VirtualBox

Ticket #14869: Vboxhardening.log

File Vboxhardening.log, 254.6 KB (added by jamesr, 9 years ago)

Vbox hardening log on homestead

Line 
129c.12f4: Log file opened: 5.0.10r104061 g_hStartupLog=000000000000008c g_uNtVerCombined=0xa0295a00
229c.12f4: \SystemRoot\System32\ntdll.dll:
329c.12f4: CreationTime: 2015-10-30T07:18:03.534188700Z
429c.12f4: LastWriteTime: 2015-10-30T07:18:03.534188700Z
529c.12f4: ChangeTime: 2015-11-18T12:17:26.280542600Z
629c.12f4: FileAttributes: 0x20
729c.12f4: Size: 0x1bba48
829c.12f4: NT Headers: 0xe0
929c.12f4: Timestamp: 0x5632d193
1029c.12f4: Machine: 0x8664 - amd64
1129c.12f4: Timestamp: 0x5632d193
1229c.12f4: Image Version: 10.0
1329c.12f4: SizeOfImage: 0x1c1000 (1839104)
1429c.12f4: Resource Dir: 0x159000 LB 0x66210
1529c.12f4: ProductName: Microsoft® Windows® Operating System
1629c.12f4: ProductVersion: 10.0.10586.0
1729c.12f4: FileVersion: 10.0.10586.0 (th2_release.151029-1700)
1829c.12f4: FileDescription: NT Layer DLL
1929c.12f4: \SystemRoot\System32\kernel32.dll:
2029c.12f4: CreationTime: 2015-10-30T07:17:46.221743200Z
2129c.12f4: LastWriteTime: 2015-10-30T07:17:46.221743200Z
2229c.12f4: ChangeTime: 2015-11-18T12:17:25.968031300Z
2329c.12f4: FileAttributes: 0x20
2429c.12f4: Size: 0xac430
2529c.12f4: NT Headers: 0xf0
2629c.12f4: Timestamp: 0x5632d5aa
2729c.12f4: Machine: 0x8664 - amd64
2829c.12f4: Timestamp: 0x5632d5aa
2929c.12f4: Image Version: 10.0
3029c.12f4: SizeOfImage: 0xad000 (708608)
3129c.12f4: Resource Dir: 0xab000 LB 0x528
3229c.12f4: ProductName: Microsoft® Windows® Operating System
3329c.12f4: ProductVersion: 10.0.10586.0
3429c.12f4: FileVersion: 10.0.10586.0 (th2_release.151029-1700)
3529c.12f4: FileDescription: Windows NT BASE API Client DLL
3629c.12f4: \SystemRoot\System32\KernelBase.dll:
3729c.12f4: CreationTime: 2015-10-30T07:18:03.596688800Z
3829c.12f4: LastWriteTime: 2015-10-30T07:18:03.596688800Z
3929c.12f4: ChangeTime: 2015-11-18T12:17:25.999283300Z
4029c.12f4: FileAttributes: 0x20
4129c.12f4: Size: 0x1e7a08
4229c.12f4: NT Headers: 0xf0
4329c.12f4: Timestamp: 0x5632d1de
4429c.12f4: Machine: 0x8664 - amd64
4529c.12f4: Timestamp: 0x5632d1de
4629c.12f4: Image Version: 10.0
4729c.12f4: SizeOfImage: 0x1e8000 (1998848)
4829c.12f4: Resource Dir: 0x1d1000 LB 0x540
4929c.12f4: ProductName: Microsoft® Windows® Operating System
5029c.12f4: ProductVersion: 10.0.10586.0
5129c.12f4: FileVersion: 10.0.10586.0 (th2_release.151029-1700)
5229c.12f4: FileDescription: Windows NT BASE API Client DLL
5329c.12f4: \SystemRoot\System32\apisetschema.dll:
5429c.12f4: CreationTime: 2015-10-30T07:17:57.502957900Z
5529c.12f4: LastWriteTime: 2015-10-30T07:17:57.502957900Z
5629c.12f4: ChangeTime: 2015-11-18T12:17:25.092999700Z
5729c.12f4: FileAttributes: 0x20
5829c.12f4: Size: 0x16d60
5929c.12f4: NT Headers: 0xc8
6029c.12f4: Timestamp: 0x5632d94c
6129c.12f4: Machine: 0x8664 - amd64
6229c.12f4: Timestamp: 0x5632d94c
6329c.12f4: Image Version: 10.0
6429c.12f4: SizeOfImage: 0x18000 (98304)
6529c.12f4: Resource Dir: 0x17000 LB 0x400
6629c.12f4: ProductName: Microsoft® Windows® Operating System
6729c.12f4: ProductVersion: 10.0.10586.0
6829c.12f4: FileVersion: 10.0.10586.0 (th2_release.151029-1700)
6929c.12f4: FileDescription: ApiSet Schema DLL
7029c.12f4: supR3HardenedWinFindAdversaries: 0x100
7129c.12f4: \SystemRoot\System32\drivers\avgrkx64.sys:
7229c.12f4: CreationTime: 2015-03-20T10:18:18.000000000Z
7329c.12f4: LastWriteTime: 2015-08-10T14:25:40.000000000Z
7429c.12f4: ChangeTime: 2015-11-18T12:52:22.602400600Z
7529c.12f4: FileAttributes: 0x20
7629c.12f4: Size: 0xa5b0
7729c.12f4: NT Headers: 0xe8
7829c.12f4: Timestamp: 0x55c8a651
7929c.12f4: Machine: 0x8664 - amd64
8029c.12f4: Timestamp: 0x55c8a651
8129c.12f4: Image Version: 6.2
8229c.12f4: SizeOfImage: 0xa000 (40960)
8329c.12f4: Resource Dir: 0x9000 LB 0x4e4
8429c.12f4: ProductName: AVG Internet Security
8529c.12f4: ProductVersion: 16.0.0.7018
8629c.12f4: FileVersion: 16.0.0.7018
8729c.12f4: SpecialBuild: AvCompile_2015_0810_152249(7018), SVNRev bcda0285b62dd6766bbf558cb0e562271f6e2fd5 (av/devel), av
8829c.12f4: PrivateBuild: x64 Release_Unicode_DRIVER
8929c.12f4: FileDescription: AVG Anti-Rootkit Driver
9029c.12f4: \SystemRoot\System32\drivers\avgmfx64.sys:
9129c.12f4: CreationTime: 2015-10-21T15:15:02.000000000Z
9229c.12f4: LastWriteTime: 2015-10-21T15:15:02.000000000Z
9329c.12f4: ChangeTime: 2015-11-18T12:52:22.602400600Z
9429c.12f4: FileAttributes: 0x20
9529c.12f4: Size: 0x3e5b0
9629c.12f4: NT Headers: 0xe8
9729c.12f4: Timestamp: 0x5627abf4
9829c.12f4: Machine: 0x8664 - amd64
9929c.12f4: Timestamp: 0x5627abf4
10029c.12f4: Image Version: 6.2
10129c.12f4: SizeOfImage: 0x3f000 (258048)
10229c.12f4: Resource Dir: 0x3d000 LB 0x558
10329c.12f4: ProductName: AVG Internet Security
10429c.12f4: ProductVersion: 16.7.0.7225
10529c.12f4: FileVersion: 16.7.0.7225
10629c.12f4: SpecialBuild: AvCompile_2015_1021_170455(7225), SVNRev 7c855447f1a8108ea241fa3c579387fa3a34c4a1 (release/SmallUpdate2016-01_release), av, gbn 16.7.1.29462
10729c.12f4: PrivateBuild: x64 Release_Unicode_DRIVER
10829c.12f4: FileDescription: AVG Resident Shield Minifilter Driver
10929c.12f4: \SystemRoot\System32\drivers\avgidsdrivera.sys:
11029c.12f4: CreationTime: 2015-06-26T07:49:10.000000000Z
11129c.12f4: LastWriteTime: 2015-10-19T07:03:24.000000000Z
11229c.12f4: ChangeTime: 2015-11-18T12:52:22.602400600Z
11329c.12f4: FileAttributes: 0x20
11429c.12f4: Size: 0x4c9b0
11529c.12f4: NT Headers: 0xe0
11629c.12f4: Timestamp: 0x562495b9
11729c.12f4: Machine: 0x8664 - amd64
11829c.12f4: Timestamp: 0x562495b9
11929c.12f4: Image Version: 6.2
12029c.12f4: SizeOfImage: 0x53000 (339968)
12129c.12f4: Resource Dir: 0x51000 LB 0x578
12229c.12f4: ProductName: AVG Internet Security
12329c.12f4: ProductVersion: 16.7.0.7222
12429c.12f4: FileVersion: 16.7.0.7222
12529c.12f4: SpecialBuild: AvCompile_2015_1019_084916(7222), SVNRev ae2258cc1e372062c071fabbc49d3ede375b871c (release/SmallUpdate2016-01_release), av, gbn 16.7.1.28104
12629c.12f4: PrivateBuild: x64 Release_Unicode_DRIVER
12729c.12f4: FileDescription: AVG IDS Application Activity Monitor Driver.
12829c.12f4: \SystemRoot\System32\drivers\avgidsha.sys:
12929c.12f4: CreationTime: 2015-05-12T12:36:54.000000000Z
13029c.12f4: LastWriteTime: 2015-08-20T12:58:04.000000000Z
13129c.12f4: ChangeTime: 2015-11-18T12:52:22.602400600Z
13229c.12f4: FileAttributes: 0x20
13329c.12f4: Size: 0x48db0
13429c.12f4: NT Headers: 0xd8
13529c.12f4: Timestamp: 0x55d5c0c9
13629c.12f4: Machine: 0x8664 - amd64
13729c.12f4: Timestamp: 0x55d5c0c9
13829c.12f4: Image Version: 6.2
13929c.12f4: SizeOfImage: 0x49000 (299008)
14029c.12f4: Resource Dir: 0x47000 LB 0x52c
14129c.12f4: ProductName: AVG Internet Security
14229c.12f4: ProductVersion: 16.1.0.7028
14329c.12f4: FileVersion: 16.1.0.7028
14429c.12f4: SpecialBuild: AvCompile_2015_0820_135459(7028), SVNRev f4234d401b085a2f130f926a678ec233158e4b7d (release/AVG2016_beta1), av
14529c.12f4: PrivateBuild: x64 Release_Unicode_DRIVER
14629c.12f4: FileDescription: AVG Application Activity Monitor Helper Driver
14729c.12f4: \SystemRoot\System32\drivers\avgloga.sys:
14829c.12f4: CreationTime: 2015-08-14T13:24:40.000000000Z
14929c.12f4: LastWriteTime: 2015-08-14T13:24:40.000000000Z
15029c.12f4: ChangeTime: 2015-11-18T12:52:22.602400600Z
15129c.12f4: FileAttributes: 0x20
15229c.12f4: Size: 0x613b0
15329c.12f4: NT Headers: 0xe0
15429c.12f4: Timestamp: 0x55cdde04
15529c.12f4: Machine: 0x8664 - amd64
15629c.12f4: Timestamp: 0x55cdde04
15729c.12f4: Image Version: 6.2
15829c.12f4: SizeOfImage: 0x62000 (401408)
15929c.12f4: Resource Dir: 0x60000 LB 0x4d4
16029c.12f4: ProductName: AVG Internet Security
16129c.12f4: ProductVersion: 16.0.0.7023
16229c.12f4: FileVersion: 16.0.0.7023
16329c.12f4: SpecialBuild: AvCompile_2015_0814_141417(7023), SVNRev 3f0381b1756dd093311a0a028b8a3dbdd65d1ea3 (av/devel), av
16429c.12f4: PrivateBuild: x64 Release_Unicode_DRIVER
16529c.12f4: FileDescription: AVG Logging Driver
16629c.12f4: \SystemRoot\System32\drivers\avgldx64.sys:
16729c.12f4: CreationTime: 2015-10-21T15:16:48.000000000Z
16829c.12f4: LastWriteTime: 2015-10-21T15:16:48.000000000Z
16929c.12f4: ChangeTime: 2015-11-18T12:52:22.602400600Z
17029c.12f4: FileAttributes: 0x20
17129c.12f4: Size: 0x455b0
17229c.12f4: NT Headers: 0xd8
17329c.12f4: Timestamp: 0x5627ac5c
17429c.12f4: Machine: 0x8664 - amd64
17529c.12f4: Timestamp: 0x5627ac5c
17629c.12f4: Image Version: 6.2
17729c.12f4: SizeOfImage: 0x46000 (286720)
17829c.12f4: Resource Dir: 0x44000 LB 0x538
17929c.12f4: ProductName: AVG Internet Security
18029c.12f4: ProductVersion: 16.7.0.7225
18129c.12f4: FileVersion: 16.7.0.7225
18229c.12f4: SpecialBuild: AvCompile_2015_1021_170455(7225), SVNRev 7c855447f1a8108ea241fa3c579387fa3a34c4a1 (release/SmallUpdate2016-01_release), av, gbn 16.7.1.29462
18329c.12f4: PrivateBuild: x64 Release_Unicode_DRIVER
18429c.12f4: FileDescription: AVG AVI Loader Driver
18529c.12f4: \SystemRoot\System32\drivers\avgdiska.sys:
18629c.12f4: CreationTime: 2015-08-10T14:32:08.000000000Z
18729c.12f4: LastWriteTime: 2015-08-10T14:32:08.000000000Z
18829c.12f4: ChangeTime: 2015-11-18T12:52:22.602400600Z
18929c.12f4: FileAttributes: 0x20
19029c.12f4: Size: 0x301b0
19129c.12f4: NT Headers: 0xe8
19229c.12f4: Timestamp: 0x55c8a7d5
19329c.12f4: Machine: 0x8664 - amd64
19429c.12f4: Timestamp: 0x55c8a7d5
19529c.12f4: Image Version: 6.2
19629c.12f4: SizeOfImage: 0x31000 (200704)
19729c.12f4: Resource Dir: 0x2f000 LB 0x4e0
19829c.12f4: ProductName: AVG Internet Security
19929c.12f4: ProductVersion: 16.0.0.7018
20029c.12f4: FileVersion: 16.0.0.7018
20129c.12f4: SpecialBuild: AvCompile_2015_0810_152249(7018), SVNRev bcda0285b62dd6766bbf558cb0e562271f6e2fd5 (av/devel), av
20229c.12f4: PrivateBuild: x64 Release_Unicode_DRIVER
20329c.12f4: FileDescription: AVG File Vault Driver
20429c.12f4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
20529c.12f4: Calling main()
20629c.12f4: SUPR3HardenedMain: pszProgName=VBoxHeadless fFlags=0x0
20729c.12f4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
20829c.12f4: SUPR3HardenedMain: Respawn #1
20929c.12f4: System32: \Device\HarddiskVolume2\Windows\System32
21029c.12f4: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
21129c.12f4: KnownDllPath: C:\WINDOWS\system32
21229c.12f4: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
21329c.12f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe)
21429c.12f4: supR3HardNtEnableThreadCreation:
21529c.12f4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffed00e6a00 pvNtTerminateThread=00007ffed01157a0
21629c.12f4: supR3HardenedWinDoReSpawn(1): New child 3744.1e94 [kernel32].
21729c.12f4: supR3HardNtChildGatherData: PebBaseAddress=00000000002e7000 cbPeb=0x388
21829c.12f4: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffed0070000 uNtDllChildAddr=00007ffed0070000
21929c.12f4: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffed00e6a00
22029c.12f4: supR3HardenedWinSetupChildInit: Start child.
22129c.12f4: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
22229c.12f4: supR3HardNtChildPurify: Startup delay kludge #1/0: 515 ms, 58 sleeps
22329c.12f4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
22429c.12f4: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
22529c.12f4: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
22629c.12f4: *0000000000030000-000000000001afff 0x0002/0x0002 0x0040000
22729c.12f4: 0000000000045000-0000000000039fff 0x0001/0x0000 0x0000000
22829c.12f4: *0000000000050000-fffffffffff53fff 0x0000/0x0004 0x0020000
22929c.12f4: 000000000014c000-0000000000148fff 0x0104/0x0004 0x0020000
23029c.12f4: 000000000014f000-000000000014dfff 0x0004/0x0004 0x0020000
23129c.12f4: *0000000000150000-000000000014bfff 0x0002/0x0002 0x0040000
23229c.12f4: 0000000000154000-0000000000147fff 0x0001/0x0000 0x0000000
23329c.12f4: *0000000000160000-000000000015dfff 0x0004/0x0004 0x0020000
23429c.12f4: 0000000000162000-00000000000c3fff 0x0001/0x0000 0x0000000
23529c.12f4: *0000000000200000-0000000000118fff 0x0000/0x0004 0x0020000
23629c.12f4: 00000000002e7000-00000000002e3fff 0x0004/0x0004 0x0020000
23729c.12f4: 00000000002ea000-00000000001d3fff 0x0000/0x0004 0x0020000
23829c.12f4: 0000000000400000-ffffffff8081ffff 0x0001/0x0000 0x0000000
23929c.12f4: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
24029c.12f4: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
24129c.12f4: 000000007fff0000-ffff8009dbedffff 0x0001/0x0000 0x0000000
24229c.12f4: *00007ff724100000-00007ff7240dcfff 0x0002/0x0002 0x0040000
24329c.12f4: 00007ff724123000-00007ff723ed5fff 0x0001/0x0000 0x0000000
24429c.12f4: *00007ff724370000-00007ff724370fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
24529c.12f4: 00007ff724371000-00007ff7243f7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
24629c.12f4: 00007ff7243f8000-00007ff7243f8fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
24729c.12f4: 00007ff7243f9000-00007ff724443fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
24829c.12f4: 00007ff724444000-00007ff724444fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
24929c.12f4: 00007ff724445000-00007ff724445fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
25029c.12f4: 00007ff724446000-00007ff72444afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
25129c.12f4: 00007ff72444b000-00007ff72444bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
25229c.12f4: 00007ff72444c000-00007ff72444cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
25329c.12f4: 00007ff72444d000-00007ff724450fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
25429c.12f4: 00007ff724451000-00007ff72449bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
25529c.12f4: 00007ff72449c000-00007fef788c7fff 0x0001/0x0000 0x0000000
25629c.12f4: *00007ffed0070000-00007ffed0070fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
25729c.12f4: 00007ffed0071000-00007ffed016dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
25829c.12f4: 00007ffed016e000-00007ffed01aefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
25929c.12f4: 00007ffed01af000-00007ffed01b7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
26029c.12f4: 00007ffed01b8000-00007ffed01c4fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
26129c.12f4: 00007ffed01c5000-00007ffed01c5fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
26229c.12f4: 00007ffed01c6000-00007ffed01c8fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
26329c.12f4: 00007ffed01c9000-00007ffed0230fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
26429c.12f4: 00007ffed0231000-00007ffda0481fff 0x0001/0x0000 0x0000000
26529c.12f4: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
26629c.12f4: VBoxHeadless.exe: timestamp 0x564221d3 (rc=VINF_SUCCESS)
26729c.12f4: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
26829c.12f4: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
26929c.12f4: supR3HardNtChildPurify: Done after 551 ms and 0 fixes (loop #0).
27029c.12f4: supR3HardNtEnableThreadCreation:
2713744.1e94: Log file opened: 5.0.10r104061 g_hStartupLog=0000000000000008 g_uNtVerCombined=0xa0295a00
2723744.1e94: supR3HardenedVmProcessInit: uNtDllAddr=00007ffed0070000
2733744.1e94: ntdll.dll: timestamp 0x5632d193 (rc=VINF_SUCCESS)
2743744.1e94: New simple heap: #1 0000000000500000 LB 0x400000 (for 1839104 allocation)
2753744.1e94: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
2763744.1e94: System32: \Device\HarddiskVolume2\Windows\System32
2773744.1e94: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
2783744.1e94: KnownDllPath: C:\WINDOWS\system32
2793744.1e94: supR3HardenedVmProcessInit: Opening vboxdrv stub...
2803744.1e94: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
2813744.1e94: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
2823744.1e94: Registered Dll notification callback with NTDLL.
2833744.1e94: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
2843744.1e94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2853744.1e94: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801:<flags> [calling]
2863744.1e94: supR3HardenedDllNotificationCallback: load 00007ffecb400000 LB 0x001e8000 C:\WINDOWS\system32\KERNELBASE.dll [fFlags=0x0]
2873744.1e94: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
2883744.1e94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2893744.1e94: supR3HardenedDllNotificationCallback: load 00007ffeceb70000 LB 0x000ad000 C:\WINDOWS\system32\KERNEL32.DLL [fFlags=0x0]
2903744.1e94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
2913744.1e94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeceb70000 'C:\WINDOWS\system32\KERNEL32.DLL'
2923744.1e94: supR3HardenedDllNotificationCallback: load 00007ff724370000 LB 0x0012c000 C:\Program Files\Oracle\VirtualBox\VBoxHeadless.exe [fFlags=0x0]
2933744.1e94: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
2943744.1e94: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe)
2953744.1e94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
2963744.1e94: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffed00e6a00 pvNtTerminateThread=00007ffed01157a0
29729c.12f4: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 87 ms.
2983744.1e94: \SystemRoot\System32\ntdll.dll:
2993744.1e94: CreationTime: 2015-10-30T07:18:03.534188700Z
3003744.1e94: LastWriteTime: 2015-10-30T07:18:03.534188700Z
3013744.1e94: ChangeTime: 2015-11-18T12:17:26.280542600Z
3023744.1e94: FileAttributes: 0x20
3033744.1e94: Size: 0x1bba48
3043744.1e94: NT Headers: 0xe0
3053744.1e94: Timestamp: 0x5632d193
3063744.1e94: Machine: 0x8664 - amd64
3073744.1e94: Timestamp: 0x5632d193
3083744.1e94: Image Version: 10.0
3093744.1e94: SizeOfImage: 0x1c1000 (1839104)
3103744.1e94: Resource Dir: 0x159000 LB 0x66210
3113744.1e94: ProductName: Microsoft® Windows® Operating System
3123744.1e94: ProductVersion: 10.0.10586.0
3133744.1e94: FileVersion: 10.0.10586.0 (th2_release.151029-1700)
3143744.1e94: FileDescription: NT Layer DLL
3153744.1e94: \SystemRoot\System32\kernel32.dll:
3163744.1e94: CreationTime: 2015-10-30T07:17:46.221743200Z
3173744.1e94: LastWriteTime: 2015-10-30T07:17:46.221743200Z
3183744.1e94: ChangeTime: 2015-11-18T12:17:25.968031300Z
3193744.1e94: FileAttributes: 0x20
3203744.1e94: Size: 0xac430
3213744.1e94: NT Headers: 0xf0
3223744.1e94: Timestamp: 0x5632d5aa
3233744.1e94: Machine: 0x8664 - amd64
3243744.1e94: Timestamp: 0x5632d5aa
3253744.1e94: Image Version: 10.0
3263744.1e94: SizeOfImage: 0xad000 (708608)
3273744.1e94: Resource Dir: 0xab000 LB 0x528
3283744.1e94: ProductName: Microsoft® Windows® Operating System
3293744.1e94: ProductVersion: 10.0.10586.0
3303744.1e94: FileVersion: 10.0.10586.0 (th2_release.151029-1700)
3313744.1e94: FileDescription: Windows NT BASE API Client DLL
3323744.1e94: \SystemRoot\System32\KernelBase.dll:
3333744.1e94: CreationTime: 2015-10-30T07:18:03.596688800Z
3343744.1e94: LastWriteTime: 2015-10-30T07:18:03.596688800Z
3353744.1e94: ChangeTime: 2015-11-18T12:17:25.999283300Z
3363744.1e94: FileAttributes: 0x20
3373744.1e94: Size: 0x1e7a08
3383744.1e94: NT Headers: 0xf0
3393744.1e94: Timestamp: 0x5632d1de
3403744.1e94: Machine: 0x8664 - amd64
3413744.1e94: Timestamp: 0x5632d1de
3423744.1e94: Image Version: 10.0
3433744.1e94: SizeOfImage: 0x1e8000 (1998848)
3443744.1e94: Resource Dir: 0x1d1000 LB 0x540
3453744.1e94: ProductName: Microsoft® Windows® Operating System
3463744.1e94: ProductVersion: 10.0.10586.0
3473744.1e94: FileVersion: 10.0.10586.0 (th2_release.151029-1700)
3483744.1e94: FileDescription: Windows NT BASE API Client DLL
3493744.1e94: \SystemRoot\System32\apisetschema.dll:
3503744.1e94: CreationTime: 2015-10-30T07:17:57.502957900Z
3513744.1e94: LastWriteTime: 2015-10-30T07:17:57.502957900Z
3523744.1e94: ChangeTime: 2015-11-18T12:17:25.092999700Z
3533744.1e94: FileAttributes: 0x20
3543744.1e94: Size: 0x16d60
3553744.1e94: NT Headers: 0xc8
3563744.1e94: Timestamp: 0x5632d94c
3573744.1e94: Machine: 0x8664 - amd64
3583744.1e94: Timestamp: 0x5632d94c
3593744.1e94: Image Version: 10.0
3603744.1e94: SizeOfImage: 0x18000 (98304)
3613744.1e94: Resource Dir: 0x17000 LB 0x400
3623744.1e94: ProductName: Microsoft® Windows® Operating System
3633744.1e94: ProductVersion: 10.0.10586.0
3643744.1e94: FileVersion: 10.0.10586.0 (th2_release.151029-1700)
3653744.1e94: FileDescription: ApiSet Schema DLL
3663744.1e94: supR3HardenedWinFindAdversaries: 0x100
3673744.1e94: \SystemRoot\System32\drivers\avgrkx64.sys:
3683744.1e94: CreationTime: 2015-03-20T10:18:18.000000000Z
3693744.1e94: LastWriteTime: 2015-08-10T14:25:40.000000000Z
3703744.1e94: ChangeTime: 2015-11-18T12:52:22.602400600Z
3713744.1e94: FileAttributes: 0x20
3723744.1e94: Size: 0xa5b0
3733744.1e94: NT Headers: 0xe8
3743744.1e94: Timestamp: 0x55c8a651
3753744.1e94: Machine: 0x8664 - amd64
3763744.1e94: Timestamp: 0x55c8a651
3773744.1e94: Image Version: 6.2
3783744.1e94: SizeOfImage: 0xa000 (40960)
3793744.1e94: Resource Dir: 0x9000 LB 0x4e4
3803744.1e94: ProductName: AVG Internet Security
3813744.1e94: ProductVersion: 16.0.0.7018
3823744.1e94: FileVersion: 16.0.0.7018
3833744.1e94: SpecialBuild: AvCompile_2015_0810_152249(7018), SVNRev bcda0285b62dd6766bbf558cb0e562271f6e2fd5 (av/devel), av
3843744.1e94: PrivateBuild: x64 Release_Unicode_DRIVER
3853744.1e94: FileDescription: AVG Anti-Rootkit Driver
3863744.1e94: \SystemRoot\System32\drivers\avgmfx64.sys:
3873744.1e94: CreationTime: 2015-10-21T15:15:02.000000000Z
3883744.1e94: LastWriteTime: 2015-10-21T15:15:02.000000000Z
3893744.1e94: ChangeTime: 2015-11-18T12:52:22.602400600Z
3903744.1e94: FileAttributes: 0x20
3913744.1e94: Size: 0x3e5b0
3923744.1e94: NT Headers: 0xe8
3933744.1e94: Timestamp: 0x5627abf4
3943744.1e94: Machine: 0x8664 - amd64
3953744.1e94: Timestamp: 0x5627abf4
3963744.1e94: Image Version: 6.2
3973744.1e94: SizeOfImage: 0x3f000 (258048)
3983744.1e94: Resource Dir: 0x3d000 LB 0x558
3993744.1e94: ProductName: AVG Internet Security
4003744.1e94: ProductVersion: 16.7.0.7225
4013744.1e94: FileVersion: 16.7.0.7225
4023744.1e94: SpecialBuild: AvCompile_2015_1021_170455(7225), SVNRev 7c855447f1a8108ea241fa3c579387fa3a34c4a1 (release/SmallUpdate2016-01_release), av, gbn 16.7.1.29462
4033744.1e94: PrivateBuild: x64 Release_Unicode_DRIVER
4043744.1e94: FileDescription: AVG Resident Shield Minifilter Driver
4053744.1e94: \SystemRoot\System32\drivers\avgidsdrivera.sys:
4063744.1e94: CreationTime: 2015-06-26T07:49:10.000000000Z
4073744.1e94: LastWriteTime: 2015-10-19T07:03:24.000000000Z
4083744.1e94: ChangeTime: 2015-11-18T12:52:22.602400600Z
4093744.1e94: FileAttributes: 0x20
4103744.1e94: Size: 0x4c9b0
4113744.1e94: NT Headers: 0xe0
4123744.1e94: Timestamp: 0x562495b9
4133744.1e94: Machine: 0x8664 - amd64
4143744.1e94: Timestamp: 0x562495b9
4153744.1e94: Image Version: 6.2
4163744.1e94: SizeOfImage: 0x53000 (339968)
4173744.1e94: Resource Dir: 0x51000 LB 0x578
4183744.1e94: ProductName: AVG Internet Security
4193744.1e94: ProductVersion: 16.7.0.7222
4203744.1e94: FileVersion: 16.7.0.7222
4213744.1e94: SpecialBuild: AvCompile_2015_1019_084916(7222), SVNRev ae2258cc1e372062c071fabbc49d3ede375b871c (release/SmallUpdate2016-01_release), av, gbn 16.7.1.28104
4223744.1e94: PrivateBuild: x64 Release_Unicode_DRIVER
4233744.1e94: FileDescription: AVG IDS Application Activity Monitor Driver.
4243744.1e94: \SystemRoot\System32\drivers\avgidsha.sys:
4253744.1e94: CreationTime: 2015-05-12T12:36:54.000000000Z
4263744.1e94: LastWriteTime: 2015-08-20T12:58:04.000000000Z
4273744.1e94: ChangeTime: 2015-11-18T12:52:22.602400600Z
4283744.1e94: FileAttributes: 0x20
4293744.1e94: Size: 0x48db0
4303744.1e94: NT Headers: 0xd8
4313744.1e94: Timestamp: 0x55d5c0c9
4323744.1e94: Machine: 0x8664 - amd64
4333744.1e94: Timestamp: 0x55d5c0c9
4343744.1e94: Image Version: 6.2
4353744.1e94: SizeOfImage: 0x49000 (299008)
4363744.1e94: Resource Dir: 0x47000 LB 0x52c
4373744.1e94: ProductName: AVG Internet Security
4383744.1e94: ProductVersion: 16.1.0.7028
4393744.1e94: FileVersion: 16.1.0.7028
4403744.1e94: SpecialBuild: AvCompile_2015_0820_135459(7028), SVNRev f4234d401b085a2f130f926a678ec233158e4b7d (release/AVG2016_beta1), av
4413744.1e94: PrivateBuild: x64 Release_Unicode_DRIVER
4423744.1e94: FileDescription: AVG Application Activity Monitor Helper Driver
4433744.1e94: \SystemRoot\System32\drivers\avgloga.sys:
4443744.1e94: CreationTime: 2015-08-14T13:24:40.000000000Z
4453744.1e94: LastWriteTime: 2015-08-14T13:24:40.000000000Z
4463744.1e94: ChangeTime: 2015-11-18T12:52:22.602400600Z
4473744.1e94: FileAttributes: 0x20
4483744.1e94: Size: 0x613b0
4493744.1e94: NT Headers: 0xe0
4503744.1e94: Timestamp: 0x55cdde04
4513744.1e94: Machine: 0x8664 - amd64
4523744.1e94: Timestamp: 0x55cdde04
4533744.1e94: Image Version: 6.2
4543744.1e94: SizeOfImage: 0x62000 (401408)
4553744.1e94: Resource Dir: 0x60000 LB 0x4d4
4563744.1e94: ProductName: AVG Internet Security
4573744.1e94: ProductVersion: 16.0.0.7023
4583744.1e94: FileVersion: 16.0.0.7023
4593744.1e94: SpecialBuild: AvCompile_2015_0814_141417(7023), SVNRev 3f0381b1756dd093311a0a028b8a3dbdd65d1ea3 (av/devel), av
4603744.1e94: PrivateBuild: x64 Release_Unicode_DRIVER
4613744.1e94: FileDescription: AVG Logging Driver
4623744.1e94: \SystemRoot\System32\drivers\avgldx64.sys:
4633744.1e94: CreationTime: 2015-10-21T15:16:48.000000000Z
4643744.1e94: LastWriteTime: 2015-10-21T15:16:48.000000000Z
4653744.1e94: ChangeTime: 2015-11-18T12:52:22.602400600Z
4663744.1e94: FileAttributes: 0x20
4673744.1e94: Size: 0x455b0
4683744.1e94: NT Headers: 0xd8
4693744.1e94: Timestamp: 0x5627ac5c
4703744.1e94: Machine: 0x8664 - amd64
4713744.1e94: Timestamp: 0x5627ac5c
4723744.1e94: Image Version: 6.2
4733744.1e94: SizeOfImage: 0x46000 (286720)
4743744.1e94: Resource Dir: 0x44000 LB 0x538
4753744.1e94: ProductName: AVG Internet Security
4763744.1e94: ProductVersion: 16.7.0.7225
4773744.1e94: FileVersion: 16.7.0.7225
4783744.1e94: SpecialBuild: AvCompile_2015_1021_170455(7225), SVNRev 7c855447f1a8108ea241fa3c579387fa3a34c4a1 (release/SmallUpdate2016-01_release), av, gbn 16.7.1.29462
4793744.1e94: PrivateBuild: x64 Release_Unicode_DRIVER
4803744.1e94: FileDescription: AVG AVI Loader Driver
4813744.1e94: \SystemRoot\System32\drivers\avgdiska.sys:
4823744.1e94: CreationTime: 2015-08-10T14:32:08.000000000Z
4833744.1e94: LastWriteTime: 2015-08-10T14:32:08.000000000Z
4843744.1e94: ChangeTime: 2015-11-18T12:52:22.602400600Z
4853744.1e94: FileAttributes: 0x20
4863744.1e94: Size: 0x301b0
4873744.1e94: NT Headers: 0xe8
4883744.1e94: Timestamp: 0x55c8a7d5
4893744.1e94: Machine: 0x8664 - amd64
4903744.1e94: Timestamp: 0x55c8a7d5
4913744.1e94: Image Version: 6.2
4923744.1e94: SizeOfImage: 0x31000 (200704)
4933744.1e94: Resource Dir: 0x2f000 LB 0x4e0
4943744.1e94: ProductName: AVG Internet Security
4953744.1e94: ProductVersion: 16.0.0.7018
4963744.1e94: FileVersion: 16.0.0.7018
4973744.1e94: SpecialBuild: AvCompile_2015_0810_152249(7018), SVNRev bcda0285b62dd6766bbf558cb0e562271f6e2fd5 (av/devel), av
4983744.1e94: PrivateBuild: x64 Release_Unicode_DRIVER
4993744.1e94: FileDescription: AVG File Vault Driver
5003744.1e94: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
5013744.1e94: Calling main()
5023744.1e94: SUPR3HardenedMain: pszProgName=VBoxHeadless fFlags=0x0
5033744.1e94: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
5043744.1e94: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
5053744.1e94: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe)
5063744.1e94: SUPR3HardenedMain: Respawn #2
5073744.1e94: supR3HardNtEnableThreadCreation:
5083744.1e94: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll)
5093744.1e94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll
5103744.1e94: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
5113744.1e94: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
5123744.1e94: supR3HardenedDllNotificationCallback: load 00007ffec9b10000 LB 0x00079000 C:\WINDOWS\system32\apphelp.dll [fFlags=0x0]
5133744.1e94: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
5143744.1e94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec9b10000 'C:\WINDOWS\system32\apphelp.dll'
5153744.1e94: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffed00e6a00 pvNtTerminateThread=00007ffed01157a0
5163744.1e94: supR3HardenedWinDoReSpawn(2): New child 3638.c8 [kernel32].
5173744.1e94: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
5183744.1e94: supR3HardNtChildGatherData: PebBaseAddress=0000000000201000 cbPeb=0x388
5193744.1e94: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffed0070000 uNtDllChildAddr=00007ffed0070000
5203744.1e94: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffed00e6a00
5213744.1e94: supR3HardenedWinSetupChildInit: Start child.
5223744.1e94: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
5233744.1e94: supR3HardNtChildPurify: Startup delay kludge #1/0: 520 ms, 59 sleeps
5243744.1e94: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
5253744.1e94: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
5263744.1e94: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
5273744.1e94: *0000000000030000-000000000001afff 0x0002/0x0002 0x0040000
5283744.1e94: 0000000000045000-0000000000039fff 0x0001/0x0000 0x0000000
5293744.1e94: *0000000000050000-fffffffffff53fff 0x0000/0x0004 0x0020000
5303744.1e94: 000000000014c000-0000000000148fff 0x0104/0x0004 0x0020000
5313744.1e94: 000000000014f000-000000000014dfff 0x0004/0x0004 0x0020000
5323744.1e94: *0000000000150000-000000000014bfff 0x0002/0x0002 0x0040000
5333744.1e94: 0000000000154000-0000000000147fff 0x0001/0x0000 0x0000000
5343744.1e94: *0000000000160000-000000000015dfff 0x0004/0x0004 0x0020000
5353744.1e94: 0000000000162000-00000000000c3fff 0x0001/0x0000 0x0000000
5363744.1e94: *0000000000200000-00000000001fefff 0x0000/0x0004 0x0020000
5373744.1e94: 0000000000201000-00000000001fdfff 0x0004/0x0004 0x0020000
5383744.1e94: 0000000000204000-0000000000007fff 0x0000/0x0004 0x0020000
5393744.1e94: 0000000000400000-ffffffff8081ffff 0x0001/0x0000 0x0000000
5403744.1e94: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
5413744.1e94: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
5423744.1e94: 000000007fff0000-ffff8009dbedffff 0x0001/0x0000 0x0000000
5433744.1e94: *00007ff724100000-00007ff7240dcfff 0x0002/0x0002 0x0040000
5443744.1e94: 00007ff724123000-00007ff723ed5fff 0x0001/0x0000 0x0000000
5453744.1e94: *00007ff724370000-00007ff724370fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
5463744.1e94: 00007ff724371000-00007ff7243f7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
5473744.1e94: 00007ff7243f8000-00007ff7243f8fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
5483744.1e94: 00007ff7243f9000-00007ff724443fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
5493744.1e94: 00007ff724444000-00007ff724444fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
5503744.1e94: 00007ff724445000-00007ff724445fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
5513744.1e94: 00007ff724446000-00007ff72444afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
5523744.1e94: 00007ff72444b000-00007ff72444bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
5533744.1e94: 00007ff72444c000-00007ff72444cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
5543744.1e94: 00007ff72444d000-00007ff724450fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
5553744.1e94: 00007ff724451000-00007ff72449bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
5563744.1e94: 00007ff72449c000-00007fef788c7fff 0x0001/0x0000 0x0000000
5573744.1e94: *00007ffed0070000-00007ffed0070fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
5583744.1e94: 00007ffed0071000-00007ffed016dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
5593744.1e94: 00007ffed016e000-00007ffed01aefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
5603744.1e94: 00007ffed01af000-00007ffed01b7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
5613744.1e94: 00007ffed01b8000-00007ffed01c4fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
5623744.1e94: 00007ffed01c5000-00007ffed01c5fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
5633744.1e94: 00007ffed01c6000-00007ffed01c8fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
5643744.1e94: 00007ffed01c9000-00007ffed0230fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
5653744.1e94: 00007ffed0231000-00007ffda0481fff 0x0001/0x0000 0x0000000
5663744.1e94: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
5673744.1e94: VBoxHeadless.exe: timestamp 0x564221d3 (rc=VINF_SUCCESS)
5683744.1e94: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
5693744.1e94: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
5703744.1e94: supR3HardNtChildPurify: Done after 557 ms and 0 fixes (loop #0).
5713638.c8: Log file opened: 5.0.10r104061 g_hStartupLog=0000000000000008 g_uNtVerCombined=0xa0295a00
5723638.c8: supR3HardenedVmProcessInit: uNtDllAddr=00007ffed0070000
5733744.1e94: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000500000 LB 0x400000)
5743744.1e94: supR3HardNtEnableThreadCreation:
5753638.c8: ntdll.dll: timestamp 0x5632d193 (rc=VINF_SUCCESS)
5763638.c8: New simple heap: #1 0000000000500000 LB 0x400000 (for 1839104 allocation)
5773638.c8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
5783638.c8: System32: \Device\HarddiskVolume2\Windows\System32
5793638.c8: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
5803638.c8: KnownDllPath: C:\WINDOWS\system32
5813638.c8: supR3HardenedVmProcessInit: Opening vboxdrv...
5823638.c8: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
5833638.c8: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
5843638.c8: Registered Dll notification callback with NTDLL.
5853638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
5863638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
5873638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801:<flags> [calling]
5883638.c8: supR3HardenedDllNotificationCallback: load 00007ffecb400000 LB 0x001e8000 C:\WINDOWS\system32\KERNELBASE.dll [fFlags=0x0]
5893638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
5903638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
5913638.c8: supR3HardenedDllNotificationCallback: load 00007ffeceb70000 LB 0x000ad000 C:\WINDOWS\system32\KERNEL32.DLL [fFlags=0x0]
5923638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
5933638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeceb70000 'C:\WINDOWS\system32\KERNEL32.DLL'
5943638.c8: supR3HardenedDllNotificationCallback: load 00007ff724370000 LB 0x0012c000 C:\Program Files\Oracle\VirtualBox\VBoxHeadless.exe [fFlags=0x0]
5953638.c8: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
5963638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe)
5973638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
5983638.c8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffed00e6a00 pvNtTerminateThread=00007ffed01157a0
5993744.1e94: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 94 ms.
6003638.c8: \SystemRoot\System32\ntdll.dll:
6013638.c8: CreationTime: 2015-10-30T07:18:03.534188700Z
6023638.c8: LastWriteTime: 2015-10-30T07:18:03.534188700Z
6033638.c8: ChangeTime: 2015-11-18T12:17:26.280542600Z
6043638.c8: FileAttributes: 0x20
6053638.c8: Size: 0x1bba48
6063638.c8: NT Headers: 0xe0
6073638.c8: Timestamp: 0x5632d193
6083638.c8: Machine: 0x8664 - amd64
6093638.c8: Timestamp: 0x5632d193
6103638.c8: Image Version: 10.0
6113638.c8: SizeOfImage: 0x1c1000 (1839104)
6123638.c8: Resource Dir: 0x159000 LB 0x66210
6133638.c8: ProductName: Microsoft® Windows® Operating System
6143638.c8: ProductVersion: 10.0.10586.0
6153638.c8: FileVersion: 10.0.10586.0 (th2_release.151029-1700)
6163638.c8: FileDescription: NT Layer DLL
6173638.c8: \SystemRoot\System32\kernel32.dll:
6183638.c8: CreationTime: 2015-10-30T07:17:46.221743200Z
6193638.c8: LastWriteTime: 2015-10-30T07:17:46.221743200Z
6203638.c8: ChangeTime: 2015-11-18T12:17:25.968031300Z
6213638.c8: FileAttributes: 0x20
6223638.c8: Size: 0xac430
6233638.c8: NT Headers: 0xf0
6243638.c8: Timestamp: 0x5632d5aa
6253638.c8: Machine: 0x8664 - amd64
6263638.c8: Timestamp: 0x5632d5aa
6273638.c8: Image Version: 10.0
6283638.c8: SizeOfImage: 0xad000 (708608)
6293638.c8: Resource Dir: 0xab000 LB 0x528
6303638.c8: ProductName: Microsoft® Windows® Operating System
6313638.c8: ProductVersion: 10.0.10586.0
6323638.c8: FileVersion: 10.0.10586.0 (th2_release.151029-1700)
6333638.c8: FileDescription: Windows NT BASE API Client DLL
6343638.c8: \SystemRoot\System32\KernelBase.dll:
6353638.c8: CreationTime: 2015-10-30T07:18:03.596688800Z
6363638.c8: LastWriteTime: 2015-10-30T07:18:03.596688800Z
6373638.c8: ChangeTime: 2015-11-18T12:17:25.999283300Z
6383638.c8: FileAttributes: 0x20
6393638.c8: Size: 0x1e7a08
6403638.c8: NT Headers: 0xf0
6413638.c8: Timestamp: 0x5632d1de
6423638.c8: Machine: 0x8664 - amd64
6433638.c8: Timestamp: 0x5632d1de
6443638.c8: Image Version: 10.0
6453638.c8: SizeOfImage: 0x1e8000 (1998848)
6463638.c8: Resource Dir: 0x1d1000 LB 0x540
6473638.c8: ProductName: Microsoft® Windows® Operating System
6483638.c8: ProductVersion: 10.0.10586.0
6493638.c8: FileVersion: 10.0.10586.0 (th2_release.151029-1700)
6503638.c8: FileDescription: Windows NT BASE API Client DLL
6513638.c8: \SystemRoot\System32\apisetschema.dll:
6523638.c8: CreationTime: 2015-10-30T07:17:57.502957900Z
6533638.c8: LastWriteTime: 2015-10-30T07:17:57.502957900Z
6543638.c8: ChangeTime: 2015-11-18T12:17:25.092999700Z
6553638.c8: FileAttributes: 0x20
6563638.c8: Size: 0x16d60
6573638.c8: NT Headers: 0xc8
6583638.c8: Timestamp: 0x5632d94c
6593638.c8: Machine: 0x8664 - amd64
6603638.c8: Timestamp: 0x5632d94c
6613638.c8: Image Version: 10.0
6623638.c8: SizeOfImage: 0x18000 (98304)
6633638.c8: Resource Dir: 0x17000 LB 0x400
6643638.c8: ProductName: Microsoft® Windows® Operating System
6653638.c8: ProductVersion: 10.0.10586.0
6663638.c8: FileVersion: 10.0.10586.0 (th2_release.151029-1700)
6673638.c8: FileDescription: ApiSet Schema DLL
6683638.c8: supR3HardenedWinFindAdversaries: 0x100
6693638.c8: \SystemRoot\System32\drivers\avgrkx64.sys:
6703638.c8: CreationTime: 2015-03-20T10:18:18.000000000Z
6713638.c8: LastWriteTime: 2015-08-10T14:25:40.000000000Z
6723638.c8: ChangeTime: 2015-11-18T12:52:22.602400600Z
6733638.c8: FileAttributes: 0x20
6743638.c8: Size: 0xa5b0
6753638.c8: NT Headers: 0xe8
6763638.c8: Timestamp: 0x55c8a651
6773638.c8: Machine: 0x8664 - amd64
6783638.c8: Timestamp: 0x55c8a651
6793638.c8: Image Version: 6.2
6803638.c8: SizeOfImage: 0xa000 (40960)
6813638.c8: Resource Dir: 0x9000 LB 0x4e4
6823638.c8: ProductName: AVG Internet Security
6833638.c8: ProductVersion: 16.0.0.7018
6843638.c8: FileVersion: 16.0.0.7018
6853638.c8: SpecialBuild: AvCompile_2015_0810_152249(7018), SVNRev bcda0285b62dd6766bbf558cb0e562271f6e2fd5 (av/devel), av
6863638.c8: PrivateBuild: x64 Release_Unicode_DRIVER
6873638.c8: FileDescription: AVG Anti-Rootkit Driver
6883638.c8: \SystemRoot\System32\drivers\avgmfx64.sys:
6893638.c8: CreationTime: 2015-10-21T15:15:02.000000000Z
6903638.c8: LastWriteTime: 2015-10-21T15:15:02.000000000Z
6913638.c8: ChangeTime: 2015-11-18T12:52:22.602400600Z
6923638.c8: FileAttributes: 0x20
6933638.c8: Size: 0x3e5b0
6943638.c8: NT Headers: 0xe8
6953638.c8: Timestamp: 0x5627abf4
6963638.c8: Machine: 0x8664 - amd64
6973638.c8: Timestamp: 0x5627abf4
6983638.c8: Image Version: 6.2
6993638.c8: SizeOfImage: 0x3f000 (258048)
7003638.c8: Resource Dir: 0x3d000 LB 0x558
7013638.c8: ProductName: AVG Internet Security
7023638.c8: ProductVersion: 16.7.0.7225
7033638.c8: FileVersion: 16.7.0.7225
7043638.c8: SpecialBuild: AvCompile_2015_1021_170455(7225), SVNRev 7c855447f1a8108ea241fa3c579387fa3a34c4a1 (release/SmallUpdate2016-01_release), av, gbn 16.7.1.29462
7053638.c8: PrivateBuild: x64 Release_Unicode_DRIVER
7063638.c8: FileDescription: AVG Resident Shield Minifilter Driver
7073638.c8: \SystemRoot\System32\drivers\avgidsdrivera.sys:
7083638.c8: CreationTime: 2015-06-26T07:49:10.000000000Z
7093638.c8: LastWriteTime: 2015-10-19T07:03:24.000000000Z
7103638.c8: ChangeTime: 2015-11-18T12:52:22.602400600Z
7113638.c8: FileAttributes: 0x20
7123638.c8: Size: 0x4c9b0
7133638.c8: NT Headers: 0xe0
7143638.c8: Timestamp: 0x562495b9
7153638.c8: Machine: 0x8664 - amd64
7163638.c8: Timestamp: 0x562495b9
7173638.c8: Image Version: 6.2
7183638.c8: SizeOfImage: 0x53000 (339968)
7193638.c8: Resource Dir: 0x51000 LB 0x578
7203638.c8: ProductName: AVG Internet Security
7213638.c8: ProductVersion: 16.7.0.7222
7223638.c8: FileVersion: 16.7.0.7222
7233638.c8: SpecialBuild: AvCompile_2015_1019_084916(7222), SVNRev ae2258cc1e372062c071fabbc49d3ede375b871c (release/SmallUpdate2016-01_release), av, gbn 16.7.1.28104
7243638.c8: PrivateBuild: x64 Release_Unicode_DRIVER
7253638.c8: FileDescription: AVG IDS Application Activity Monitor Driver.
7263638.c8: \SystemRoot\System32\drivers\avgidsha.sys:
7273638.c8: CreationTime: 2015-05-12T12:36:54.000000000Z
7283638.c8: LastWriteTime: 2015-08-20T12:58:04.000000000Z
7293638.c8: ChangeTime: 2015-11-18T12:52:22.602400600Z
7303638.c8: FileAttributes: 0x20
7313638.c8: Size: 0x48db0
7323638.c8: NT Headers: 0xd8
7333638.c8: Timestamp: 0x55d5c0c9
7343638.c8: Machine: 0x8664 - amd64
7353638.c8: Timestamp: 0x55d5c0c9
7363638.c8: Image Version: 6.2
7373638.c8: SizeOfImage: 0x49000 (299008)
7383638.c8: Resource Dir: 0x47000 LB 0x52c
7393638.c8: ProductName: AVG Internet Security
7403638.c8: ProductVersion: 16.1.0.7028
7413638.c8: FileVersion: 16.1.0.7028
7423638.c8: SpecialBuild: AvCompile_2015_0820_135459(7028), SVNRev f4234d401b085a2f130f926a678ec233158e4b7d (release/AVG2016_beta1), av
7433638.c8: PrivateBuild: x64 Release_Unicode_DRIVER
7443638.c8: FileDescription: AVG Application Activity Monitor Helper Driver
7453638.c8: \SystemRoot\System32\drivers\avgloga.sys:
7463638.c8: CreationTime: 2015-08-14T13:24:40.000000000Z
7473638.c8: LastWriteTime: 2015-08-14T13:24:40.000000000Z
7483638.c8: ChangeTime: 2015-11-18T12:52:22.602400600Z
7493638.c8: FileAttributes: 0x20
7503638.c8: Size: 0x613b0
7513638.c8: NT Headers: 0xe0
7523638.c8: Timestamp: 0x55cdde04
7533638.c8: Machine: 0x8664 - amd64
7543638.c8: Timestamp: 0x55cdde04
7553638.c8: Image Version: 6.2
7563638.c8: SizeOfImage: 0x62000 (401408)
7573638.c8: Resource Dir: 0x60000 LB 0x4d4
7583638.c8: ProductName: AVG Internet Security
7593638.c8: ProductVersion: 16.0.0.7023
7603638.c8: FileVersion: 16.0.0.7023
7613638.c8: SpecialBuild: AvCompile_2015_0814_141417(7023), SVNRev 3f0381b1756dd093311a0a028b8a3dbdd65d1ea3 (av/devel), av
7623638.c8: PrivateBuild: x64 Release_Unicode_DRIVER
7633638.c8: FileDescription: AVG Logging Driver
7643638.c8: \SystemRoot\System32\drivers\avgldx64.sys:
7653638.c8: CreationTime: 2015-10-21T15:16:48.000000000Z
7663638.c8: LastWriteTime: 2015-10-21T15:16:48.000000000Z
7673638.c8: ChangeTime: 2015-11-18T12:52:22.602400600Z
7683638.c8: FileAttributes: 0x20
7693638.c8: Size: 0x455b0
7703638.c8: NT Headers: 0xd8
7713638.c8: Timestamp: 0x5627ac5c
7723638.c8: Machine: 0x8664 - amd64
7733638.c8: Timestamp: 0x5627ac5c
7743638.c8: Image Version: 6.2
7753638.c8: SizeOfImage: 0x46000 (286720)
7763638.c8: Resource Dir: 0x44000 LB 0x538
7773638.c8: ProductName: AVG Internet Security
7783638.c8: ProductVersion: 16.7.0.7225
7793638.c8: FileVersion: 16.7.0.7225
7803638.c8: SpecialBuild: AvCompile_2015_1021_170455(7225), SVNRev 7c855447f1a8108ea241fa3c579387fa3a34c4a1 (release/SmallUpdate2016-01_release), av, gbn 16.7.1.29462
7813638.c8: PrivateBuild: x64 Release_Unicode_DRIVER
7823638.c8: FileDescription: AVG AVI Loader Driver
7833638.c8: \SystemRoot\System32\drivers\avgdiska.sys:
7843638.c8: CreationTime: 2015-08-10T14:32:08.000000000Z
7853638.c8: LastWriteTime: 2015-08-10T14:32:08.000000000Z
7863638.c8: ChangeTime: 2015-11-18T12:52:22.602400600Z
7873638.c8: FileAttributes: 0x20
7883638.c8: Size: 0x301b0
7893638.c8: NT Headers: 0xe8
7903638.c8: Timestamp: 0x55c8a7d5
7913638.c8: Machine: 0x8664 - amd64
7923638.c8: Timestamp: 0x55c8a7d5
7933638.c8: Image Version: 6.2
7943638.c8: SizeOfImage: 0x31000 (200704)
7953638.c8: Resource Dir: 0x2f000 LB 0x4e0
7963638.c8: ProductName: AVG Internet Security
7973638.c8: ProductVersion: 16.0.0.7018
7983638.c8: FileVersion: 16.0.0.7018
7993638.c8: SpecialBuild: AvCompile_2015_0810_152249(7018), SVNRev bcda0285b62dd6766bbf558cb0e562271f6e2fd5 (av/devel), av
8003638.c8: PrivateBuild: x64 Release_Unicode_DRIVER
8013638.c8: FileDescription: AVG File Vault Driver
8023638.c8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
8033638.c8: Calling main()
8043638.c8: SUPR3HardenedMain: pszProgName=VBoxHeadless fFlags=0x0
8053638.c8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
8063638.c8: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
8073638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe)
8083638.c8: SUPR3HardenedMain: Final process, opening VBoxDrv...
8093638.c8: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000500000 LB 0x400000)
8103638.c8: supR3HardNtEnableThreadCreation:
8113638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
8123638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
8133638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
8143638.c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
8153638.c8: supR3HardenedDllNotificationCallback: load 00007ffe9b200000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
8163638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
8173638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
8183638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8193638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe9b200000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
8203638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
8213638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8223638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe9b200000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
8233638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe9b200000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
8243638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8253638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
8263638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
8273638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
8283638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
8293638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
8303638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8313638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8323638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
8333638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
8343638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
8353638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
8363638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8373638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'msasn1.dll'.
8383638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
8393638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
8403638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
8413638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
8423638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
8433638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
8443638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8453638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8463638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
8473638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
8483638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
8493638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
8503638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
8513638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8523638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8533638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8543638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
8553638.c8: supR3HardenedDllNotificationCallback: load 00007ffece9b0000 LB 0x0009d000 C:\WINDOWS\system32\msvcrt.dll [fFlags=0x0]
8563638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8573638.c8: supR3HardenedDllNotificationCallback: load 00007ffecb3f0000 LB 0x00010000 C:\WINDOWS\system32\MSASN1.dll [fFlags=0x0]
8583638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
8593638.c8: supR3HardenedDllNotificationCallback: load 00007ffecbd70000 LB 0x001c7000 C:\WINDOWS\system32\CRYPT32.dll [fFlags=0x0]
8603638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
8613638.c8: supR3HardenedDllNotificationCallback: load 00007ffecea50000 LB 0x0011c000 C:\WINDOWS\system32\RPCRT4.dll [fFlags=0x0]
8623638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
8633638.c8: supR3HardenedDllNotificationCallback: load 00007ffecbff0000 LB 0x00055000 C:\WINDOWS\system32\Wintrust.dll [fFlags=0x0]
8643638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
8653638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbff0000 'C:\WINDOWS\system32\Wintrust.dll'
8663638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
8673638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
8683638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
8693638.c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
8703638.c8: supR3HardenedDllNotificationCallback: load 00007ffecb2a0000 LB 0x00029000 C:\WINDOWS\system32\bcrypt.dll [fFlags=0x0]
8713638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
8723638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecb2a0000 'C:\WINDOWS\system32\bcrypt.dll'
8733638.c8: bcrypt.dll loaded at 00007ffecb2a0000, BCryptOpenAlgorithmProvider at 00007ffecb2a3b50, preloading providers:
8743638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
8753638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
8763638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8773638.c8: supR3HardenedDllNotificationCallback: load 00007ffecc0e0000 LB 0x0006a000 C:\WINDOWS\system32\bcryptprimitives.dll [fFlags=0x0]
8783638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
8793638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecc0e0000 'C:\WINDOWS\system32\bcryptprimitives.dll'
8803638.c8: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=0000000000a8a390)
8813638.c8: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=0000000000a8aa50)
8823638.c8: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=0000000000a8ad20)
8833638.c8: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000000000a8b080)
8843638.c8: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000000a8bba0)
8853638.c8: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000000a8beb0)
8863638.c8: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000000a8c1c0)
8873638.c8: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000000a8c490)
8883638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
8893638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8903638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbff0000 'C:\Windows\System32\WINTRUST.DLL'
8913638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
8923638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8933638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbff0000 'C:\Windows\System32\WINTRUST.DLL'
8943638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
8953638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8963638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbff0000 'C:\Windows\System32\WINTRUST.DLL'
8973638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
8983638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8993638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbff0000 'C:\Windows\System32\WINTRUST.DLL'
9003638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
9013638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9023638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbff0000 'C:\Windows\System32\WINTRUST.DLL'
9033638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
9043638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9053638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbff0000 'C:\Windows\System32\WINTRUST.DLL'
9063638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
9073638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9083638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbff0000 'C:\Windows\System32\WINTRUST.DLL'
9093638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
9103638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
9113638.c8: supR3HardenedDllNotificationCallback: load 00007ffecad00000 LB 0x00017000 C:\WINDOWS\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
9123638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
9133638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'bcrypt.dll'.
9143638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
9153638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
9163638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
9173638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
9183638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
9193638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9203638.c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9213638.c8: supR3HardenedDllNotificationCallback: load 00007ffeca990000 LB 0x00034000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
9223638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9233638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
9243638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
9253638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
9263638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
9273638.c8: supR3HardenedDllNotificationCallback: load 00007ffecae20000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
9283638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
9293638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
9303638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
9313638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
9323638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
9333638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9343638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeceb70000 'C:\WINDOWS\system32\kernel32.dll'
9353638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
9363638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbff0000 'C:\Windows\System32\WINTRUST.DLL'
9373638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
9383638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
9393638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\CRYPT32.dll'
9403638.c8: supR3HardenedDllNotificationCallback: load 00007ffecec60000 LB 0x0001c000 C:\WINDOWS\system32\imagehlp.dll [fFlags=0x0]
9413638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9423638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
9433638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
9443638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9453638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9463638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9473638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9483638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9493638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
9503638.c8: supR3HardenedDllNotificationCallback: load 00007ffecd7d0000 LB 0x0005b000 C:\WINDOWS\system32\sechost.dll [fFlags=0x0]
9513638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
9523638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
9533638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
9543638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9553638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
9563638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
9573638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
9583638.c8: supR3HardenedDllNotificationCallback: load 00007ffeca320000 LB 0x00024000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0]
9593638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
9603638.c8: supR3HardenedDllNotificationCallback: load 00007ffecb3d0000 LB 0x00014000 C:\WINDOWS\system32\profapi.dll [fFlags=0x0]
9613638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
9623638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
9633638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9643638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
9653638.c8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
9663638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
9673638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
9683638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
9693638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
9703638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9713638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9723638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9733638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9743638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9753638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
9763638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9773638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9783638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9793638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9803638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9813638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
9823638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9833638.c8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9843638.c8: supR3HardenedDllNotificationCallback: load 00007ffe9d060000 LB 0x0002f000 C:\WINDOWS\system32\cryptnet.dll [fFlags=0x0]
9853638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9863638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9873638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
9883638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe9d060000 'C:\WINDOWS\system32\cryptnet.dll'
9893638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9903638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
9913638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe9d060000 'C:\WINDOWS\system32\cryptnet.dll'
9923638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9933638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
9943638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe9d060000 'C:\WINDOWS\system32\cryptnet.dll'
9953638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9963638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
9973638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe9d060000 'C:\WINDOWS\system32\cryptnet.dll'
9983638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9993638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
10003638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe9d060000 'C:\WINDOWS\system32\cryptnet.dll'
10013638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
10023638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
10033638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe9d060000 'C:\WINDOWS\system32\cryptnet.dll'
10043638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
10053638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe9d060000 'C:\WINDOWS\system32\cryptnet.dll'
10063638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
10073638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe9d060000 'C:\WINDOWS\system32\cryptnet.dll'
10083638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
10093638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe9d060000 'C:\WINDOWS\system32\cryptnet.dll'
10103638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
10113638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe9d060000 'C:\WINDOWS\system32\cryptnet.dll'
10123638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
10133638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe9d060000 'C:\WINDOWS\system32\cryptnet.dll'
10143638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe9d060000 'C:\WINDOWS\system32\cryptnet.dll'
10153638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
10163638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe9d060000 'C:\Windows\System32\cryptnet.dll'
10173638.c8: supR3HardenedDllNotificationCallback: load 00007ffecda80000 LB 0x000a7000 C:\WINDOWS\system32\advapi32.dll [fFlags=0x0]
10183638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10193638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'sechost.dll'.
10203638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
10213638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
10223638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
10233638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10243638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
10253638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
10263638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
10273638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
10283638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume2\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
10293638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
10303638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10313638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10323638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
10333638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10343638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
10353638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
10363638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10373638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll'
10383638.c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
10393638.c8: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000adc760
10403638.c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000adc760
10413638.c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9A46A462BF8E5FC5E097E98A51381D8EFF8C537E
10423638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
10433638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10443638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecea50000 'C:\WINDOWS\system32\rpcrt4.dll'
10453638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
10463638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbff0000 'C:\Windows\System32\WINTRUST.DLL'
10473638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
10483638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbff0000 'C:\Windows\System32\WINTRUST.DLL'
10493638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
10503638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbff0000 'C:\Windows\System32\WINTRUST.DLL'
10513638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
10523638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbff0000 'C:\Windows\System32\WINTRUST.DLL'
10533638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
10543638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbff0000 'C:\Windows\System32\WINTRUST.DLL'
10553638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
10563638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbff0000 'C:\Windows\System32\WINTRUST.DLL'
10573638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
10583638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10593638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbff0000 'C:\Windows\System32\WINTRUST.DLL'
10603638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10613638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10623638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
10633638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
10643638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10653638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll'
10663638.c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Group-minkernel-Package~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\SystemRoot\System32\ntdll.dll'
10673638.c8: g_pfnWinVerifyTrust=00007ffecbff74d0
10683638.c8: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
10693638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10703638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10713638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
10723638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
10733638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10743638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll'
10753638.c8: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
10763638.c8: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
10773638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10783638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10793638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
10803638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
10813638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10823638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll'
10833638.c8: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
10843638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10853638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10863638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
10873638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll'
10883638.c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
10893638.c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000038c pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll
10903638.c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000adc760
10913638.c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000adc760
10923638.c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=357A4685FBBF5E8A1472AE56D4B122532A042630
10933638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10943638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
10953638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll'
10963638.c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-CoreSystem-ds-Package~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
10973638.c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10983638.c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
10993638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
11003638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
11013638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll'
11023638.c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
11033638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
11043638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
11053638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll'
11063638.c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
11073638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
11083638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
11093638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll'
11103638.c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll'
11113638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
11123638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
11133638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll'
11143638.c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
11153638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
11163638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
11173638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll'
11183638.c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
11193638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
11203638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
11213638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
11223638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11233638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll'
11243638.c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
11253638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
11263638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11273638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
11283638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll'
11293638.c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
11303638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
11313638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll'
11323638.c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll'
11333638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
11343638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll'
11353638.c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
11363638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
11373638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll'
11383638.c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
11393638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
11403638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll'
11413638.c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
11423638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
11433638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll'
11443638.c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
11453638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
11463638.c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
11473638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
11483638.c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe'
11493638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
11503638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll'
11513638.c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
11523638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
11533638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll'
11543638.c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
11553638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll'
11563638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0x3fb1ac73ae1db300 CN=markt
11573638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
11583638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
11593638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
11603638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
11613638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
11623638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0x8b4c08792a04b100 CN=localhost, O=Skype Click to Call, OU=Skype Click to Call
11633638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
11643638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
11653638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0x89df2ac1a847af00 C=CZ, ST=Moravia, L=Brno, O=AVG Technologies cz, OU=Engineering, CN=AVG Technologies
11663638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0xf36e04c6e767c800 C=CZ, ST=Moravia, L=Brno, O=AVG Technologies cz, OU=Engineering, CN=AVG Technologies
11673638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
11683638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0x202e62f7af5cd800 C=CZ, ST=Moravia, L=Brno, O=AVG Technologies cz, OU=Engineering, CN=AVG Technologies
11693638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
11703638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
11713638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
11723638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
11733638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
11743638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
11753638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
11763638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
11773638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
11783638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
11793638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
11803638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
11813638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
11823638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
11833638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
11843638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
11853638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
11863638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0xabd0695c5d11d15e C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
11873638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
11883638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
11893638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0x35f812d09650dc00 C=FR, O=Certplus, CN=Class 2 Primary CA
11903638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
11913638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
11923638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
11933638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0x16e64d2a56ccf200 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., OU=http://certificates.starfieldtech.com/repository/, CN=Starfield Services Root Certificate Authority
11943638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
11953638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
11963638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
11973638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
11983638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0xf0ca9d354a179000 C=FI, O=Sonera, CN=Sonera Class2 CA
11993638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
12003638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
12013638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0x20b7075b3689b600 C=IL, O=StartCom Ltd., CN=StartCom Certification Authority G2
12023638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
12033638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0x92ac5ed85c2d0e9b C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2007 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G4
12043638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0x1f78fc529cbacb00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
12053638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
12063638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
12073638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0xa8b43f38c3f7b100 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware
12083638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
12093638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
12103638.c8: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=54
12113638.c8: SUPR3HardenedMain: Load Runtime...
12123638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
12133638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
12143638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
12153638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
12163638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
12173638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
12183638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
12193638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
12203638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
12213638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
12223638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
12233638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
12243638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
12253638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll'
12263638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
12273638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll) WinVerifyTrust
12283638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
12293638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
12303638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
12313638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
12323638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
12333638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
12343638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
12353638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
12363638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
12373638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
12383638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
12393638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
12403638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
12413638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
12423638.c8: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12433638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll)
12443638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
12453638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
12463638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
12473638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
12483638.c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
12493638.c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
12503638.c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
12513638.c8: supR3HardenedDllNotificationCallback: load 00000000594d0000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
12523638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
12533638.c8: supR3HardenedDllNotificationCallback: load 0000000059430000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
12543638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
12553638.c8: supR3HardenedDllNotificationCallback: load 00007ffecec80000 LB 0x0006b000 C:\WINDOWS\system32\WS2_32.dll [fFlags=0x0]
12563638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
12573638.c8: supR3HardenedDllNotificationCallback: load 00007ffe8f570000 LB 0x0055f000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
12583638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
12593638.c8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12603638.c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12613638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
12623638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12633638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12643638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
12653638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12663638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12673638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
12683638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12693638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12703638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
12713638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12723638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12733638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
12743638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12753638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12763638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
12773638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12783638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12793638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12803638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12813638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12823638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12833638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12843638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12853638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12863638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
12873638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12883638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12893638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12903638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12913638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12923638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12933638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12943638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12953638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12963638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12973638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12983638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12993638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13003638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13013638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13023638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13033638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13043638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
13053638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
13063638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13073638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13083638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13093638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13103638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbff0000 'C:\WINDOWS\system32\Wintrust.dll'
13113638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
13123638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll'
13133638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
13143638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll'
13153638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll'
13163638.c8: SUPR3HardenedMain: Load TrustedMain...
13173638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
13183638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
13193638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
13203638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
13213638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
13223638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
13233638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
13243638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxrt.dll'.
13253638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
13263638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
13273638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.dll) WinVerifyTrust
13283638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.dll
13293638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
13303638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
13313638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
13323638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
13333638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
13343638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
13353638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
13363638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
13373638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
13383638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
13393638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
13403638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll'
13413638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
13423638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'combase.dll'.
13433638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
13443638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll) WinVerifyTrust
13453638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
13463638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
13473638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
13483638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
13493638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
13503638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
13513638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
13523638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
13533638.c8: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
13543638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
13553638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
13563638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'bcryptprimitives.dll'.
13573638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\combase.dll)
13583638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\combase.dll
13593638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13603638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13613638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
13623638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
13633638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
13643638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
13653638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
13663638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
13673638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13683638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13693638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
13703638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
13713638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll'
13723638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
13733638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'rpcrt4.dll'.
13743638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'gdi32.dll'.
13753638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'user32.dll'.
13763638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'combase.dll'.
13773638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ole32.dll) WinVerifyTrust
13783638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
13793638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13803638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13813638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
13823638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
13833638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [lacks WinVerifyTrust]
13843638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13853638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13863638.c8: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
13873638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'gdi32.dll'.
13883638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
13893638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
13903638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13913638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13923638.c8: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
13933638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'user32.dll'.
13943638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
13953638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
13963638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
13973638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
13983638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13993638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
14003638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14013638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14023638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
14033638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
14043638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
14053638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
14063638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
14073638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
14083638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
14093638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll'
14103638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'gdi32.dll'.
14113638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\user32.dll) WinVerifyTrust
14123638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
14133638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
14143638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [redoing WinVerifyTrust]
14153638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
14163638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
14173638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
14183638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
14193638.c8: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'
14203638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxHeadless.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
14213638.c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.dll
14223638.c8: supR3HardenedDllNotificationCallback: load 00007ffece130000 LB 0x00186000 C:\WINDOWS\system32\GDI32.dll [fFlags=0x0]
14233638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [avoiding WinVerifyTrust]
14243638.c8: supR3HardenedDllNotificationCallback: load 00007ffecdb30000 LB 0x00156000 C:\WINDOWS\system32\USER32.dll [fFlags=0x0]
14253638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [avoiding WinVerifyTrust]
14263638.c8: supR3HardenedDllNotificationCallback: load 00007ffecdeb0000 LB 0x0027d000 C:\WINDOWS\system32\combase.dll [fFlags=0x0]
14273638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [avoiding WinVerifyTrust]
14283638.c8: supR3HardenedDllNotificationCallback: load 00007ffecdc90000 LB 0x00143000 C:\WINDOWS\system32\ole32.dll [fFlags=0x0]
14293638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
14303638.c8: supR3HardenedDllNotificationCallback: load 00007ffecdde0000 LB 0x000c1000 C:\WINDOWS\system32\OLEAUT32.dll [fFlags=0x0]
14313638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
14323638.c8: supR3HardenedDllNotificationCallback: load 00007ffecfec0000 LB 0x00066000 C:\Program Files\Oracle\VirtualBox\VBoxHeadless.dll [fFlags=0x0]
14333638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.dll
14343638.c8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
14353638.c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rescheduled]
14363638.c8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
14373638.c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rescheduled]
14383638.c8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
14393638.c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
14403638.c8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
14413638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
14423638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\imm32.dll)
14433638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll
14443638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14453638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14463638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [redoing WinVerifyTrust]
14473638.c8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
14483638.c8: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\user32.dll
14493638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
14503638.c8: supR3HardenedDllNotificationCallback: load 00007ffecec20000 LB 0x0003b000 C:\WINDOWS\system32\IMM32.DLL [fFlags=0x0]
14513638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
14523638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecec20000 'C:\WINDOWS\system32\IMM32.DLL'
14533638.c8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
14543638.c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rescheduled]
14553638.c8: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\PROGRA~2\SupTab\SEARCH~2.DLL': 0 (NtPath=\??\C:\PROGRA~2\SupTab\SEARCH~2.DLL; Input=C:\PROGRA~2\SupTab\SEARCH~2.DLL; rcNtGetDll=0x0
14563638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\PROGRA~2\SupTab\SEARCH~2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
14573638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\PROGRA~2\SupTab\SEARCH~2.DLL'
14583638.c8: \Device\HarddiskVolume2\Windows\System32\nvinitx.dll: Owner is administrators group.
14593638.c8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\nvinitx.dll'.
14603638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'version.dll'.
14613638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
14623638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
14633638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nvinitx.dll)
14643638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nvinitx.dll
14653638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
14663638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
14673638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
14683638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14693638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14703638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [redoing WinVerifyTrust]
14713638.c8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
14723638.c8: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\user32.dll
14733638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
14743638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume2\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
14753638.c8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\version.dll'.
14763638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14773638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\version.dll)
14783638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\version.dll
14793638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
14803638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
14813638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\nvinitx.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
14823638.c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nvinitx.dll [avoiding WinVerifyTrust]
14833638.c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll [avoiding WinVerifyTrust]
14843638.c8: supR3HardenedDllNotificationCallback: load 00007ffecb250000 LB 0x0000a000 C:\WINDOWS\SYSTEM32\VERSION.dll [fFlags=0x0]
14853638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll [avoiding WinVerifyTrust]
14863638.c8: supR3HardenedDllNotificationCallback: load 00007ffecb260000 LB 0x00031000 C:\WINDOWS\system32\nvinitx.dll [fFlags=0x0]
14873638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nvinitx.dll [avoiding WinVerifyTrust]
14883638.c8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\version.dll'.
14893638.c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\version.dll' [rescheduled]
14903638.c8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\nvinitx.dll'.
14913638.c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\nvinitx.dll' [rescheduled]
14923638.c8: \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll: Owner is administrators group.
14933638.c8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll'.
14943638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll)
14953638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll
14963638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
14973638.c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll [avoiding WinVerifyTrust]
14983638.c8: supR3HardenedDllNotificationCallback: load 000000000f000000 LB 0x00006000 C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll [fFlags=0x0]
14993638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll [avoiding WinVerifyTrust]
15003638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000000000f000000 'C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll'
15013638.c8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll'.
15023638.c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll' [rescheduled]
15033638.c8: \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\nvd3d9wrapx.dll: Owner is administrators group.
15043638.c8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\nvd3d9wrapx.dll'.
15053638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
15063638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
15073638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
15083638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'setupapi.dll'.
15093638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'detoured.dll'.
15103638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\nvd3d9wrapx.dll)
15113638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\nvd3d9wrapx.dll
15123638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'detoured.dll'...
15133638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'detoured.dll' -> '\Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll' [rcNtRedir=0xc0150008]
15143638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll [redoing WinVerifyTrust]
15153638.c8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll'.
15163638.c8: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll
15173638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
15183638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
15193638.c8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\setupapi.dll'.
15203638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'cfgmgr32.dll'.
15213638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
15223638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
15233638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll)
15243638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
15253638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15263638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15273638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
15283638.c8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
15293638.c8: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\gdi32.dll
15303638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
15313638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
15323638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
15333638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15343638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15353638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [redoing WinVerifyTrust]
15363638.c8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
15373638.c8: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\user32.dll
15383638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
15393638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
15403638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15413638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15423638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
15433638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
15443638.c8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'.
15453638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll)
15463638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
15473638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrapx.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
15483638.c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\nvd3d9wrapx.dll [avoiding WinVerifyTrust]
15493638.c8: supR3HardenedDllNotificationCallback: load 00007ffecbc40000 LB 0x00043000 C:\WINDOWS\system32\CFGMGR32.dll [fFlags=0x0]
15503638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [avoiding WinVerifyTrust]
15513638.c8: supR3HardenedDllNotificationCallback: load 00007ffece580000 LB 0x00429000 C:\WINDOWS\system32\SETUPAPI.dll [fFlags=0x0]
15523638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll [avoiding WinVerifyTrust]
15533638.c8: supR3HardenedDllNotificationCallback: load 00007ffec8a90000 LB 0x00032000 C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrapx.dll [fFlags=0x0]
15543638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\nvd3d9wrapx.dll [avoiding WinVerifyTrust]
15553638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec8a90000 'C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrapx.dll'
15563638.c8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'.
15573638.c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rescheduled]
15583638.c8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\setupapi.dll'.
15593638.c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rescheduled]
15603638.c8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\nvd3d9wrapx.dll'.
15613638.c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\nvd3d9wrapx.dll' [rescheduled]
15623638.c8: \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\nvdxgiwrapx.dll: Owner is administrators group.
15633638.c8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\nvdxgiwrapx.dll'.
15643638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'advapi32.dll'.
15653638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'detoured.dll'.
15663638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\nvdxgiwrapx.dll)
15673638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\nvdxgiwrapx.dll
15683638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'detoured.dll'...
15693638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'detoured.dll' -> '\Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll' [rcNtRedir=0xc0150008]
15703638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll [redoing WinVerifyTrust]
15713638.c8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll'.
15723638.c8: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll
15733638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
15743638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
15753638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
15763638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\NVIDIA Corporation\CoProcManager\nvdxgiwrapx.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
15773638.c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\nvdxgiwrapx.dll [avoiding WinVerifyTrust]
15783638.c8: supR3HardenedDllNotificationCallback: load 00007ffec8a60000 LB 0x00022000 C:\Program Files\NVIDIA Corporation\CoProcManager\nvdxgiwrapx.dll [fFlags=0x0]
15793638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\nvdxgiwrapx.dll [avoiding WinVerifyTrust]
15803638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec8a60000 'C:\Program Files\NVIDIA Corporation\CoProcManager\nvdxgiwrapx.dll'
15813638.c8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\nvdxgiwrapx.dll'.
15823638.c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\nvdxgiwrapx.dll' [rescheduled]
15833638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecb260000 'C:\WINDOWS\system32\nvinitx.dll'
15843638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecfec0000 'C:\Program Files\Oracle\VirtualBox\VBoxHeadless.dll'
15853638.c8: SUPR3HardenedMain: Calling TrustedMain (00007ffecfeca000)...
15863638.c8: supR3HardenedDllNotificationCallback: load 00007ffecb370000 LB 0x0000f000 C:\WINDOWS\system32\kernel.appcore.dll [fFlags=0x0]
15873638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcrt.dll'.
15883638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
15893638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll)
15903638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll
15913638.c8: supR3HardenedDllNotificationCallback: load 00007ffecc1b0000 LB 0x000a7000 C:\WINDOWS\system32\clbcatq.dll [fFlags=0x0]
15923638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
15933638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
15943638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clbcatq.dll)
15953638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
15963638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
15973638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
15983638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15993638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16003638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
16013638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
16023638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16033638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16043638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
16053638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll'
16063638.c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\clbcatq.dll'
16073638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
16083638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll'
16093638.c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll'
16103638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
16113638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
16123638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
16133638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'psapi.dll'.
16143638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
16153638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
16163638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'version.dll'.
16173638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ws2_32.dll'.
16183638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'.
16193638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
16203638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
16213638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
16223638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
16233638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
16243638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
16253638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
16263638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
16273638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
16283638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
16293638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
16303638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
16313638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
16323638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume2\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
16333638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll [redoing WinVerifyTrust]
16343638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
16353638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll'
16363638.c8: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\version.dll'
16373638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
16383638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
16393638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
16403638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
16413638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
16423638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'psapi.dll'...
16433638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'psapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\psapi.dll' [rcNtRedir=0xc0150008]
16443638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
16453638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll'
16463638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\psapi.dll) WinVerifyTrust
16473638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\psapi.dll
16483638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
16493638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
16503638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
16513638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
16523638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
16533638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
16543638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
16553638.c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
16563638.c8: supR3HardenedDllNotificationCallback: load 00007ffecd990000 LB 0x00008000 C:\WINDOWS\system32\PSAPI.DLL [fFlags=0x0]
16573638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\psapi.dll
16583638.c8: supR3HardenedDllNotificationCallback: load 00007ffe8d620000 LB 0x005d7000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
16593638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
16603638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8d620000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
16613638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
16623638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
16633638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecdde0000 'C:\Windows\System32\oleaut32.dll'
16643638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sxs.dll)
16653638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sxs.dll
16663638.c8: supR3HardenedDllNotificationCallback: load 00007ffecb1b0000 LB 0x00099000 C:\WINDOWS\SYSTEM32\sxs.dll [fFlags=0x0]
16673638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sxs.dll [avoiding WinVerifyTrust]
16683638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
16693638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll'
16703638.c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sxs.dll'
16713638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
16723638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\OLEAUT32.dll (Input=OLEAUT32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16733638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecdde0000 'C:\WINDOWS\system32\OLEAUT32.dll'
16743638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
16753638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16763638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecdc90000 'C:\WINDOWS\system32\ole32.dll'
16773638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
16783638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16793638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecdde0000 'C:\WINDOWS\system32\OLEAUT32.dll'
16803638.c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000618 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
16813638.c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000adc760
16823638.c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000adc760
16833638.c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3488B506C76AED41BC3048EF4C38C6A11D8B3CC4
16843638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
16853638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll'
16863638.c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-admin-Package~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll'
16873638.c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16883638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16893638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
16903638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
16913638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
16923638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
16933638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
16943638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
16953638.c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000006fc pwszName=\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
16963638.c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000adc760
16973638.c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000adc760
16983638.c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D0F5B8FB82A59EE0D6149941C8198202D2D48FDA
16993638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
17003638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll'
17013638.c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-admin-Package~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll'
17023638.c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17033638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17043638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'bcrypt.dll'.
17053638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'ws2_32.dll'.
17063638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll) WinVerifyTrust
17073638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
17083638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
17093638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
17103638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
17113638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17123638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17133638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
17143638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
17153638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
17163638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
17173638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
17183638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
17193638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17203638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17213638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
17223638.c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
17233638.c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
17243638.c8: supR3HardenedDllNotificationCallback: load 00007ffebe580000 LB 0x0007f000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [fFlags=0x0]
17253638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
17263638.c8: supR3HardenedDllNotificationCallback: load 00007ffebc4d0000 LB 0x00011000 C:\WINDOWS\system32\wbem\wbemprox.dll [fFlags=0x0]
17273638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
17283638.c8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
17293638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecb400000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
17303638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc4d0000 'C:\WINDOWS\system32\wbem\wbemprox.dll'
17313638.c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000060c pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
17323638.c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000adc760
17333638.c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000adc760
17343638.c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9CE21DDF09B1BCCF1977CBD665E28F9BA3B97D79
17353638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
17363638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll'
17373638.c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-admin-Package~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll'
17383638.c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17393638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17403638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
17413638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
17423638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
17433638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
17443638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
17453638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17463638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17473638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
17483638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
17493638.c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
17503638.c8: supR3HardenedDllNotificationCallback: load 00007ffebb750000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [fFlags=0x0]
17513638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
17523638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebb750000 'C:\WINDOWS\system32\wbem\wbemsvc.dll'
17533638.c8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
17543638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecb400000 'api-ms-win-core-localization-l1-2-0.dll'
17553638.c8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
17563638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecb400000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
17573638.c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000700 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
17583638.c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000adc760
17593638.c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000adc760
17603638.c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AFD9E9630890EA6E6C472D5579966609C56F9EFD
17613638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
17623638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll'
17633638.c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-admin-Package~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll'
17643638.c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17653638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17663638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
17673638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
17683638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
17693638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
17703638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
17713638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
17723638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17733638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17743638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
17753638.c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
17763638.c8: supR3HardenedDllNotificationCallback: load 00007ffebaec0000 LB 0x000f6000 C:\WINDOWS\system32\wbem\fastprox.dll [fFlags=0x0]
17773638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
17783638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebaec0000 'C:\WINDOWS\system32\wbem\fastprox.dll'
17793638.3d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
17803638.3d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
17813638.3d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
17823638.3d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
17833638.3d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
17843638.3d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
17853638.3d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
17863638.3d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
17873638.3d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
17883638.3d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
17893638.3d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
17903638.3d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
17913638.3d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
17923638.3d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
17933638.3d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
17943638.3d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
17953638.3d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
17963638.3d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
17973638.3d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
17983638.3d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17993638.3d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18003638.3d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
18013638.3d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
18023638.3d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
18033638.3d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
18043638.3d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
18053638.3d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18063638.3d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
18073638.3d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
18083638.3d4: supR3HardenedDllNotificationCallback: load 00000000585f0000 LB 0x0010a000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
18093638.3d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
18103638.3d4: supR3HardenedDllNotificationCallback: load 00007ffecfc20000 LB 0x0029c000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
18113638.3d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
18123638.3d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecfc20000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
18133638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
18143638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
18153638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ndis.sys'.
18163638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'netio.sys'.
18173638.35ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetLwf.sys)
18183638.35ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetLwf.sys
18193638.35ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetLwf.sys [avoiding WinVerifyTrust]
18203638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
18213638.35ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\VBoxUSBMon.sys)
18223638.35ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\VBoxUSBMon.sys
18233638.35ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\VBoxUSBMon.sys [avoiding WinVerifyTrust]
18243638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
18253638.35ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\VBoxDrv.sys)
18263638.35ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\VBoxDrv.sys
18273638.35ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\VBoxDrv.sys [avoiding WinVerifyTrust]
18283638.35ec: \Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetAdp6.sys: Owner is administrators group.
18293638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ndis.sys'.
18303638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ntoskrnl.exe'.
18313638.35ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetAdp6.sys)
18323638.35ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetAdp6.sys
18333638.35ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetAdp6.sys [avoiding WinVerifyTrust]
18343638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
18353638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
18363638.35ec: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe'.
18373638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'hal.dll'.
18383638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'pshed.dll'.
18393638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'bootvid.dll'.
18403638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'kdcom.dll'.
18413638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ci.dll'.
18423638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'msrpc.sys'.
18433638.35ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe)
18443638.35ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe
18453638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ndis.sys'...
18463638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ndis.sys' -> '\Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys' [rcNtRedir=0xc0150008]
18473638.35ec: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys'.
18483638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
18493638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
18503638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'netio.sys'.
18513638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'wpprecorder.sys'.
18523638.35ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys)
18533638.35ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys
18543638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
18553638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
18563638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
18573638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
18583638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
18593638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
18603638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netio.sys'...
18613638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'netio.sys' -> '\Device\HarddiskVolume2\Windows\System32\drivers\netio.sys' [rcNtRedir=0xc0150008]
18623638.35ec: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\drivers\netio.sys'.
18633638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
18643638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ndis.sys'.
18653638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msrpc.sys'.
18663638.35ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\netio.sys)
18673638.35ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\netio.sys
18683638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ndis.sys'...
18693638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ndis.sys' -> '\Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys' [rcNtRedir=0xc0150008]
18703638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys [lacks WinVerifyTrust]
18713638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
18723638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
18733638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
18743638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msrpc.sys'...
18753638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msrpc.sys' -> '\Device\HarddiskVolume2\Windows\System32\drivers\msrpc.sys' [rcNtRedir=0xc0150008]
18763638.35ec: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\drivers\msrpc.sys'.
18773638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
18783638.35ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\msrpc.sys)
18793638.35ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\msrpc.sys
18803638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ndis.sys'...
18813638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ndis.sys' -> '\Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys' [rcNtRedir=0xc0150008]
18823638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys [lacks WinVerifyTrust]
18833638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
18843638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
18853638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
18863638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wpprecorder.sys'...
18873638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'wpprecorder.sys' -> '\Device\HarddiskVolume2\Windows\System32\drivers\wpprecorder.sys' [rcNtRedir=0xc0150008]
18883638.35ec: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\drivers\WppRecorder.sys'.
18893638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
18903638.35ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\WppRecorder.sys)
18913638.35ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\WppRecorder.sys
18923638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netio.sys'...
18933638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'netio.sys' -> '\Device\HarddiskVolume2\Windows\System32\drivers\netio.sys' [rcNtRedir=0xc0150008]
18943638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\netio.sys [lacks WinVerifyTrust]
18953638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
18963638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume2\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
18973638.35ec: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\hal.dll'.
18983638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
18993638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'kdcom.dll'.
19003638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'pshed.dll'.
19013638.35ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\hal.dll)
19023638.35ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\hal.dll
19033638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
19043638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
19053638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
19063638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msrpc.sys'...
19073638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Failed to locate 'msrpc.sys'
19083638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ci.dll'...
19093638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ci.dll' -> '\Device\HarddiskVolume2\Windows\System32\ci.dll' [rcNtRedir=0xc0150008]
19103638.35ec: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\ci.dll'.
19113638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
19123638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
19133638.35ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ci.dll)
19143638.35ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ci.dll
19153638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'kdcom.dll'...
19163638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'kdcom.dll' -> '\Device\HarddiskVolume2\Windows\System32\kdcom.dll' [rcNtRedir=0xc0150008]
19173638.35ec: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\kdcom.dll'.
19183638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
19193638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
19203638.35ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kdcom.dll)
19213638.35ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kdcom.dll
19223638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bootvid.dll'...
19233638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'bootvid.dll' -> '\Device\HarddiskVolume2\Windows\System32\bootvid.dll' [rcNtRedir=0xc0150008]
19243638.35ec: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\BOOTVID.DLL'.
19253638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
19263638.35ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\BOOTVID.DLL)
19273638.35ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\BOOTVID.DLL
19283638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'pshed.dll'...
19293638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'pshed.dll' -> '\Device\HarddiskVolume2\Windows\System32\pshed.dll' [rcNtRedir=0xc0150008]
19303638.35ec: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\PSHED.DLL'.
19313638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
19323638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
19333638.35ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\PSHED.DLL)
19343638.35ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\PSHED.DLL
19353638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
19363638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume2\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
19373638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\hal.dll [lacks WinVerifyTrust]
19383638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
19393638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume2\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
19403638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\hal.dll [lacks WinVerifyTrust]
19413638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
19423638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
19433638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
19443638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
19453638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
19463638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
19473638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
19483638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume2\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
19493638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\hal.dll [lacks WinVerifyTrust]
19503638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
19513638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
19523638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
19533638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
19543638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume2\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
19553638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\hal.dll [lacks WinVerifyTrust]
19563638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
19573638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
19583638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
19593638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'pshed.dll'...
19603638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'pshed.dll' -> '\Device\HarddiskVolume2\Windows\System32\pshed.dll' [rcNtRedir=0xc0150008]
19613638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\PSHED.DLL [lacks WinVerifyTrust]
19623638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'kdcom.dll'...
19633638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'kdcom.dll' -> '\Device\HarddiskVolume2\Windows\System32\kdcom.dll' [rcNtRedir=0xc0150008]
19643638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kdcom.dll [lacks WinVerifyTrust]
19653638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
19663638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
19673638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
19683638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
19693638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
19703638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
19713638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
19723638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
19733638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
19743638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
19753638.35ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetAdp6.sys'
19763638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
19773638.35ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\drivers\VBoxDrv.sys'
19783638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
19793638.35ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\drivers\VBoxUSBMon.sys'
19803638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
19813638.35ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetLwf.sys'
19823638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
19833638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll'
19843638.35ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\PSHED.DLL'
19853638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
19863638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll'
19873638.35ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\BOOTVID.DLL'
19883638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
19893638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll'
19903638.35ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kdcom.dll'
19913638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
19923638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll'
19933638.35ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ci.dll'
19943638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
19953638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll'
19963638.35ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\hal.dll'
19973638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
19983638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll'
19993638.35ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\drivers\WppRecorder.sys'
20003638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
20013638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll'
20023638.35ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\drivers\msrpc.sys'
20033638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
20043638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll'
20053638.35ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\drivers\netio.sys'
20063638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
20073638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll'
20083638.35ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys'
20093638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
20103638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll'
20113638.35ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe'
20123638.35ec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000744 pwszName=\Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll
20133638.35ec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000adc760
20143638.35ec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000adc760
20153638.35ec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CFB385060B4FA365AB9E4DC16369A36F5D635690
20163638.35ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
20173638.35ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20183638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
20193638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll'
20203638.35ec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-net~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll'
20213638.35ec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20223638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20233638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
20243638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'oleaut32.dll'.
20253638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'ws2_32.dll'.
20263638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'netsetupapi.dll'.
20273638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'setupapi.dll'.
20283638.35ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll) WinVerifyTrust
20293638.35ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll
20303638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
20313638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
20323638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll [redoing WinVerifyTrust]
20333638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
20343638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll'
20353638.35ec: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\setupapi.dll'
20363638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netsetupapi.dll'...
20373638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'netsetupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\netsetupapi.dll' [rcNtRedir=0xc0150008]
20383638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
20393638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll'
20403638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20413638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
20423638.35ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\NetSetupApi.dll) WinVerifyTrust
20433638.35ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\NetSetupApi.dll
20443638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
20453638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
20463638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
20473638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
20483638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
20493638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
20503638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
20513638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
20523638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20533638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20543638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
20553638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
20563638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
20573638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20583638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20593638.35ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\NetSetupShim.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
20603638.35ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll
20613638.35ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\NetSetupApi.dll
20623638.35ec: supR3HardenedDllNotificationCallback: load 00007ffebf850000 LB 0x0001f000 C:\Windows\System32\NetSetupApi.dll [fFlags=0x0]
20633638.35ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\NetSetupApi.dll
20643638.35ec: supR3HardenedDllNotificationCallback: load 00007ffebf870000 LB 0x00079000 C:\Windows\System32\NetSetupShim.dll [fFlags=0x0]
20653638.35ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll
20663638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebf870000 'C:\Windows\System32\NetSetupShim.dll'
20673638.3f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
20683638.3f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
20693638.3f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
20703638.3f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
20713638.3f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
20723638.3f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
20733638.3f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
20743638.3f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20753638.3f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20763638.3f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [redoing WinVerifyTrust]
20773638.3f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
20783638.3f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll'
20793638.3f4: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll'
20803638.3f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
20813638.3f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
20823638.3f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
20833638.3f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
20843638.3f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
20853638.3f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
20863638.3f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
20873638.3f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
20883638.3f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20893638.3f4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
20903638.3f4: supR3HardenedDllNotificationCallback: load 00007ffecffa0000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
20913638.3f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
20923638.3f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecffa0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
20933638.508: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000860 pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll
20943638.508: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000adc760
20953638.508: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000adc760
20963638.560: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
20973638.508: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4F9BD6CD3F872DBBFCD5F712A95134C3D7F47679
20983638.560: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
20993638.560: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
21003638.560: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
21013638.560: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
21023638.560: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
21033638.560: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
21043638.508: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
21053638.560: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
21063638.560: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
21073638.560: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
21083638.560: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
21093638.560: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
21103638.560: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
21113638.560: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
21123638.560: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21133638.560: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
21143638.560: supR3HardenedDllNotificationCallback: load 00007ffecff90000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
21153638.560: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
21163638.560: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecff90000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
21173638.438: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
21183638.438: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
21193638.438: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
21203638.438: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
21213638.438: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
21223638.438: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
21233638.438: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
21243638.438: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
21253638.438: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
21263638.438: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
21273638.438: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
21283638.438: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
21293638.438: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
21303638.438: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
21313638.438: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21323638.438: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
21333638.438: supR3HardenedDllNotificationCallback: load 00007ffecff80000 LB 0x0000f000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
21343638.438: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
21353638.438: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecff80000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
21363638.2f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
21373638.2f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
21383638.2f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
21393638.2f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
21403638.2f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
21413638.2f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
21423638.2f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
21433638.2f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
21443638.2f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
21453638.2f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
21463638.2f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
21473638.2f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
21483638.2f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
21493638.2f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21503638.2f4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
21513638.2f4: supR3HardenedDllNotificationCallback: load 00007ffecff70000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
21523638.508: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll'
21533638.2f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
21543638.2f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecff70000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
21553638.508: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-shell~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\uxtheme.dll'
21563638.508: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21573638.508: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21583638.508: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'gdi32.dll'.
21593638.508: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'user32.dll'.
21603638.508: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll) WinVerifyTrust
21613638.508: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
21623638.508: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
21633638.508: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
21643638.508: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
21653638.508: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
21663638.508: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
21673638.508: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
21683638.508: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
21693638.508: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll'
21703638.508: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
21713638.508: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21723638.508: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21733638.508: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
21743638.508: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
21753638.508: supR3HardenedDllNotificationCallback: load 00007ffec9ca0000 LB 0x00096000 C:\WINDOWS\system32\uxtheme.dll [fFlags=0x0]
21763638.508: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
21773638.508: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec9ca0000 'C:\WINDOWS\system32\uxtheme.dll'
21783638.508: supR3HardenedDllNotificationCallback: load 00007ffecd830000 LB 0x0015a000 C:\WINDOWS\system32\MSCTF.dll [fFlags=0x0]
21793638.508: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21803638.508: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
21813638.508: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'gdi32.dll'.
21823638.508: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'imm32.dll'.
21833638.508: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msctf.dll)
21843638.508: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll
21853638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
21863638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
21873638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
21883638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
21893638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
21903638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
21913638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
21923638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
21933638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
21943638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21953638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21963638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
21973638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll'
21983638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21993638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #65 'user32.dll'.
22003638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #67 'gdi32.dll'.
22013638.35ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll) WinVerifyTrust
22023638.35ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
22033638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
22043638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
22053638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
22063638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
22073638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
22083638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22093638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22103638.35ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32/Shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22113638.35ec: supR3HardenedDllNotificationCallback: load 00007ffececf0000 LB 0x00052000 C:\WINDOWS\system32\shlwapi.dll [fFlags=0x0]
22123638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
22133638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #41 'gdi32.dll'.
22143638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'user32.dll'.
22153638.35ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll)
22163638.35ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
22173638.35ec: supR3HardenedDllNotificationCallback: load 00007ffecbc90000 LB 0x000b5000 C:\WINDOWS\system32\shcore.dll [fFlags=0x0]
22183638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22193638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'rpcrt4.dll'.
22203638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'combase.dll'.
22213638.35ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\SHCore.dll)
22223638.35ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\SHCore.dll
22233638.35ec: supR3HardenedDllNotificationCallback: load 0000000004930000 LB 0x0004b000 C:\WINDOWS\system32\powrprof.dll [fFlags=0x0]
22243638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22253638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
22263638.35ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\powrprof.dll)
22273638.35ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\powrprof.dll
22283638.35ec: supR3HardenedDllNotificationCallback: load 00007ffecb5f0000 LB 0x00644000 C:\WINDOWS\system32\windows.storage.dll [fFlags=0x0]
22293638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22303638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
22313638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #59 'combase.dll'.
22323638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #66 'profapi.dll'.
22333638.35ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\windows.storage.dll)
22343638.35ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\windows.storage.dll
22353638.35ec: supR3HardenedDllNotificationCallback: load 00007ffecc260000 LB 0x0155f000 C:\WINDOWS\system32\Shell32.dll [fFlags=0x0]
22363638.35ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
22373638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecc260000 'C:\WINDOWS\system32/Shell32.dll'
22383638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
22393638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
22403638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll
22413638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
22423638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
22433638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [lacks WinVerifyTrust]
22443638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
22453638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
22463638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22473638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22483638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
22493638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
22503638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22513638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22523638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
22533638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
22543638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [lacks WinVerifyTrust]
22553638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
22563638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
22573638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22583638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22593638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
22603638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
22613638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
22623638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
22633638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
22643638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22653638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22663638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
22673638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll'
22683638.35ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\windows.storage.dll'
22693638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
22703638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll'
22713638.35ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\powrprof.dll'
22723638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
22733638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll'
22743638.35ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\SHCore.dll'
22753638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
22763638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll'
22773638.35ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
22783638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
22793638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll'
22803638.35ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll'
22813638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
22823638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
22833638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
22843638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
22853638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
22863638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
22873638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
22883638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
22893638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
22903638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
22913638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
22923638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
22933638.35ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
22943638.35ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
22953638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
22963638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
22973638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
22983638.35ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
22993638.35ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23003638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll'
23013638.35ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
23023638.35ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
23033638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
23043638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
23053638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
23063638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
23073638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
23083638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
23093638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
23103638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
23113638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
23123638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
23133638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
23143638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
23153638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
23163638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
23173638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
23183638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
23193638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
23203638.35ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
23213638.35ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
23223638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
23233638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
23243638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
23253638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
23263638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
23273638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
23283638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
23293638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
23303638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
23313638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
23323638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
23333638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
23343638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
23353638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
23363638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'newdev.dll'.
23373638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
23383638.35ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
23393638.35ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
23403638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
23413638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
23423638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
23433638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
23443638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
23453638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
23463638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
23473638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
23483638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
23493638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
23503638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'newdev.dll'...
23513638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'newdev.dll' -> '\Device\HarddiskVolume2\Windows\System32\newdev.dll' [rcNtRedir=0xc0150008]
23523638.35ec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000844 pwszName=\Device\HarddiskVolume2\Windows\System32\newdev.dll
23533638.35ec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000adc760
23543638.35ec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000adc760
23553638.35ec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=668FD39FDE68075AB44D78A92AF8BD445DF77C1A
23563638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
23573638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll'
23583638.35ec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-base~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\newdev.dll'
23593638.35ec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
23603638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23613638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
23623638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'gdi32.dll'.
23633638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'uxtheme.dll'.
23643638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'cfgmgr32.dll'.
23653638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'setupapi.dll'.
23663638.35ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\newdev.dll) WinVerifyTrust
23673638.35ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\newdev.dll
23683638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
23693638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
23703638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
23713638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
23723638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
23733638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
23743638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
23753638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
23763638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
23773638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
23783638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
23793638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
23803638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
23813638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
23823638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [redoing WinVerifyTrust]
23833638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
23843638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll'
23853638.35ec: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
23863638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uxtheme.dll'...
23873638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'uxtheme.dll' -> '\Device\HarddiskVolume2\Windows\System32\uxtheme.dll' [rcNtRedir=0xc0150008]
23883638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
23893638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
23903638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
23913638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
23923638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
23933638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23943638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23953638.35ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23963638.35ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
23973638.35ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
23983638.35ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
23993638.35ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
24003638.35ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\newdev.dll
24013638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24023638.35ec: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\devrtl.dll)
24033638.35ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devrtl.dll
24043638.35ec: supR3HardenedDllNotificationCallback: load 00007ffec4b30000 LB 0x00013000 C:\WINDOWS\SYSTEM32\devrtl.DLL [fFlags=0x0]
24053638.35ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\devrtl.dll [avoiding WinVerifyTrust]
24063638.35ec: supR3HardenedDllNotificationCallback: load 00007ffe8f4e0000 LB 0x00082000 C:\WINDOWS\SYSTEM32\newdev.dll [fFlags=0x0]
24073638.35ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\newdev.dll
24083638.35ec: supR3HardenedDllNotificationCallback: load 00007ffe986f0000 LB 0x00061000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
24093638.35ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
24103638.35ec: supR3HardenedDllNotificationCallback: load 00007ffecff30000 LB 0x00035000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
24113638.35ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
24123638.35ec: supR3HardenedDllNotificationCallback: load 00007ffec77b0000 LB 0x00038000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
24133638.35ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
24143638.35ec: supR3HardenedDllNotificationCallback: load 00007ffecf330000 LB 0x008e3000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
24153638.35ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
24163638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecf330000 'C:\Program Files\Oracle\VirtualBox/VBoxDD.DLL'
24173638.35ec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a44 pwszName=\Device\HarddiskVolume2\Windows\System32\devrtl.dll
24183638.35ec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000adc760
24193638.35ec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000adc760
24203638.35ec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9566730BDA7E6EB3E1397940D3DD3BA80C5317F3
24213638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24223638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24233638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
24243638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll'
24253638.35ec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-base~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\devrtl.dll'
24263638.35ec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24273638.35ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\devrtl.dll'
24283638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
24293638.35ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
24303638.35ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24313638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8d620000 'C:\Program Files\Oracle\VirtualBox/VBoxC.DLL'
24323638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
24333638.35ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
24343638.35ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24353638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecff30000 'C:\Program Files\Oracle\VirtualBox/VBoxDD2.DLL'
24363638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
24373638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
24383638.1330: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll'
24393638.1330: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
24403638.1330: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
24413638.1330: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
24423638.1330: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
24433638.1330: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
24443638.1330: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
24453638.1330: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
24463638.1330: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
24473638.1330: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
24483638.1330: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
24493638.1330: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24503638.1330: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
24513638.1330: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24523638.1330: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
24533638.1330: supR3HardenedDllNotificationCallback: load 00007ffecf320000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
24543638.1330: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
24553638.1330: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecf320000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
24563638.35ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
24573638.35ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32/Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24583638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec77b0000 'C:\WINDOWS\system32/Iphlpapi.dll'
24593638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
24603638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
24613638.35ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winnsi.dll)
24623638.35ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winnsi.dll
24633638.35ec: supR3HardenedDllNotificationCallback: load 00007ffecda70000 LB 0x00008000 C:\WINDOWS\system32\NSI.dll [fFlags=0x0]
24643638.35ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll)
24653638.35ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll
24663638.35ec: supR3HardenedDllNotificationCallback: load 00007ffec72d0000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\WINNSI.DLL [fFlags=0x0]
24673638.35ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll [avoiding WinVerifyTrust]
24683638.35ec: supR3HardenedDllNotificationCallback: Unload 00007ffecf330000 LB 0x008e3000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [flags=0x0]
24693638.35ec: supR3HardenedDllNotificationCallback: Unload 00007ffe986f0000 LB 0x00061000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [flags=0x0]
24703638.35ec: supR3HardenedDllNotificationCallback: Unload 00007ffe8f4e0000 LB 0x00082000 C:\WINDOWS\SYSTEM32\newdev.dll [flags=0x0]
24713638.35ec: supR3HardenedDllNotificationCallback: Unload 00007ffec4b30000 LB 0x00013000 C:\WINDOWS\SYSTEM32\devrtl.DLL [flags=0x0]
24723638.35ec: supR3HardenedDllNotificationCallback: Unload 00007ffecff30000 LB 0x00035000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [flags=0x0]
24733638.1330: supR3HardenedDllNotificationCallback: Unload 00007ffecf320000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [flags=0x0]
24743638.2f4: supR3HardenedDllNotificationCallback: Unload 00007ffecff70000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [flags=0x0]
24753638.438: supR3HardenedDllNotificationCallback: Unload 00007ffecff80000 LB 0x0000f000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [flags=0x0]
24763638.560: supR3HardenedDllNotificationCallback: Unload 00007ffecff90000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [flags=0x0]
24773638.3f4: supR3HardenedDllNotificationCallback: Unload 00007ffecffa0000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [flags=0x0]
24783638.c8: supR3HardenedDllNotificationCallback: Unload 00007ffebb750000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [flags=0x0]
24793638.c8: supR3HardenedDllNotificationCallback: Unload 00007ffebaec0000 LB 0x000f6000 C:\WINDOWS\system32\wbem\fastprox.dll [flags=0x0]
24803638.c8: supR3HardenedDllNotificationCallback: Unload 00007ffebc4d0000 LB 0x00011000 C:\WINDOWS\system32\wbem\wbemprox.dll [flags=0x0]
24813638.c8: supR3HardenedDllNotificationCallback: Unload 00007ffebe580000 LB 0x0007f000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [flags=0x0]
24823638.c8: supR3HardenedDllNotificationCallback: Unload 00007ffe8d620000 LB 0x005d7000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [flags=0x0]
24833638.c8: supR3HardenedDllNotificationCallback: Unload 00007ffecd990000 LB 0x00008000 C:\WINDOWS\system32\PSAPI.DLL [flags=0x0]
24843638.c8: supR3HardenedDllNotificationCallback: Unload 00007ffebf870000 LB 0x00079000 C:\Windows\System32\NetSetupShim.dll [flags=0x0]
24853638.c8: supR3HardenedDllNotificationCallback: Unload 00007ffebf850000 LB 0x0001f000 C:\Windows\System32\NetSetupApi.dll [flags=0x0]
24863638.c8: Terminating the normal way: rcExit=0
24873744.1e94: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 2986 ms, the end);
248829c.12f4: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 3663 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy