F23FF9BE9DCF8E5234FF8C5B6EBE9459DC35E
25511fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
25521fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
25531fc0.27f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll [lacks WinVerifyTrust]
25541fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
25551fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
25561fc0.27f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
25571fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
25581fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
25591fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
25601fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
25611fc0.27f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
25621fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
25631fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
25641fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
25651fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
25661fc0.27f0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-CoreSystem-minio-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll'
25671fc0.27f0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
25681fc0.27f0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll'
25691fc0.27f0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000101c pwszName=\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
25701fc0.27f0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000013252f0
25711fc0.27f0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000013252f0
25721fc0.27f0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7F2C6FCDABC75F6CF26C6E8145FC3426AD15DAAC
25731fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
25741fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
25751fc0.27f0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-CoreSystem-minio-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll'
25761fc0.27f0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
25771fc0.27f0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll'
25781fc0.27f0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000010b8 pwszName=\Device\HarddiskVolume2\Windows\System32\dsound.dll
25791fc0.27f0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000013252f0
25801fc0.27f0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000013252f0
25811fc0.27f0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7FF2119E435E404AD007FD65DA8D286C1635ACA6
25821fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
25831fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
25841fc0.27f0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SKU-Foundation-Package-avcore-noindeo-Group-avcore-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\dsound.dll'
25851fc0.27f0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
25861fc0.27f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25871fc0.27f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'advapi32.dll'.
25881fc0.27f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
25891fc0.27f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'winmm.dll'.
25901fc0.27f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dsound.dll) WinVerifyTrust
25911fc0.27f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dsound.dll
25921fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
25931fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
25941fc0.27f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
25951fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
25961fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
25971fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
25981fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
25991fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26001fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26011fc0.27f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26021fc0.27f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
26031fc0.27f0: supR3HardenedDllNotificationCallback: load 00007ff8cbd40000 LB 0x0009c000 C:\Windows\system32\dsound.dll [fFlags=0x0]
26041fc0.27f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
26051fc0.27f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
26061fc0.27f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26071fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cbd40000 'C:\Windows\system32\dsound.dll'
26081fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cbd40000 'C:\Windows\system32/dsound.dll'
26091fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
26101fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
26111fc0.27f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26121fc0.27f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
26131fc0.27f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'devobj.dll'.
26141fc0.27f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'propsys.dll'.
26151fc0.27f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll) WinVerifyTrust
26161fc0.27f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
26171fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
26181fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume2\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
26191fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
26201fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
26211fc0.27f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26221fc0.27f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
26231fc0.27f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
26241fc0.27f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\propsys.dll) WinVerifyTrust
26251fc0.27f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\propsys.dll
26261fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
26271fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
26281fc0.27f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll [redoing WinVerifyTrust]
26291fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
26301fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
26311fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
26321fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
26331fc0.27f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
26341fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26351fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26361fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
26371fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
26381fc0.27f0: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\devobj.dll'
26391fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
26401fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
26411fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26421fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26431fc0.27f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
26441fc0.27f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
26451fc0.27f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
26461fc0.27f0: supR3HardenedDllNotificationCallback: load 00007ff8cdd10000 LB 0x00183000 C:\Windows\System32\PROPSYS.dll [fFlags=0x0]
26471fc0.27f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
26481fc0.27f0: supR3HardenedDllNotificationCallback: load 00007ff8cbe30000 LB 0x00072000 C:\Windows\System32\MMDevApi.dll [fFlags=0x0]
26491fc0.27f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
26501fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cbe30000 'C:\Windows\System32\MMDevApi.dll'
26511fc0.27f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
26521fc0.27f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26531fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cbe30000 'C:\Windows\system32\MMDEVAPI.DLL'
26541fc0.27f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
26551fc0.27f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26561fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ceac0000 'C:\Windows\system32\winmm.dll'
26571fc0.27f0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000010f8 pwszName=\Device\HarddiskVolume2\Windows\System32\wdmaud.drv
26581fc0.27f0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000013252f0
26591fc0.27f0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000013252f0
26601fc0.27f0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=83143779FC4D27950BF3BCBCD430201AA21D5678
26611fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
26621fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
26631fc0.27f0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Multimedia-MMECoreWdmAudio-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\wdmaud.drv'
26641fc0.27f0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
26651fc0.27f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26661fc0.27f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'ksuser.dll'.
26671fc0.27f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'user32.dll'.
26681fc0.27f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'winmm.dll'.
26691fc0.27f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'avrt.dll'.
26701fc0.27f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'mmdevapi.dll'.
26711fc0.27f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wdmaud.drv) WinVerifyTrust
26721fc0.27f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
26731fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
26741fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
26751fc0.27f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
26761fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
26771fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
26781fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
26791fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
26801fc0.27f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\avrt.dll) WinVerifyTrust
26811fc0.27f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\avrt.dll
26821fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
26831fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
26841fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
26851fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
26861fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
26871fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume2\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
26881fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
26891fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
26901fc0.27f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26911fc0.27f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ksuser.dll) WinVerifyTrust
26921fc0.27f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ksuser.dll
26931fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26941fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26951fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26961fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26971fc0.27f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26981fc0.27f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
26991fc0.27f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
27001fc0.27f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
27011fc0.27f0: supR3HardenedDllNotificationCallback: load 00007ff8cc170000 LB 0x00008000 C:\Windows\SYSTEM32\ksuser.dll [fFlags=0x0]
27021fc0.27f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
27031fc0.27f0: supR3HardenedDllNotificationCallback: load 00007ff8cc180000 LB 0x0000b000 C:\Windows\SYSTEM32\AVRT.dll [fFlags=0x0]
27041fc0.27f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
27051fc0.27f0: supR3HardenedDllNotificationCallback: load 00007ff8b3260000 LB 0x00041000 C:\Windows\system32\wdmaud.drv [fFlags=0x0]
27061fc0.27f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
27071fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b3260000 'C:\Windows\system32\wdmaud.drv'
27081fc0.27f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
27091fc0.27f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27101fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b3260000 'C:\Windows\system32\wdmaud.drv'
27111fc0.27f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
27121fc0.27f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27131fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b3260000 'C:\Windows\system32\wdmaud.drv'
27141fc0.27f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
27151fc0.27f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27161fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b3260000 'C:\Windows\system32\wdmaud.drv'
27171fc0.27f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
27181fc0.27f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27191fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b3260000 'C:\Windows\system32\wdmaud.drv'
27201fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
27211fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
27221fc0.27f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27231fc0.27f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
27241fc0.27f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
27251fc0.27f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'mmdevapi.dll'.
27261fc0.27f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\AudioSes.dll) WinVerifyTrust
27271fc0.27f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
27281fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
27291fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
27301fc0.27f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
27311fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
27321fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
27331fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
27341fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
27351fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27361fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27371fc0.27f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27381fc0.27f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
27391fc0.27f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27401fc0.27f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'combase.dll'.
27411fc0.27f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
27421fc0.27f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\WinTypes.dll)
27431fc0.27f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\WinTypes.dll
27441fc0.27f0: supR3HardenedDllNotificationCallback: load 00007ff8cb880000 LB 0x00131000 C:\Windows\SYSTEM32\wintypes.dll [fFlags=0x0]
27451fc0.27f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust]
27461fc0.27f0: supR3HardenedDllNotificationCallback: load 00007ff8cb9c0000 LB 0x00085000 C:\Windows\system32\AUDIOSES.DLL [fFlags=0x0]
27471fc0.27f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
27481fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cb9c0000 'C:\Windows\system32\AUDIOSES.DLL'
27491fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
27501fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
27511fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
27521fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
27531fc0.27f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll
27541fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27551fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27561fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
27571fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
27581fc0.27f0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\WinTypes.dll'
27591fc0.27f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
27601fc0.27f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27611fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b3260000 'C:\Windows\system32\wdmaud.drv'
27621fc0.27f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
27631fc0.27f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27641fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b3260000 'C:\Windows\system32\wdmaud.drv'
27651fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b3260000 'C:\Windows\system32\wdmaud.drv'
27661fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b3260000 'C:\Windows\system32\wdmaud.drv'
27671fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b3260000 'C:\Windows\system32\wdmaud.drv'
27681fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b3260000 'C:\Windows\system32\wdmaud.drv'
27691fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b3260000 'C:\Windows\system32\wdmaud.drv'
27701fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b3260000 'C:\Windows\system32\wdmaud.drv'
27711fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b3260000 'C:\Windows\system32\wdmaud.drv'
27721fc0.27f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
27731fc0.27f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27741fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b3260000 'C:\Windows\system32\wdmaud.drv'
27751fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b3260000 'C:\Windows\system32\wdmaud.drv'
27761fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b3260000 'C:\Windows\system32\wdmaud.drv'
27771fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b3260000 'C:\Windows\system32\wdmaud.drv'
27781fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b3260000 'C:\Windows\system32\wdmaud.drv'
27791fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b3260000 'C:\Windows\system32\wdmaud.drv'
27801fc0.27f0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000102c pwszName=\Device\HarddiskVolume2\Windows\System32\msacm32.drv
27811fc0.27f0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000013252f0
27821fc0.27f0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000013252f0
27831fc0.27f0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3EAA362874D7E19DE11B8B4782838AD2981FC207
27841fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
27851fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
27861fc0.27f0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SKU-Foundation-Package-avcore-noindeo-Group-avcore-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\msacm32.drv'
27871fc0.27f0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
27881fc0.27f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27891fc0.27f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'mmdevapi.dll'.
27901fc0.27f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msacm32.dll'.
27911fc0.27f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'user32.dll'.
27921fc0.27f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'winmm.dll'.
27931fc0.27f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.drv) WinVerifyTrust
27941fc0.27f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.drv
27951fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
27961fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
27971fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
27981fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
27991fc0.27f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
28001fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
28011fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
28021fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
28031fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
28041fc0.27f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28051fc0.27f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.dll) WinVerifyTrust
28061fc0.27f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.dll
28071fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
28081fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
28091fc0.27f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
28101fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28111fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28121fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28131fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28141fc0.27f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28151fc0.27f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
28161fc0.27f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
28171fc0.27f0: supR3HardenedDllNotificationCallback: load 00007ff8b7c20000 LB 0x0001c000 C:\Windows\SYSTEM32\MSACM32.dll [fFlags=0x0]
28181fc0.27f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
28191fc0.27f0: supR3HardenedDllNotificationCallback: load 00007ff8cc840000 LB 0x0000c000 C:\Windows\system32\msacm32.drv [fFlags=0x0]
28201fc0.27f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
28211fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cc840000 'C:\Windows\system32\msacm32.drv'
28221fc0.27f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
28231fc0.27f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28241fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cc840000 'C:\Windows\system32\msacm32.drv'
28251fc0.27f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
28261fc0.27f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28271fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cc840000 'C:\Windows\system32\msacm32.drv'
28281fc0.27f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
28291fc0.27f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28301fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cc840000 'C:\Windows\system32\msacm32.drv'
28311fc0.27f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
28321fc0.27f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28331fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cc840000 'C:\Windows\system32\msacm32.drv'
28341fc0.27f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
28351fc0.27f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28361fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cc840000 'C:\Windows\system32\msacm32.drv'
28371fc0.27f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
28381fc0.27f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28391fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cc840000 'C:\Windows\system32\msacm32.drv'
28401fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cc840000 'C:\Windows\system32\msacm32.drv'
28411fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cc840000 'C:\Windows\system32\msacm32.drv'
28421fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cc840000 'C:\Windows\system32\msacm32.drv'
28431fc0.27f0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001158 pwszName=\Device\HarddiskVolume2\Windows\System32\midimap.dll
28441fc0.27f0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000013252f0
28451fc0.27f0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000013252f0
28461fc0.27f0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=96AFFE7289EA0FE318F97A9F3C88DF66DCB2B4F6
28471fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cff30000 'C:\Windows\system32\rsaenh.dll'
28481fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d14e0000 'C:\Windows\system32\crypt32.dll'
28491fc0.27f0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SKU-Foundation-Package-avcore-noindeo-Group-avcore-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\midimap.dll'
28501fc0.27f0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
28511fc0.27f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28521fc0.27f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'winmm.dll'.
28531fc0.27f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\midimap.dll) WinVerifyTrust
28541fc0.27f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\midimap.dll
28551fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
28561fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
28571fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28581fc0.27f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28591fc0.27f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28601fc0.27f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
28611fc0.27f0: supR3HardenedDllNotificationCallback: load 00007ff8c8d70000 LB 0x0000a000 C:\Windows\system32\midimap.dll [fFlags=0x0]
28621fc0.27f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
28631fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c8d70000 'C:\Windows\system32\midimap.dll'
28641fc0.27f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
28651fc0.27f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28661fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c8d70000 'C:\Windows\system32\midimap.dll'
28671fc0.27f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
28681fc0.27f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28691fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c8d70000 'C:\Windows\system32\midimap.dll'
28701fc0.27f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
28711fc0.27f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28721fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c8d70000 'C:\Windows\system32\midimap.dll'
28731fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ceac0000 'C:\Windows\system32\winmm.dll'
28741fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ceac0000 'C:\Windows\system32\winmm.dll'
28751fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ceac0000 'C:\Windows\system32\winmm.dll'
28761fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ceac0000 'C:\Windows\system32\winmm.dll'
28771fc0.27f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
28781fc0.27f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28791fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ceac0000 'C:\Windows\system32\winmm.dll'
28801fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ceac0000 'C:\Windows\system32\winmm.dll'
28811fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ceac0000 'C:\Windows\system32\winmm.dll'
28821fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ceac0000 'C:\Windows\system32\winmm.dll'
28831fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ceac0000 'C:\Windows\system32\winmm.dll'
28841fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ceac0000 'C:\Windows\system32\winmm.dll'
28851fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ceac0000 'C:\Windows\system32\winmm.dll'
28861fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ceac0000 'C:\Windows\system32\winmm.dll'
28871fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ceac0000 'C:\Windows\system32\winmm.dll'
28881fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ceac0000 'C:\Windows\system32\winmm.dll'
28891fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ceac0000 'C:\Windows\system32\winmm.dll'
28901fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ceac0000 'C:\Windows\system32\winmm.dll'
28911fc0.27f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
28921fc0.27f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
28931fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cbd40000 'C:\Windows\System32\dsound.dll'
28941fc0.27f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
28951fc0.27f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28961fc0.27f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d3d30000 'C:\Windows\system32/kernel32.dll'
28971fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d2800000 'C:\Windows\system32\shell32.dll'
28981fc0.2750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d2800000 'C:\Windows\system32\shell32.dll'
28991fc0.1364: '\Device\HarddiskVolume2\Windows\System32\tzres.dll' has no imports
29001fc0.1364: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\tzres.dll)
29011fc0.1364: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\tzres.dll
29021fc0.1364: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\tzres.dll [avoiding WinVerifyTrust]
29031fc0.310: supR3HardenedDllNotificationCallback: Unload 00007ff8c5490000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [flags=0x0]
29041fc0.1afc: supR3HardenedDllNotificationCallback: Unload 00007ff8c7fd0000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [flags=0x0]
29051fc0.2720: supR3HardenedDllNotificationCallback: Unload 00007ff8c8010000 LB 0x0000f000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [flags=0x0]
29061fc0.2370: supR3HardenedDllNotificationCallback: Unload 00007ff8c8650000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [flags=0x0]
29071fc0.2208: supR3HardenedDllNotificationCallback: Unload 00007ff8c92a0000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [flags=0x0]
29081fc0.27f0: supR3HardenedDllNotificationCallback: Unload 00007ff8a26f0000 LB 0x008e3000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [flags=0x0]
29091fc0.27f0: supR3HardenedDllNotificationCallback: Unload 00007ff8b4700000 LB 0x00061000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [flags=0x0]
29101fc0.27f0: supR3HardenedDllNotificationCallback: Unload 00007ff8b36c0000 LB 0x00058000 C:\Windows\SYSTEM32\newdev.dll [flags=0x0]
29111fc0.27f0: supR3HardenedDllNotificationCallback: Unload 00007ff8c4660000 LB 0x00013000 C:\Windows\SYSTEM32\devrtl.DLL [flags=0x0]
29121fc0.27f0: supR3HardenedDllNotificationCallback: Unload 00007ff8b5770000 LB 0x00035000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [flags=0x0]
29131fc0.27f0: supR3HardenedDllNotificationCallback: Unload 00007ff8d2100000 LB 0x001c5000 C:\Windows\system32\SETUPAPI.dll [flags=0x0]
29141fc0.2750: supR3HardenedDllNotificationCallback: Unload 00007ff8c4810000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [flags=0x0]
29151fc0.2750: supR3HardenedDllNotificationCallback: Unload 00007ff8c4e70000 LB 0x00011000 C:\Windows\system32\wbem\wbemprox.dll [flags=0x0]
29161fc0.2750: supR3HardenedDllNotificationCallback: Unload 00007ff8c5750000 LB 0x00046000 C:\Windows\system32\dataexchange.dll [flags=0x0]
29171fc0.2750: supR3HardenedDllNotificationCallback: Unload 00007ff8ca390000 LB 0x00545000 C:\Windows\system32\d2d1.dll [flags=0x0]
29181fc0.2750: supR3HardenedDllNotificationCallback: Unload 00007ff8ce640000 LB 0x002a3000 C:\Windows\system32\d3d11.dll [flags=0x0]
29191fc0.2750: supR3HardenedDllNotificationCallback: Unload 00007ff8ce5a0000 LB 0x0009c000 C:\Windows\system32\dxgi.dll [flags=0x0]
29201fc0.2750: supR3HardenedDllNotificationCallback: Unload 00007ff8cee70000 LB 0x000d1000 C:\Windows\system32\dcomp.dll [flags=0x0]
29211fc0.2750: supR3HardenedDllNotificationCallback: Unload 00007ff8cf3d0000 LB 0x000ee000 C:\Windows\system32\twinapi.appcore.dll [flags=0x0]
29221fc0.2750: supR3HardenedDllNotificationCallback: Unload 00007ff8a2fe0000 LB 0x005d7000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [flags=0x0]
29231fc0.2750: supR3HardenedDllNotificationCallback: Unload 00007ff8d2790000 LB 0x00008000 C:\Windows\system32\PSAPI.DLL [flags=0x0]
29241fc0.2750: supR3HardenedDllNotificationCallback: Unload 00007ff8c70c0000 LB 0x0000a000 C:\Windows\SYSTEM32\VERSION.dll [flags=0x0]
29251fc0.2750: supR3HardenedDllNotificationCallback: Unload 00007ff8c48e0000 LB 0x000f8000 C:\Windows\system32\wbem\fastprox.dll [flags=0x0]
29261fc0.2750: supR3HardenedDllNotificationCallback: Unload 00007ff8c7d40000 LB 0x0007f000 C:\Windows\SYSTEM32\wbemcomn.dll [flags=0x0]
29271fc0.2750: Terminating the normal way: rcExit=0
29281180.2724: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 19554 ms, the end);
2929161c.274: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 19987 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy