VirtualBox

Ticket #14957: win 10-2015-12-20-21-50-35.log

File win 10-2015-12-20-21-50-35.log, 406.5 KB (added by bugger, 9 years ago)
Line 
1197c.21a8: Log file opened: 5.0.11r104704 g_hStartupLog=0000000000000058 g_uNtVerCombined=0xa0295a00
2197c.21a8: \SystemRoot\System32\ntdll.dll:
3197c.21a8: CreationTime: 2015-12-09T00:06:03.521315100Z
4197c.21a8: LastWriteTime: 2015-11-24T12:07:40.779862300Z
5197c.21a8: ChangeTime: 2015-12-11T02:17:43.498660400Z
6197c.21a8: FileAttributes: 0x20
7197c.21a8: Size: 0x1bba48
8197c.21a8: NT Headers: 0xe0
9197c.21a8: Timestamp: 0x56540c3b
10197c.21a8: Machine: 0x8664 - amd64
11197c.21a8: Timestamp: 0x56540c3b
12197c.21a8: Image Version: 10.0
13197c.21a8: SizeOfImage: 0x1c1000 (1839104)
14197c.21a8: Resource Dir: 0x159000 LB 0x66218
15197c.21a8: ProductName: Microsoft® Windows® Operating System
16197c.21a8: ProductVersion: 10.0.10586.20
17197c.21a8: FileVersion: 10.0.10586.20 (th2_release_sec.151123-1940)
18197c.21a8: FileDescription: NT Layer DLL
19197c.21a8: \SystemRoot\System32\kernel32.dll:
20197c.21a8: CreationTime: 2015-10-30T07:17:46.221743200Z
21197c.21a8: LastWriteTime: 2015-10-30T07:17:46.221743200Z
22197c.21a8: ChangeTime: 2015-12-08T03:45:22.195823500Z
23197c.21a8: FileAttributes: 0x20
24197c.21a8: Size: 0xac430
25197c.21a8: NT Headers: 0xf0
26197c.21a8: Timestamp: 0x5632d5aa
27197c.21a8: Machine: 0x8664 - amd64
28197c.21a8: Timestamp: 0x5632d5aa
29197c.21a8: Image Version: 10.0
30197c.21a8: SizeOfImage: 0xad000 (708608)
31197c.21a8: Resource Dir: 0xab000 LB 0x528
32197c.21a8: ProductName: Microsoft® Windows® Operating System
33197c.21a8: ProductVersion: 10.0.10586.0
34197c.21a8: FileVersion: 10.0.10586.0 (th2_release.151029-1700)
35197c.21a8: FileDescription: Windows NT BASE API Client DLL
36197c.21a8: \SystemRoot\System32\KernelBase.dll:
37197c.21a8: CreationTime: 2015-10-30T07:18:03.596688800Z
38197c.21a8: LastWriteTime: 2015-10-30T07:18:03.596688800Z
39197c.21a8: ChangeTime: 2015-12-08T03:45:22.248911500Z
40197c.21a8: FileAttributes: 0x20
41197c.21a8: Size: 0x1e7a08
42197c.21a8: NT Headers: 0xf0
43197c.21a8: Timestamp: 0x5632d1de
44197c.21a8: Machine: 0x8664 - amd64
45197c.21a8: Timestamp: 0x5632d1de
46197c.21a8: Image Version: 10.0
47197c.21a8: SizeOfImage: 0x1e8000 (1998848)
48197c.21a8: Resource Dir: 0x1d1000 LB 0x540
49197c.21a8: ProductName: Microsoft® Windows® Operating System
50197c.21a8: ProductVersion: 10.0.10586.0
51197c.21a8: FileVersion: 10.0.10586.0 (th2_release.151029-1700)
52197c.21a8: FileDescription: Windows NT BASE API Client DLL
53197c.21a8: \SystemRoot\System32\apisetschema.dll:
54197c.21a8: CreationTime: 2015-10-30T07:17:57.502957900Z
55197c.21a8: LastWriteTime: 2015-10-30T07:17:57.502957900Z
56197c.21a8: ChangeTime: 2015-12-08T03:30:46.754396000Z
57197c.21a8: FileAttributes: 0x20
58197c.21a8: Size: 0x16d60
59197c.21a8: NT Headers: 0xc8
60197c.21a8: Timestamp: 0x5632d94c
61197c.21a8: Machine: 0x8664 - amd64
62197c.21a8: Timestamp: 0x5632d94c
63197c.21a8: Image Version: 10.0
64197c.21a8: SizeOfImage: 0x18000 (98304)
65197c.21a8: Resource Dir: 0x17000 LB 0x400
66197c.21a8: ProductName: Microsoft® Windows® Operating System
67197c.21a8: ProductVersion: 10.0.10586.0
68197c.21a8: FileVersion: 10.0.10586.0 (th2_release.151029-1700)
69197c.21a8: FileDescription: ApiSet Schema DLL
70197c.21a8: NtOpenDirectoryObject failed on \Driver: 0xc0000022
71197c.21a8: supR3HardenedWinFindAdversaries: 0x180
72197c.21a8: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
73197c.21a8: CreationTime: 2015-12-07T14:54:08.257271500Z
74197c.21a8: LastWriteTime: 2015-12-07T14:54:24.446955800Z
75197c.21a8: ChangeTime: 2015-12-08T01:22:33.385983100Z
76197c.21a8: FileAttributes: 0x2020
77197c.21a8: Size: 0x2eed8
78197c.21a8: NT Headers: 0xe0
79197c.21a8: Timestamp: 0x55b855d9
80197c.21a8: Machine: 0x8664 - amd64
81197c.21a8: Timestamp: 0x55b855d9
82197c.21a8: Image Version: 6.1
83197c.21a8: SizeOfImage: 0x33000 (208896)
84197c.21a8: Resource Dir: 0x31000 LB 0x3b8
85197c.21a8: ProductName: Malwarebytes Anti-Malware
86197c.21a8: ProductVersion: 0.3.0.0
87197c.21a8: FileVersion: 0.3.0.0
88197c.21a8: FileDescription: Malwarebytes Anti-Malware
89197c.21a8: \SystemRoot\System32\drivers\mwac.sys:
90197c.21a8: CreationTime: 2015-12-07T14:53:46.256134800Z
91197c.21a8: LastWriteTime: 2015-10-05T14:50:22.000000000Z
92197c.21a8: ChangeTime: 2015-12-08T01:22:33.385983100Z
93197c.21a8: FileAttributes: 0x2020
94197c.21a8: Size: 0xfad8
95197c.21a8: NT Headers: 0xe0
96197c.21a8: Timestamp: 0x53a0f444
97197c.21a8: Machine: 0x8664 - amd64
98197c.21a8: Timestamp: 0x53a0f444
99197c.21a8: Image Version: 6.2
100197c.21a8: SizeOfImage: 0x13000 (77824)
101197c.21a8: Resource Dir: 0x11000 LB 0x3e0
102197c.21a8: ProductName: Malwarebytes Web Access Control
103197c.21a8: ProductVersion: 1.0.6.0
104197c.21a8: FileVersion: 1.0.6.0
105197c.21a8: FileDescription: Malwarebytes Web Access Control
106197c.21a8: \SystemRoot\System32\drivers\mbamchameleon.sys:
107197c.21a8: CreationTime: 2015-12-07T14:53:46.271764900Z
108197c.21a8: LastWriteTime: 2015-10-05T14:50:10.000000000Z
109197c.21a8: ChangeTime: 2015-12-08T01:22:33.385983100Z
110197c.21a8: FileAttributes: 0x2020
111197c.21a8: Size: 0x1aad8
112197c.21a8: NT Headers: 0xd8
113197c.21a8: Timestamp: 0x55c103c3
114197c.21a8: Machine: 0x8664 - amd64
115197c.21a8: Timestamp: 0x55c103c3
116197c.21a8: Image Version: 6.1
117197c.21a8: SizeOfImage: 0x1e000 (122880)
118197c.21a8: Resource Dir: 0x1c000 LB 0xba8
119197c.21a8: ProductName: Malwarebytes Chameleon
120197c.21a8: ProductVersion: 1.1.21.0
121197c.21a8: FileVersion: 1.1.21.0
122197c.21a8: FileDescription: Malwarebytes Chameleon Protection Driver
123197c.21a8: \SystemRoot\System32\drivers\mbam.sys:
124197c.21a8: CreationTime: 2015-12-07T14:53:46.256134800Z
125197c.21a8: LastWriteTime: 2015-10-05T14:50:06.000000000Z
126197c.21a8: ChangeTime: 2015-12-08T01:22:33.385983100Z
127197c.21a8: FileAttributes: 0x2020
128197c.21a8: Size: 0x64d8
129197c.21a8: NT Headers: 0xd8
130197c.21a8: Timestamp: 0x55ca3257
131197c.21a8: Machine: 0x8664 - amd64
132197c.21a8: Timestamp: 0x55ca3257
133197c.21a8: Image Version: 6.1
134197c.21a8: SizeOfImage: 0xa000 (40960)
135197c.21a8: Resource Dir: 0x8000 LB 0x3a0
136197c.21a8: ProductName: Malwarebytes Anti-Malware
137197c.21a8: ProductVersion: 0.1.16.0
138197c.21a8: FileVersion: 0.1.16.0
139197c.21a8: FileDescription: Malwarebytes Anti-Malware
140197c.21a8: \SystemRoot\System32\drivers\avgrkx64.sys:
141197c.21a8: CreationTime: 2015-03-20T17:18:18.000000000Z
142197c.21a8: LastWriteTime: 2015-08-10T19:25:40.000000000Z
143197c.21a8: ChangeTime: 2015-12-11T00:59:33.156302000Z
144197c.21a8: FileAttributes: 0x20
145197c.21a8: Size: 0xa5b0
146197c.21a8: NT Headers: 0xe8
147197c.21a8: Timestamp: 0x55c8a651
148197c.21a8: Machine: 0x8664 - amd64
149197c.21a8: Timestamp: 0x55c8a651
150197c.21a8: Image Version: 6.2
151197c.21a8: SizeOfImage: 0xa000 (40960)
152197c.21a8: Resource Dir: 0x9000 LB 0x4e4
153197c.21a8: ProductName: AVG Internet Security
154197c.21a8: ProductVersion: 16.0.0.7018
155197c.21a8: FileVersion: 16.0.0.7018
156197c.21a8: SpecialBuild: AvCompile_2015_0810_152249(7018), SVNRev bcda0285b62dd6766bbf558cb0e562271f6e2fd5 (av/devel), av
157197c.21a8: PrivateBuild: x64 Release_Unicode_DRIVER
158197c.21a8: FileDescription: AVG Anti-Rootkit Driver
159197c.21a8: \SystemRoot\System32\drivers\avgmfx64.sys:
160197c.21a8: CreationTime: 2015-11-06T20:49:38.000000000Z
161197c.21a8: LastWriteTime: 2015-11-06T20:49:38.000000000Z
162197c.21a8: ChangeTime: 2015-12-11T00:59:36.550726200Z
163197c.21a8: FileAttributes: 0x20
164197c.21a8: Size: 0x3e9b0
165197c.21a8: NT Headers: 0xd8
166197c.21a8: Timestamp: 0x563cbdfe
167197c.21a8: Machine: 0x8664 - amd64
168197c.21a8: Timestamp: 0x563cbdfe
169197c.21a8: Image Version: 6.2
170197c.21a8: SizeOfImage: 0x3f000 (258048)
171197c.21a8: Resource Dir: 0x3d000 LB 0x55c
172197c.21a8: ProductName: AVG Internet Security
173197c.21a8: ProductVersion: 16.10.0.7261
174197c.21a8: FileVersion: 16.10.0.7261
175197c.21a8: SpecialBuild: AvCompile_2015_1106_154256(7261), SVNRev 60acb51db486a91a637a0638931db84615308444 (release/SmallUpdate2016-02_beta), av, gbn 16.10.1.36830
176197c.21a8: PrivateBuild: x64 Release_Unicode_DRIVER
177197c.21a8: FileDescription: AVG Resident Shield Minifilter Driver
178197c.21a8: \SystemRoot\System32\drivers\avgidsdrivera.sys:
179197c.21a8: CreationTime: 2015-10-05T16:14:06.000000000Z
180197c.21a8: LastWriteTime: 2015-11-06T20:49:38.000000000Z
181197c.21a8: ChangeTime: 2015-12-11T00:59:37.466636400Z
182197c.21a8: FileAttributes: 0x20
183197c.21a8: Size: 0x4c9b0
184197c.21a8: NT Headers: 0xe8
185197c.21a8: Timestamp: 0x563cbdff
186197c.21a8: Machine: 0x8664 - amd64
187197c.21a8: Timestamp: 0x563cbdff
188197c.21a8: Image Version: 6.2
189197c.21a8: SizeOfImage: 0x53000 (339968)
190197c.21a8: Resource Dir: 0x51000 LB 0x57c
191197c.21a8: ProductName: AVG Internet Security
192197c.21a8: ProductVersion: 16.10.0.7261
193197c.21a8: FileVersion: 16.10.0.7261
194197c.21a8: SpecialBuild: AvCompile_2015_1106_154256(7261), SVNRev 60acb51db486a91a637a0638931db84615308444 (release/SmallUpdate2016-02_beta), av, gbn 16.10.1.36830
195197c.21a8: PrivateBuild: x64 Release_Unicode_DRIVER
196197c.21a8: FileDescription: AVG IDS Application Activity Monitor Driver.
197197c.21a8: \SystemRoot\System32\drivers\avgidsha.sys:
198197c.21a8: CreationTime: 2015-08-19T16:53:56.000000000Z
199197c.21a8: LastWriteTime: 2015-08-20T17:58:04.000000000Z
200197c.21a8: ChangeTime: 2015-12-11T00:59:37.364311900Z
201197c.21a8: FileAttributes: 0x20
202197c.21a8: Size: 0x48db0
203197c.21a8: NT Headers: 0xd8
204197c.21a8: Timestamp: 0x55d5c0c9
205197c.21a8: Machine: 0x8664 - amd64
206197c.21a8: Timestamp: 0x55d5c0c9
207197c.21a8: Image Version: 6.2
208197c.21a8: SizeOfImage: 0x49000 (299008)
209197c.21a8: Resource Dir: 0x47000 LB 0x52c
210197c.21a8: ProductName: AVG Internet Security
211197c.21a8: ProductVersion: 16.1.0.7028
212197c.21a8: FileVersion: 16.1.0.7028
213197c.21a8: SpecialBuild: AvCompile_2015_0820_135459(7028), SVNRev f4234d401b085a2f130f926a678ec233158e4b7d (release/AVG2016_beta1), av
214197c.21a8: PrivateBuild: x64 Release_Unicode_DRIVER
215197c.21a8: FileDescription: AVG Application Activity Monitor Helper Driver
216197c.21a8: \SystemRoot\System32\drivers\avgloga.sys:
217197c.21a8: CreationTime: 2015-08-14T18:24:40.000000000Z
218197c.21a8: LastWriteTime: 2015-08-14T18:24:40.000000000Z
219197c.21a8: ChangeTime: 2015-12-11T00:59:33.006629200Z
220197c.21a8: FileAttributes: 0x20
221197c.21a8: Size: 0x613b0
222197c.21a8: NT Headers: 0xe0
223197c.21a8: Timestamp: 0x55cdde04
224197c.21a8: Machine: 0x8664 - amd64
225197c.21a8: Timestamp: 0x55cdde04
226197c.21a8: Image Version: 6.2
227197c.21a8: SizeOfImage: 0x62000 (401408)
228197c.21a8: Resource Dir: 0x60000 LB 0x4d4
229197c.21a8: ProductName: AVG Internet Security
230197c.21a8: ProductVersion: 16.0.0.7023
231197c.21a8: FileVersion: 16.0.0.7023
232197c.21a8: SpecialBuild: AvCompile_2015_0814_141417(7023), SVNRev 3f0381b1756dd093311a0a028b8a3dbdd65d1ea3 (av/devel), av
233197c.21a8: PrivateBuild: x64 Release_Unicode_DRIVER
234197c.21a8: FileDescription: AVG Logging Driver
235197c.21a8: \SystemRoot\System32\drivers\avgldx64.sys:
236197c.21a8: CreationTime: 2015-10-21T21:16:48.000000000Z
237197c.21a8: LastWriteTime: 2015-10-21T21:16:48.000000000Z
238197c.21a8: ChangeTime: 2015-12-11T00:59:33.335486000Z
239197c.21a8: FileAttributes: 0x20
240197c.21a8: Size: 0x455b0
241197c.21a8: NT Headers: 0xd8
242197c.21a8: Timestamp: 0x5627ac5c
243197c.21a8: Machine: 0x8664 - amd64
244197c.21a8: Timestamp: 0x5627ac5c
245197c.21a8: Image Version: 6.2
246197c.21a8: SizeOfImage: 0x46000 (286720)
247197c.21a8: Resource Dir: 0x44000 LB 0x538
248197c.21a8: ProductName: AVG Internet Security
249197c.21a8: ProductVersion: 16.7.0.7225
250197c.21a8: FileVersion: 16.7.0.7225
251197c.21a8: SpecialBuild: AvCompile_2015_1021_170455(7225), SVNRev 7c855447f1a8108ea241fa3c579387fa3a34c4a1 (release/SmallUpdate2016-01_release), av, gbn 16.7.1.29462
252197c.21a8: PrivateBuild: x64 Release_Unicode_DRIVER
253197c.21a8: FileDescription: AVG AVI Loader Driver
254197c.21a8: \SystemRoot\System32\drivers\avgdiska.sys:
255197c.21a8: CreationTime: 2015-11-06T20:50:34.000000000Z
256197c.21a8: LastWriteTime: 2015-11-06T20:50:34.000000000Z
257197c.21a8: ChangeTime: 2015-12-11T00:59:38.156434200Z
258197c.21a8: FileAttributes: 0x20
259197c.21a8: Size: 0x2cfb0
260197c.21a8: NT Headers: 0xd8
261197c.21a8: Timestamp: 0x563cbe23
262197c.21a8: Machine: 0x8664 - amd64
263197c.21a8: Timestamp: 0x563cbe23
264197c.21a8: Image Version: 6.2
265197c.21a8: SizeOfImage: 0x2d000 (184320)
266197c.21a8: Resource Dir: 0x2b000 LB 0x53c
267197c.21a8: ProductName: AVG Internet Security
268197c.21a8: ProductVersion: 16.10.0.7261
269197c.21a8: FileVersion: 16.10.0.7261
270197c.21a8: SpecialBuild: AvCompile_2015_1106_154256(7261), SVNRev 60acb51db486a91a637a0638931db84615308444 (release/SmallUpdate2016-02_beta), av, gbn 16.10.1.36830
271197c.21a8: PrivateBuild: x64 Release_Unicode_DRIVER
272197c.21a8: FileDescription: AVG File Vault Driver
273197c.21a8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
274197c.21a8: Calling main()
275197c.21a8: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
276197c.21a8: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
277197c.21a8: SUPR3HardenedMain: Respawn #1
278197c.21a8: System32: \Device\HarddiskVolume3\Windows\System32
279197c.21a8: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
280197c.21a8: KnownDllPath: C:\WINDOWS\system32
281197c.21a8: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
282197c.21a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe)
283197c.21a8: supR3HardNtEnableThreadCreation:
284197c.21a8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007fff325a6a80 pvNtTerminateThread=00007fff325d5830
285197c.21a8: supR3HardenedWinDoReSpawn(1): New child 15c.138c [kernel32].
286197c.21a8: supR3HardNtChildGatherData: PebBaseAddress=000000000033d000 cbPeb=0x388
287197c.21a8: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007fff32530000 uNtDllChildAddr=00007fff32530000
288197c.21a8: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007fff325a6a80
289197c.21a8: supR3HardenedWinSetupChildInit: Start child.
290197c.21a8: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
291197c.21a8: supR3HardNtChildPurify: Startup delay kludge #1/0: 523 ms, 35 sleeps
292197c.21a8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
293197c.21a8: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
294197c.21a8: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
295197c.21a8: *0000000000030000-000000000001afff 0x0002/0x0002 0x0040000
296197c.21a8: 0000000000045000-0000000000039fff 0x0001/0x0000 0x0000000
297197c.21a8: *0000000000050000-fffffffffff53fff 0x0000/0x0004 0x0020000
298197c.21a8: 000000000014c000-0000000000148fff 0x0104/0x0004 0x0020000
299197c.21a8: 000000000014f000-000000000014dfff 0x0004/0x0004 0x0020000
300197c.21a8: *0000000000150000-000000000014bfff 0x0002/0x0002 0x0040000
301197c.21a8: 0000000000154000-0000000000147fff 0x0001/0x0000 0x0000000
302197c.21a8: *0000000000160000-000000000015dfff 0x0004/0x0004 0x0020000
303197c.21a8: 0000000000162000-00000000000c3fff 0x0001/0x0000 0x0000000
304197c.21a8: *0000000000200000-00000000000c2fff 0x0000/0x0004 0x0020000
305197c.21a8: 000000000033d000-0000000000339fff 0x0004/0x0004 0x0020000
306197c.21a8: 0000000000340000-000000000027ffff 0x0000/0x0004 0x0020000
307197c.21a8: 0000000000400000-ffffffff8081ffff 0x0001/0x0000 0x0000000
308197c.21a8: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
309197c.21a8: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
310197c.21a8: 000000007fff0000-ffff800afc1fffff 0x0001/0x0000 0x0000000
311197c.21a8: *00007ff603de0000-00007ff603dbcfff 0x0002/0x0002 0x0040000
312197c.21a8: 00007ff603e03000-00007ff603305fff 0x0001/0x0000 0x0000000
313197c.21a8: *00007ff604900000-00007ff604900fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
314197c.21a8: 00007ff604901000-00007ff604987fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
315197c.21a8: 00007ff604988000-00007ff604988fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
316197c.21a8: 00007ff604989000-00007ff6049d3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
317197c.21a8: 00007ff6049d4000-00007ff6049d4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
318197c.21a8: 00007ff6049d5000-00007ff6049d5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
319197c.21a8: 00007ff6049d6000-00007ff6049dafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
320197c.21a8: 00007ff6049db000-00007ff6049dbfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
321197c.21a8: 00007ff6049dc000-00007ff6049dcfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
322197c.21a8: 00007ff6049dd000-00007ff6049e0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
323197c.21a8: 00007ff6049e1000-00007ff604a2bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
324197c.21a8: 00007ff604a2c000-00007fecd6f27fff 0x0001/0x0000 0x0000000
325197c.21a8: *00007fff32530000-00007fff32530fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
326197c.21a8: 00007fff32531000-00007fff3262dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
327197c.21a8: 00007fff3262e000-00007fff3266efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
328197c.21a8: 00007fff3266f000-00007fff32677fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
329197c.21a8: 00007fff32678000-00007fff32684fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
330197c.21a8: 00007fff32685000-00007fff32685fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
331197c.21a8: 00007fff32686000-00007fff32688fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
332197c.21a8: 00007fff32689000-00007fff326f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
333197c.21a8: 00007fff326f1000-00007ffe64e01fff 0x0001/0x0000 0x0000000
334197c.21a8: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
335197c.21a8: VirtualBox.exe: timestamp 0x56700096 (rc=VINF_SUCCESS)
336197c.21a8: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
337197c.21a8: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
338197c.21a8: supR3HardNtChildPurify: Done after 561 ms and 0 fixes (loop #0).
33915c.138c: Log file opened: 5.0.11r104704 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa0295a00
34015c.138c: supR3HardenedVmProcessInit: uNtDllAddr=00007fff32530000
341197c.21a8: supR3HardNtEnableThreadCreation:
34215c.138c: ntdll.dll: timestamp 0x56540c3b (rc=VINF_SUCCESS)
34315c.138c: New simple heap: #1 0000000000500000 LB 0x400000 (for 1839104 allocation)
34415c.138c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
34515c.138c: System32: \Device\HarddiskVolume3\Windows\System32
34615c.138c: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
34715c.138c: KnownDllPath: C:\WINDOWS\system32
34815c.138c: supR3HardenedVmProcessInit: Opening vboxdrv stub...
34915c.138c: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
35015c.138c: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
35115c.138c: Registered Dll notification callback with NTDLL.
35215c.138c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
35315c.138c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
35415c.138c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801:<flags> [calling]
35515c.138c: supR3HardenedDllNotificationCallback: load 00007fff2f560000 LB 0x001e8000 C:\WINDOWS\system32\KERNELBASE.dll [fFlags=0x0]
35615c.138c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
35715c.138c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
35815c.138c: supR3HardenedDllNotificationCallback: load 00007fff301b0000 LB 0x000ad000 C:\WINDOWS\system32\KERNEL32.DLL [fFlags=0x0]
35915c.138c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
36015c.138c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff301b0000 'C:\WINDOWS\system32\KERNEL32.DLL'
36115c.138c: supR3HardenedDllNotificationCallback: load 00007ff604900000 LB 0x0012c000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
36215c.138c: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
36315c.138c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe)
36415c.138c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
36515c.138c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007fff325a6a80 pvNtTerminateThread=00007fff325d5830
366197c.21a8: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 85 ms.
36715c.138c: \SystemRoot\System32\ntdll.dll:
36815c.138c: CreationTime: 2015-12-09T00:06:03.521315100Z
36915c.138c: LastWriteTime: 2015-11-24T12:07:40.779862300Z
37015c.138c: ChangeTime: 2015-12-11T02:17:43.498660400Z
37115c.138c: FileAttributes: 0x20
37215c.138c: Size: 0x1bba48
37315c.138c: NT Headers: 0xe0
37415c.138c: Timestamp: 0x56540c3b
37515c.138c: Machine: 0x8664 - amd64
37615c.138c: Timestamp: 0x56540c3b
37715c.138c: Image Version: 10.0
37815c.138c: SizeOfImage: 0x1c1000 (1839104)
37915c.138c: Resource Dir: 0x159000 LB 0x66218
38015c.138c: ProductName: Microsoft® Windows® Operating System
38115c.138c: ProductVersion: 10.0.10586.20
38215c.138c: FileVersion: 10.0.10586.20 (th2_release_sec.151123-1940)
38315c.138c: FileDescription: NT Layer DLL
38415c.138c: \SystemRoot\System32\kernel32.dll:
38515c.138c: CreationTime: 2015-10-30T07:17:46.221743200Z
38615c.138c: LastWriteTime: 2015-10-30T07:17:46.221743200Z
38715c.138c: ChangeTime: 2015-12-08T03:45:22.195823500Z
38815c.138c: FileAttributes: 0x20
38915c.138c: Size: 0xac430
39015c.138c: NT Headers: 0xf0
39115c.138c: Timestamp: 0x5632d5aa
39215c.138c: Machine: 0x8664 - amd64
39315c.138c: Timestamp: 0x5632d5aa
39415c.138c: Image Version: 10.0
39515c.138c: SizeOfImage: 0xad000 (708608)
39615c.138c: Resource Dir: 0xab000 LB 0x528
39715c.138c: ProductName: Microsoft® Windows® Operating System
39815c.138c: ProductVersion: 10.0.10586.0
39915c.138c: FileVersion: 10.0.10586.0 (th2_release.151029-1700)
40015c.138c: FileDescription: Windows NT BASE API Client DLL
40115c.138c: \SystemRoot\System32\KernelBase.dll:
40215c.138c: CreationTime: 2015-10-30T07:18:03.596688800Z
40315c.138c: LastWriteTime: 2015-10-30T07:18:03.596688800Z
40415c.138c: ChangeTime: 2015-12-08T03:45:22.248911500Z
40515c.138c: FileAttributes: 0x20
40615c.138c: Size: 0x1e7a08
40715c.138c: NT Headers: 0xf0
40815c.138c: Timestamp: 0x5632d1de
40915c.138c: Machine: 0x8664 - amd64
41015c.138c: Timestamp: 0x5632d1de
41115c.138c: Image Version: 10.0
41215c.138c: SizeOfImage: 0x1e8000 (1998848)
41315c.138c: Resource Dir: 0x1d1000 LB 0x540
41415c.138c: ProductName: Microsoft® Windows® Operating System
41515c.138c: ProductVersion: 10.0.10586.0
41615c.138c: FileVersion: 10.0.10586.0 (th2_release.151029-1700)
41715c.138c: FileDescription: Windows NT BASE API Client DLL
41815c.138c: \SystemRoot\System32\apisetschema.dll:
41915c.138c: CreationTime: 2015-10-30T07:17:57.502957900Z
42015c.138c: LastWriteTime: 2015-10-30T07:17:57.502957900Z
42115c.138c: ChangeTime: 2015-12-08T03:30:46.754396000Z
42215c.138c: FileAttributes: 0x20
42315c.138c: Size: 0x16d60
42415c.138c: NT Headers: 0xc8
42515c.138c: Timestamp: 0x5632d94c
42615c.138c: Machine: 0x8664 - amd64
42715c.138c: Timestamp: 0x5632d94c
42815c.138c: Image Version: 10.0
42915c.138c: SizeOfImage: 0x18000 (98304)
43015c.138c: Resource Dir: 0x17000 LB 0x400
43115c.138c: ProductName: Microsoft® Windows® Operating System
43215c.138c: ProductVersion: 10.0.10586.0
43315c.138c: FileVersion: 10.0.10586.0 (th2_release.151029-1700)
43415c.138c: FileDescription: ApiSet Schema DLL
43515c.138c: NtOpenDirectoryObject failed on \Driver: 0xc0000022
43615c.138c: supR3HardenedWinFindAdversaries: 0x180
43715c.138c: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
43815c.138c: CreationTime: 2015-12-07T14:54:08.257271500Z
43915c.138c: LastWriteTime: 2015-12-07T14:54:24.446955800Z
44015c.138c: ChangeTime: 2015-12-08T01:22:33.385983100Z
44115c.138c: FileAttributes: 0x2020
44215c.138c: Size: 0x2eed8
44315c.138c: NT Headers: 0xe0
44415c.138c: Timestamp: 0x55b855d9
44515c.138c: Machine: 0x8664 - amd64
44615c.138c: Timestamp: 0x55b855d9
44715c.138c: Image Version: 6.1
44815c.138c: SizeOfImage: 0x33000 (208896)
44915c.138c: Resource Dir: 0x31000 LB 0x3b8
45015c.138c: ProductName: Malwarebytes Anti-Malware
45115c.138c: ProductVersion: 0.3.0.0
45215c.138c: FileVersion: 0.3.0.0
45315c.138c: FileDescription: Malwarebytes Anti-Malware
45415c.138c: \SystemRoot\System32\drivers\mwac.sys:
45515c.138c: CreationTime: 2015-12-07T14:53:46.256134800Z
45615c.138c: LastWriteTime: 2015-10-05T14:50:22.000000000Z
45715c.138c: ChangeTime: 2015-12-08T01:22:33.385983100Z
45815c.138c: FileAttributes: 0x2020
45915c.138c: Size: 0xfad8
46015c.138c: NT Headers: 0xe0
46115c.138c: Timestamp: 0x53a0f444
46215c.138c: Machine: 0x8664 - amd64
46315c.138c: Timestamp: 0x53a0f444
46415c.138c: Image Version: 6.2
46515c.138c: SizeOfImage: 0x13000 (77824)
46615c.138c: Resource Dir: 0x11000 LB 0x3e0
46715c.138c: ProductName: Malwarebytes Web Access Control
46815c.138c: ProductVersion: 1.0.6.0
46915c.138c: FileVersion: 1.0.6.0
47015c.138c: FileDescription: Malwarebytes Web Access Control
47115c.138c: \SystemRoot\System32\drivers\mbamchameleon.sys:
47215c.138c: CreationTime: 2015-12-07T14:53:46.271764900Z
47315c.138c: LastWriteTime: 2015-10-05T14:50:10.000000000Z
47415c.138c: ChangeTime: 2015-12-08T01:22:33.385983100Z
47515c.138c: FileAttributes: 0x2020
47615c.138c: Size: 0x1aad8
47715c.138c: NT Headers: 0xd8
47815c.138c: Timestamp: 0x55c103c3
47915c.138c: Machine: 0x8664 - amd64
48015c.138c: Timestamp: 0x55c103c3
48115c.138c: Image Version: 6.1
48215c.138c: SizeOfImage: 0x1e000 (122880)
48315c.138c: Resource Dir: 0x1c000 LB 0xba8
48415c.138c: ProductName: Malwarebytes Chameleon
48515c.138c: ProductVersion: 1.1.21.0
48615c.138c: FileVersion: 1.1.21.0
48715c.138c: FileDescription: Malwarebytes Chameleon Protection Driver
48815c.138c: \SystemRoot\System32\drivers\mbam.sys:
48915c.138c: CreationTime: 2015-12-07T14:53:46.256134800Z
49015c.138c: LastWriteTime: 2015-10-05T14:50:06.000000000Z
49115c.138c: ChangeTime: 2015-12-08T01:22:33.385983100Z
49215c.138c: FileAttributes: 0x2020
49315c.138c: Size: 0x64d8
49415c.138c: NT Headers: 0xd8
49515c.138c: Timestamp: 0x55ca3257
49615c.138c: Machine: 0x8664 - amd64
49715c.138c: Timestamp: 0x55ca3257
49815c.138c: Image Version: 6.1
49915c.138c: SizeOfImage: 0xa000 (40960)
50015c.138c: Resource Dir: 0x8000 LB 0x3a0
50115c.138c: ProductName: Malwarebytes Anti-Malware
50215c.138c: ProductVersion: 0.1.16.0
50315c.138c: FileVersion: 0.1.16.0
50415c.138c: FileDescription: Malwarebytes Anti-Malware
50515c.138c: \SystemRoot\System32\drivers\avgrkx64.sys:
50615c.138c: CreationTime: 2015-03-20T17:18:18.000000000Z
50715c.138c: LastWriteTime: 2015-08-10T19:25:40.000000000Z
50815c.138c: ChangeTime: 2015-12-11T00:59:33.156302000Z
50915c.138c: FileAttributes: 0x20
51015c.138c: Size: 0xa5b0
51115c.138c: NT Headers: 0xe8
51215c.138c: Timestamp: 0x55c8a651
51315c.138c: Machine: 0x8664 - amd64
51415c.138c: Timestamp: 0x55c8a651
51515c.138c: Image Version: 6.2
51615c.138c: SizeOfImage: 0xa000 (40960)
51715c.138c: Resource Dir: 0x9000 LB 0x4e4
51815c.138c: ProductName: AVG Internet Security
51915c.138c: ProductVersion: 16.0.0.7018
52015c.138c: FileVersion: 16.0.0.7018
52115c.138c: SpecialBuild: AvCompile_2015_0810_152249(7018), SVNRev bcda0285b62dd6766bbf558cb0e562271f6e2fd5 (av/devel), av
52215c.138c: PrivateBuild: x64 Release_Unicode_DRIVER
52315c.138c: FileDescription: AVG Anti-Rootkit Driver
52415c.138c: \SystemRoot\System32\drivers\avgmfx64.sys:
52515c.138c: CreationTime: 2015-11-06T20:49:38.000000000Z
52615c.138c: LastWriteTime: 2015-11-06T20:49:38.000000000Z
52715c.138c: ChangeTime: 2015-12-11T00:59:36.550726200Z
52815c.138c: FileAttributes: 0x20
52915c.138c: Size: 0x3e9b0
53015c.138c: NT Headers: 0xd8
53115c.138c: Timestamp: 0x563cbdfe
53215c.138c: Machine: 0x8664 - amd64
53315c.138c: Timestamp: 0x563cbdfe
53415c.138c: Image Version: 6.2
53515c.138c: SizeOfImage: 0x3f000 (258048)
53615c.138c: Resource Dir: 0x3d000 LB 0x55c
53715c.138c: ProductName: AVG Internet Security
53815c.138c: ProductVersion: 16.10.0.7261
53915c.138c: FileVersion: 16.10.0.7261
54015c.138c: SpecialBuild: AvCompile_2015_1106_154256(7261), SVNRev 60acb51db486a91a637a0638931db84615308444 (release/SmallUpdate2016-02_beta), av, gbn 16.10.1.36830
54115c.138c: PrivateBuild: x64 Release_Unicode_DRIVER
54215c.138c: FileDescription: AVG Resident Shield Minifilter Driver
54315c.138c: \SystemRoot\System32\drivers\avgidsdrivera.sys:
54415c.138c: CreationTime: 2015-10-05T16:14:06.000000000Z
54515c.138c: LastWriteTime: 2015-11-06T20:49:38.000000000Z
54615c.138c: ChangeTime: 2015-12-11T00:59:37.466636400Z
54715c.138c: FileAttributes: 0x20
54815c.138c: Size: 0x4c9b0
54915c.138c: NT Headers: 0xe8
55015c.138c: Timestamp: 0x563cbdff
55115c.138c: Machine: 0x8664 - amd64
55215c.138c: Timestamp: 0x563cbdff
55315c.138c: Image Version: 6.2
55415c.138c: SizeOfImage: 0x53000 (339968)
55515c.138c: Resource Dir: 0x51000 LB 0x57c
55615c.138c: ProductName: AVG Internet Security
55715c.138c: ProductVersion: 16.10.0.7261
55815c.138c: FileVersion: 16.10.0.7261
55915c.138c: SpecialBuild: AvCompile_2015_1106_154256(7261), SVNRev 60acb51db486a91a637a0638931db84615308444 (release/SmallUpdate2016-02_beta), av, gbn 16.10.1.36830
56015c.138c: PrivateBuild: x64 Release_Unicode_DRIVER
56115c.138c: FileDescription: AVG IDS Application Activity Monitor Driver.
56215c.138c: \SystemRoot\System32\drivers\avgidsha.sys:
56315c.138c: CreationTime: 2015-08-19T16:53:56.000000000Z
56415c.138c: LastWriteTime: 2015-08-20T17:58:04.000000000Z
56515c.138c: ChangeTime: 2015-12-11T00:59:37.364311900Z
56615c.138c: FileAttributes: 0x20
56715c.138c: Size: 0x48db0
56815c.138c: NT Headers: 0xd8
56915c.138c: Timestamp: 0x55d5c0c9
57015c.138c: Machine: 0x8664 - amd64
57115c.138c: Timestamp: 0x55d5c0c9
57215c.138c: Image Version: 6.2
57315c.138c: SizeOfImage: 0x49000 (299008)
57415c.138c: Resource Dir: 0x47000 LB 0x52c
57515c.138c: ProductName: AVG Internet Security
57615c.138c: ProductVersion: 16.1.0.7028
57715c.138c: FileVersion: 16.1.0.7028
57815c.138c: SpecialBuild: AvCompile_2015_0820_135459(7028), SVNRev f4234d401b085a2f130f926a678ec233158e4b7d (release/AVG2016_beta1), av
57915c.138c: PrivateBuild: x64 Release_Unicode_DRIVER
58015c.138c: FileDescription: AVG Application Activity Monitor Helper Driver
58115c.138c: \SystemRoot\System32\drivers\avgloga.sys:
58215c.138c: CreationTime: 2015-08-14T18:24:40.000000000Z
58315c.138c: LastWriteTime: 2015-08-14T18:24:40.000000000Z
58415c.138c: ChangeTime: 2015-12-11T00:59:33.006629200Z
58515c.138c: FileAttributes: 0x20
58615c.138c: Size: 0x613b0
58715c.138c: NT Headers: 0xe0
58815c.138c: Timestamp: 0x55cdde04
58915c.138c: Machine: 0x8664 - amd64
59015c.138c: Timestamp: 0x55cdde04
59115c.138c: Image Version: 6.2
59215c.138c: SizeOfImage: 0x62000 (401408)
59315c.138c: Resource Dir: 0x60000 LB 0x4d4
59415c.138c: ProductName: AVG Internet Security
59515c.138c: ProductVersion: 16.0.0.7023
59615c.138c: FileVersion: 16.0.0.7023
59715c.138c: SpecialBuild: AvCompile_2015_0814_141417(7023), SVNRev 3f0381b1756dd093311a0a028b8a3dbdd65d1ea3 (av/devel), av
59815c.138c: PrivateBuild: x64 Release_Unicode_DRIVER
59915c.138c: FileDescription: AVG Logging Driver
60015c.138c: \SystemRoot\System32\drivers\avgldx64.sys:
60115c.138c: CreationTime: 2015-10-21T21:16:48.000000000Z
60215c.138c: LastWriteTime: 2015-10-21T21:16:48.000000000Z
60315c.138c: ChangeTime: 2015-12-11T00:59:33.335486000Z
60415c.138c: FileAttributes: 0x20
60515c.138c: Size: 0x455b0
60615c.138c: NT Headers: 0xd8
60715c.138c: Timestamp: 0x5627ac5c
60815c.138c: Machine: 0x8664 - amd64
60915c.138c: Timestamp: 0x5627ac5c
61015c.138c: Image Version: 6.2
61115c.138c: SizeOfImage: 0x46000 (286720)
61215c.138c: Resource Dir: 0x44000 LB 0x538
61315c.138c: ProductName: AVG Internet Security
61415c.138c: ProductVersion: 16.7.0.7225
61515c.138c: FileVersion: 16.7.0.7225
61615c.138c: SpecialBuild: AvCompile_2015_1021_170455(7225), SVNRev 7c855447f1a8108ea241fa3c579387fa3a34c4a1 (release/SmallUpdate2016-01_release), av, gbn 16.7.1.29462
61715c.138c: PrivateBuild: x64 Release_Unicode_DRIVER
61815c.138c: FileDescription: AVG AVI Loader Driver
61915c.138c: \SystemRoot\System32\drivers\avgdiska.sys:
62015c.138c: CreationTime: 2015-11-06T20:50:34.000000000Z
62115c.138c: LastWriteTime: 2015-11-06T20:50:34.000000000Z
62215c.138c: ChangeTime: 2015-12-11T00:59:38.156434200Z
62315c.138c: FileAttributes: 0x20
62415c.138c: Size: 0x2cfb0
62515c.138c: NT Headers: 0xd8
62615c.138c: Timestamp: 0x563cbe23
62715c.138c: Machine: 0x8664 - amd64
62815c.138c: Timestamp: 0x563cbe23
62915c.138c: Image Version: 6.2
63015c.138c: SizeOfImage: 0x2d000 (184320)
63115c.138c: Resource Dir: 0x2b000 LB 0x53c
63215c.138c: ProductName: AVG Internet Security
63315c.138c: ProductVersion: 16.10.0.7261
63415c.138c: FileVersion: 16.10.0.7261
63515c.138c: SpecialBuild: AvCompile_2015_1106_154256(7261), SVNRev 60acb51db486a91a637a0638931db84615308444 (release/SmallUpdate2016-02_beta), av, gbn 16.10.1.36830
63615c.138c: PrivateBuild: x64 Release_Unicode_DRIVER
63715c.138c: FileDescription: AVG File Vault Driver
63815c.138c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
63915c.138c: Calling main()
64015c.138c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
64115c.138c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
64215c.138c: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
64315c.138c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe)
64415c.138c: SUPR3HardenedMain: Respawn #2
64515c.138c: supR3HardNtEnableThreadCreation:
64615c.138c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
64715c.138c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'sechost.dll'.
64815c.138c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
64915c.138c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\advapi32.dll)
65015c.138c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\advapi32.dll
65115c.138c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
65215c.138c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
65315c.138c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll)
65415c.138c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
65515c.138c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
65615c.138c: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume3\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
65715c.138c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
65815c.138c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\sechost.dll)
65915c.138c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sechost.dll
66015c.138c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
66115c.138c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
66215c.138c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcrt.dll)
66315c.138c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
66415c.138c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
66515c.138c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
66615c.138c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
66715c.138c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x1000 pwszSearchPath=0000000000000000:<flags> [calling]
66815c.138c: supR3HardenedDllNotificationCallback: load 00007fff31920000 LB 0x0009d000 C:\WINDOWS\system32\msvcrt.dll [fFlags=0x0]
66915c.138c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
67015c.138c: supR3HardenedDllNotificationCallback: load 00007fff2fa90000 LB 0x0011c000 C:\WINDOWS\system32\RPCRT4.dll [fFlags=0x0]
67115c.138c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
67215c.138c: supR3HardenedDllNotificationCallback: load 00007fff31db0000 LB 0x0005b000 C:\WINDOWS\system32\sechost.dll [fFlags=0x0]
67315c.138c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\sechost.dll [lacks WinVerifyTrust]
67415c.138c: supR3HardenedDllNotificationCallback: load 00007fff31bc0000 LB 0x000a7000 C:\WINDOWS\system32\ADVAPI32.DLL [fFlags=0x0]
67515c.138c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
67615c.138c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff31bc0000 'C:\WINDOWS\system32\ADVAPI32.DLL'
67715c.138c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007fff325a6a80 pvNtTerminateThread=00007fff325d5830
67815c.138c: supR3HardenedWinDoReSpawn(2): New child 2328.1e4c [kernel32].
67915c.138c: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
68015c.138c: supR3HardNtChildGatherData: PebBaseAddress=0000000000291000 cbPeb=0x388
68115c.138c: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007fff32530000 uNtDllChildAddr=00007fff32530000
68215c.138c: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007fff325a6a80
68315c.138c: supR3HardenedWinSetupChildInit: Start child.
68415c.138c: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
68515c.138c: supR3HardNtChildPurify: Startup delay kludge #1/0: 521 ms, 33 sleeps
68615c.138c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
68715c.138c: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
68815c.138c: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
68915c.138c: *0000000000030000-000000000001afff 0x0002/0x0002 0x0040000
69015c.138c: 0000000000045000-0000000000039fff 0x0001/0x0000 0x0000000
69115c.138c: *0000000000050000-fffffffffff53fff 0x0000/0x0004 0x0020000
69215c.138c: 000000000014c000-0000000000148fff 0x0104/0x0004 0x0020000
69315c.138c: 000000000014f000-000000000014dfff 0x0004/0x0004 0x0020000
69415c.138c: *0000000000150000-000000000014bfff 0x0002/0x0002 0x0040000
69515c.138c: 0000000000154000-0000000000147fff 0x0001/0x0000 0x0000000
69615c.138c: *0000000000160000-000000000015dfff 0x0004/0x0004 0x0020000
69715c.138c: 0000000000162000-00000000000c3fff 0x0001/0x0000 0x0000000
69815c.138c: *0000000000200000-000000000016efff 0x0000/0x0004 0x0020000
69915c.138c: 0000000000291000-000000000028dfff 0x0004/0x0004 0x0020000
70015c.138c: 0000000000294000-0000000000127fff 0x0000/0x0004 0x0020000
70115c.138c: 0000000000400000-ffffffff8081ffff 0x0001/0x0000 0x0000000
70215c.138c: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
70315c.138c: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
70415c.138c: 000000007fff0000-ffff800afc4fffff 0x0001/0x0000 0x0000000
70515c.138c: *00007ff603ae0000-00007ff603abcfff 0x0002/0x0002 0x0040000
70615c.138c: 00007ff603b03000-00007ff602d05fff 0x0001/0x0000 0x0000000
70715c.138c: *00007ff604900000-00007ff604900fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
70815c.138c: 00007ff604901000-00007ff604987fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
70915c.138c: 00007ff604988000-00007ff604988fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
71015c.138c: 00007ff604989000-00007ff6049d3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
71115c.138c: 00007ff6049d4000-00007ff6049d4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
71215c.138c: 00007ff6049d5000-00007ff6049d5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
71315c.138c: 00007ff6049d6000-00007ff6049dafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
71415c.138c: 00007ff6049db000-00007ff6049dbfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
71515c.138c: 00007ff6049dc000-00007ff6049dcfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
71615c.138c: 00007ff6049dd000-00007ff6049e0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
71715c.138c: 00007ff6049e1000-00007ff604a2bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
71815c.138c: 00007ff604a2c000-00007fecd6f27fff 0x0001/0x0000 0x0000000
71915c.138c: *00007fff32530000-00007fff32530fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
72015c.138c: 00007fff32531000-00007fff3262dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
72115c.138c: 00007fff3262e000-00007fff3266efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
72215c.138c: 00007fff3266f000-00007fff32677fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
72315c.138c: 00007fff32678000-00007fff32684fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
72415c.138c: 00007fff32685000-00007fff32685fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
72515c.138c: 00007fff32686000-00007fff32688fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
72615c.138c: 00007fff32689000-00007fff326f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
72715c.138c: 00007fff326f1000-00007ffe64e01fff 0x0001/0x0000 0x0000000
72815c.138c: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
72915c.138c: VirtualBox.exe: timestamp 0x56700096 (rc=VINF_SUCCESS)
73015c.138c: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
73115c.138c: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
73215c.138c: supR3HardNtChildPurify: Done after 552 ms and 0 fixes (loop #0).
7332328.1e4c: Log file opened: 5.0.11r104704 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa0295a00
7342328.1e4c: supR3HardenedVmProcessInit: uNtDllAddr=00007fff32530000
73515c.138c: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000500000 LB 0x400000)
73615c.138c: supR3HardNtEnableThreadCreation:
7372328.1e4c: ntdll.dll: timestamp 0x56540c3b (rc=VINF_SUCCESS)
7382328.1e4c: New simple heap: #1 0000000000500000 LB 0x400000 (for 1839104 allocation)
7392328.1e4c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
7402328.1e4c: System32: \Device\HarddiskVolume3\Windows\System32
7412328.1e4c: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
7422328.1e4c: KnownDllPath: C:\WINDOWS\system32
7432328.1e4c: supR3HardenedVmProcessInit: Opening vboxdrv...
7442328.1e4c: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
7452328.1e4c: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
7462328.1e4c: Registered Dll notification callback with NTDLL.
7472328.1e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
7482328.1e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
7492328.1e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801:<flags> [calling]
7502328.1e4c: supR3HardenedDllNotificationCallback: load 00007fff2f560000 LB 0x001e8000 C:\WINDOWS\system32\KERNELBASE.dll [fFlags=0x0]
7512328.1e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
7522328.1e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
7532328.1e4c: supR3HardenedDllNotificationCallback: load 00007fff301b0000 LB 0x000ad000 C:\WINDOWS\system32\KERNEL32.DLL [fFlags=0x0]
7542328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
7552328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff301b0000 'C:\WINDOWS\system32\KERNEL32.DLL'
7562328.1e4c: supR3HardenedDllNotificationCallback: load 00007ff604900000 LB 0x0012c000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
7572328.1e4c: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
7582328.1e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe)
7592328.1e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
7602328.1e4c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007fff325a6a80 pvNtTerminateThread=00007fff325d5830
76115c.138c: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 317 ms.
7622328.1e4c: \SystemRoot\System32\ntdll.dll:
7632328.1e4c: CreationTime: 2015-12-09T00:06:03.521315100Z
7642328.1e4c: LastWriteTime: 2015-11-24T12:07:40.779862300Z
7652328.1e4c: ChangeTime: 2015-12-11T02:17:43.498660400Z
7662328.1e4c: FileAttributes: 0x20
7672328.1e4c: Size: 0x1bba48
7682328.1e4c: NT Headers: 0xe0
7692328.1e4c: Timestamp: 0x56540c3b
7702328.1e4c: Machine: 0x8664 - amd64
7712328.1e4c: Timestamp: 0x56540c3b
7722328.1e4c: Image Version: 10.0
7732328.1e4c: SizeOfImage: 0x1c1000 (1839104)
7742328.1e4c: Resource Dir: 0x159000 LB 0x66218
7752328.1e4c: ProductName: Microsoft® Windows® Operating System
7762328.1e4c: ProductVersion: 10.0.10586.20
7772328.1e4c: FileVersion: 10.0.10586.20 (th2_release_sec.151123-1940)
7782328.1e4c: FileDescription: NT Layer DLL
7792328.1e4c: \SystemRoot\System32\kernel32.dll:
7802328.1e4c: CreationTime: 2015-10-30T07:17:46.221743200Z
7812328.1e4c: LastWriteTime: 2015-10-30T07:17:46.221743200Z
7822328.1e4c: ChangeTime: 2015-12-08T03:45:22.195823500Z
7832328.1e4c: FileAttributes: 0x20
7842328.1e4c: Size: 0xac430
7852328.1e4c: NT Headers: 0xf0
7862328.1e4c: Timestamp: 0x5632d5aa
7872328.1e4c: Machine: 0x8664 - amd64
7882328.1e4c: Timestamp: 0x5632d5aa
7892328.1e4c: Image Version: 10.0
7902328.1e4c: SizeOfImage: 0xad000 (708608)
7912328.1e4c: Resource Dir: 0xab000 LB 0x528
7922328.1e4c: ProductName: Microsoft® Windows® Operating System
7932328.1e4c: ProductVersion: 10.0.10586.0
7942328.1e4c: FileVersion: 10.0.10586.0 (th2_release.151029-1700)
7952328.1e4c: FileDescription: Windows NT BASE API Client DLL
7962328.1e4c: \SystemRoot\System32\KernelBase.dll:
7972328.1e4c: CreationTime: 2015-10-30T07:18:03.596688800Z
7982328.1e4c: LastWriteTime: 2015-10-30T07:18:03.596688800Z
7992328.1e4c: ChangeTime: 2015-12-08T03:45:22.248911500Z
8002328.1e4c: FileAttributes: 0x20
8012328.1e4c: Size: 0x1e7a08
8022328.1e4c: NT Headers: 0xf0
8032328.1e4c: Timestamp: 0x5632d1de
8042328.1e4c: Machine: 0x8664 - amd64
8052328.1e4c: Timestamp: 0x5632d1de
8062328.1e4c: Image Version: 10.0
8072328.1e4c: SizeOfImage: 0x1e8000 (1998848)
8082328.1e4c: Resource Dir: 0x1d1000 LB 0x540
8092328.1e4c: ProductName: Microsoft® Windows® Operating System
8102328.1e4c: ProductVersion: 10.0.10586.0
8112328.1e4c: FileVersion: 10.0.10586.0 (th2_release.151029-1700)
8122328.1e4c: FileDescription: Windows NT BASE API Client DLL
8132328.1e4c: \SystemRoot\System32\apisetschema.dll:
8142328.1e4c: CreationTime: 2015-10-30T07:17:57.502957900Z
8152328.1e4c: LastWriteTime: 2015-10-30T07:17:57.502957900Z
8162328.1e4c: ChangeTime: 2015-12-08T03:30:46.754396000Z
8172328.1e4c: FileAttributes: 0x20
8182328.1e4c: Size: 0x16d60
8192328.1e4c: NT Headers: 0xc8
8202328.1e4c: Timestamp: 0x5632d94c
8212328.1e4c: Machine: 0x8664 - amd64
8222328.1e4c: Timestamp: 0x5632d94c
8232328.1e4c: Image Version: 10.0
8242328.1e4c: SizeOfImage: 0x18000 (98304)
8252328.1e4c: Resource Dir: 0x17000 LB 0x400
8262328.1e4c: ProductName: Microsoft® Windows® Operating System
8272328.1e4c: ProductVersion: 10.0.10586.0
8282328.1e4c: FileVersion: 10.0.10586.0 (th2_release.151029-1700)
8292328.1e4c: FileDescription: ApiSet Schema DLL
8302328.1e4c: NtOpenDirectoryObject failed on \Driver: 0xc0000022
8312328.1e4c: supR3HardenedWinFindAdversaries: 0x180
8322328.1e4c: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
8332328.1e4c: CreationTime: 2015-12-07T14:54:08.257271500Z
8342328.1e4c: LastWriteTime: 2015-12-07T14:54:24.446955800Z
8352328.1e4c: ChangeTime: 2015-12-08T01:22:33.385983100Z
8362328.1e4c: FileAttributes: 0x2020
8372328.1e4c: Size: 0x2eed8
8382328.1e4c: NT Headers: 0xe0
8392328.1e4c: Timestamp: 0x55b855d9
8402328.1e4c: Machine: 0x8664 - amd64
8412328.1e4c: Timestamp: 0x55b855d9
8422328.1e4c: Image Version: 6.1
8432328.1e4c: SizeOfImage: 0x33000 (208896)
8442328.1e4c: Resource Dir: 0x31000 LB 0x3b8
8452328.1e4c: ProductName: Malwarebytes Anti-Malware
8462328.1e4c: ProductVersion: 0.3.0.0
8472328.1e4c: FileVersion: 0.3.0.0
8482328.1e4c: FileDescription: Malwarebytes Anti-Malware
8492328.1e4c: \SystemRoot\System32\drivers\mwac.sys:
8502328.1e4c: CreationTime: 2015-12-07T14:53:46.256134800Z
8512328.1e4c: LastWriteTime: 2015-10-05T14:50:22.000000000Z
8522328.1e4c: ChangeTime: 2015-12-08T01:22:33.385983100Z
8532328.1e4c: FileAttributes: 0x2020
8542328.1e4c: Size: 0xfad8
8552328.1e4c: NT Headers: 0xe0
8562328.1e4c: Timestamp: 0x53a0f444
8572328.1e4c: Machine: 0x8664 - amd64
8582328.1e4c: Timestamp: 0x53a0f444
8592328.1e4c: Image Version: 6.2
8602328.1e4c: SizeOfImage: 0x13000 (77824)
8612328.1e4c: Resource Dir: 0x11000 LB 0x3e0
8622328.1e4c: ProductName: Malwarebytes Web Access Control
8632328.1e4c: ProductVersion: 1.0.6.0
8642328.1e4c: FileVersion: 1.0.6.0
8652328.1e4c: FileDescription: Malwarebytes Web Access Control
8662328.1e4c: \SystemRoot\System32\drivers\mbamchameleon.sys:
8672328.1e4c: CreationTime: 2015-12-07T14:53:46.271764900Z
8682328.1e4c: LastWriteTime: 2015-10-05T14:50:10.000000000Z
8692328.1e4c: ChangeTime: 2015-12-08T01:22:33.385983100Z
8702328.1e4c: FileAttributes: 0x2020
8712328.1e4c: Size: 0x1aad8
8722328.1e4c: NT Headers: 0xd8
8732328.1e4c: Timestamp: 0x55c103c3
8742328.1e4c: Machine: 0x8664 - amd64
8752328.1e4c: Timestamp: 0x55c103c3
8762328.1e4c: Image Version: 6.1
8772328.1e4c: SizeOfImage: 0x1e000 (122880)
8782328.1e4c: Resource Dir: 0x1c000 LB 0xba8
8792328.1e4c: ProductName: Malwarebytes Chameleon
8802328.1e4c: ProductVersion: 1.1.21.0
8812328.1e4c: FileVersion: 1.1.21.0
8822328.1e4c: FileDescription: Malwarebytes Chameleon Protection Driver
8832328.1e4c: \SystemRoot\System32\drivers\mbam.sys:
8842328.1e4c: CreationTime: 2015-12-07T14:53:46.256134800Z
8852328.1e4c: LastWriteTime: 2015-10-05T14:50:06.000000000Z
8862328.1e4c: ChangeTime: 2015-12-08T01:22:33.385983100Z
8872328.1e4c: FileAttributes: 0x2020
8882328.1e4c: Size: 0x64d8
8892328.1e4c: NT Headers: 0xd8
8902328.1e4c: Timestamp: 0x55ca3257
8912328.1e4c: Machine: 0x8664 - amd64
8922328.1e4c: Timestamp: 0x55ca3257
8932328.1e4c: Image Version: 6.1
8942328.1e4c: SizeOfImage: 0xa000 (40960)
8952328.1e4c: Resource Dir: 0x8000 LB 0x3a0
8962328.1e4c: ProductName: Malwarebytes Anti-Malware
8972328.1e4c: ProductVersion: 0.1.16.0
8982328.1e4c: FileVersion: 0.1.16.0
8992328.1e4c: FileDescription: Malwarebytes Anti-Malware
9002328.1e4c: \SystemRoot\System32\drivers\avgrkx64.sys:
9012328.1e4c: CreationTime: 2015-03-20T17:18:18.000000000Z
9022328.1e4c: LastWriteTime: 2015-08-10T19:25:40.000000000Z
9032328.1e4c: ChangeTime: 2015-12-11T00:59:33.156302000Z
9042328.1e4c: FileAttributes: 0x20
9052328.1e4c: Size: 0xa5b0
9062328.1e4c: NT Headers: 0xe8
9072328.1e4c: Timestamp: 0x55c8a651
9082328.1e4c: Machine: 0x8664 - amd64
9092328.1e4c: Timestamp: 0x55c8a651
9102328.1e4c: Image Version: 6.2
9112328.1e4c: SizeOfImage: 0xa000 (40960)
9122328.1e4c: Resource Dir: 0x9000 LB 0x4e4
9132328.1e4c: ProductName: AVG Internet Security
9142328.1e4c: ProductVersion: 16.0.0.7018
9152328.1e4c: FileVersion: 16.0.0.7018
9162328.1e4c: SpecialBuild: AvCompile_2015_0810_152249(7018), SVNRev bcda0285b62dd6766bbf558cb0e562271f6e2fd5 (av/devel), av
9172328.1e4c: PrivateBuild: x64 Release_Unicode_DRIVER
9182328.1e4c: FileDescription: AVG Anti-Rootkit Driver
9192328.1e4c: \SystemRoot\System32\drivers\avgmfx64.sys:
9202328.1e4c: CreationTime: 2015-11-06T20:49:38.000000000Z
9212328.1e4c: LastWriteTime: 2015-11-06T20:49:38.000000000Z
9222328.1e4c: ChangeTime: 2015-12-11T00:59:36.550726200Z
9232328.1e4c: FileAttributes: 0x20
9242328.1e4c: Size: 0x3e9b0
9252328.1e4c: NT Headers: 0xd8
9262328.1e4c: Timestamp: 0x563cbdfe
9272328.1e4c: Machine: 0x8664 - amd64
9282328.1e4c: Timestamp: 0x563cbdfe
9292328.1e4c: Image Version: 6.2
9302328.1e4c: SizeOfImage: 0x3f000 (258048)
9312328.1e4c: Resource Dir: 0x3d000 LB 0x55c
9322328.1e4c: ProductName: AVG Internet Security
9332328.1e4c: ProductVersion: 16.10.0.7261
9342328.1e4c: FileVersion: 16.10.0.7261
9352328.1e4c: SpecialBuild: AvCompile_2015_1106_154256(7261), SVNRev 60acb51db486a91a637a0638931db84615308444 (release/SmallUpdate2016-02_beta), av, gbn 16.10.1.36830
9362328.1e4c: PrivateBuild: x64 Release_Unicode_DRIVER
9372328.1e4c: FileDescription: AVG Resident Shield Minifilter Driver
9382328.1e4c: \SystemRoot\System32\drivers\avgidsdrivera.sys:
9392328.1e4c: CreationTime: 2015-10-05T16:14:06.000000000Z
9402328.1e4c: LastWriteTime: 2015-11-06T20:49:38.000000000Z
9412328.1e4c: ChangeTime: 2015-12-11T00:59:37.466636400Z
9422328.1e4c: FileAttributes: 0x20
9432328.1e4c: Size: 0x4c9b0
9442328.1e4c: NT Headers: 0xe8
9452328.1e4c: Timestamp: 0x563cbdff
9462328.1e4c: Machine: 0x8664 - amd64
9472328.1e4c: Timestamp: 0x563cbdff
9482328.1e4c: Image Version: 6.2
9492328.1e4c: SizeOfImage: 0x53000 (339968)
9502328.1e4c: Resource Dir: 0x51000 LB 0x57c
9512328.1e4c: ProductName: AVG Internet Security
9522328.1e4c: ProductVersion: 16.10.0.7261
9532328.1e4c: FileVersion: 16.10.0.7261
9542328.1e4c: SpecialBuild: AvCompile_2015_1106_154256(7261), SVNRev 60acb51db486a91a637a0638931db84615308444 (release/SmallUpdate2016-02_beta), av, gbn 16.10.1.36830
9552328.1e4c: PrivateBuild: x64 Release_Unicode_DRIVER
9562328.1e4c: FileDescription: AVG IDS Application Activity Monitor Driver.
9572328.1e4c: \SystemRoot\System32\drivers\avgidsha.sys:
9582328.1e4c: CreationTime: 2015-08-19T16:53:56.000000000Z
9592328.1e4c: LastWriteTime: 2015-08-20T17:58:04.000000000Z
9602328.1e4c: ChangeTime: 2015-12-11T00:59:37.364311900Z
9612328.1e4c: FileAttributes: 0x20
9622328.1e4c: Size: 0x48db0
9632328.1e4c: NT Headers: 0xd8
9642328.1e4c: Timestamp: 0x55d5c0c9
9652328.1e4c: Machine: 0x8664 - amd64
9662328.1e4c: Timestamp: 0x55d5c0c9
9672328.1e4c: Image Version: 6.2
9682328.1e4c: SizeOfImage: 0x49000 (299008)
9692328.1e4c: Resource Dir: 0x47000 LB 0x52c
9702328.1e4c: ProductName: AVG Internet Security
9712328.1e4c: ProductVersion: 16.1.0.7028
9722328.1e4c: FileVersion: 16.1.0.7028
9732328.1e4c: SpecialBuild: AvCompile_2015_0820_135459(7028), SVNRev f4234d401b085a2f130f926a678ec233158e4b7d (release/AVG2016_beta1), av
9742328.1e4c: PrivateBuild: x64 Release_Unicode_DRIVER
9752328.1e4c: FileDescription: AVG Application Activity Monitor Helper Driver
9762328.1e4c: \SystemRoot\System32\drivers\avgloga.sys:
9772328.1e4c: CreationTime: 2015-08-14T18:24:40.000000000Z
9782328.1e4c: LastWriteTime: 2015-08-14T18:24:40.000000000Z
9792328.1e4c: ChangeTime: 2015-12-11T00:59:33.006629200Z
9802328.1e4c: FileAttributes: 0x20
9812328.1e4c: Size: 0x613b0
9822328.1e4c: NT Headers: 0xe0
9832328.1e4c: Timestamp: 0x55cdde04
9842328.1e4c: Machine: 0x8664 - amd64
9852328.1e4c: Timestamp: 0x55cdde04
9862328.1e4c: Image Version: 6.2
9872328.1e4c: SizeOfImage: 0x62000 (401408)
9882328.1e4c: Resource Dir: 0x60000 LB 0x4d4
9892328.1e4c: ProductName: AVG Internet Security
9902328.1e4c: ProductVersion: 16.0.0.7023
9912328.1e4c: FileVersion: 16.0.0.7023
9922328.1e4c: SpecialBuild: AvCompile_2015_0814_141417(7023), SVNRev 3f0381b1756dd093311a0a028b8a3dbdd65d1ea3 (av/devel), av
9932328.1e4c: PrivateBuild: x64 Release_Unicode_DRIVER
9942328.1e4c: FileDescription: AVG Logging Driver
9952328.1e4c: \SystemRoot\System32\drivers\avgldx64.sys:
9962328.1e4c: CreationTime: 2015-10-21T21:16:48.000000000Z
9972328.1e4c: LastWriteTime: 2015-10-21T21:16:48.000000000Z
9982328.1e4c: ChangeTime: 2015-12-11T00:59:33.335486000Z
9992328.1e4c: FileAttributes: 0x20
10002328.1e4c: Size: 0x455b0
10012328.1e4c: NT Headers: 0xd8
10022328.1e4c: Timestamp: 0x5627ac5c
10032328.1e4c: Machine: 0x8664 - amd64
10042328.1e4c: Timestamp: 0x5627ac5c
10052328.1e4c: Image Version: 6.2
10062328.1e4c: SizeOfImage: 0x46000 (286720)
10072328.1e4c: Resource Dir: 0x44000 LB 0x538
10082328.1e4c: ProductName: AVG Internet Security
10092328.1e4c: ProductVersion: 16.7.0.7225
10102328.1e4c: FileVersion: 16.7.0.7225
10112328.1e4c: SpecialBuild: AvCompile_2015_1021_170455(7225), SVNRev 7c855447f1a8108ea241fa3c579387fa3a34c4a1 (release/SmallUpdate2016-01_release), av, gbn 16.7.1.29462
10122328.1e4c: PrivateBuild: x64 Release_Unicode_DRIVER
10132328.1e4c: FileDescription: AVG AVI Loader Driver
10142328.1e4c: \SystemRoot\System32\drivers\avgdiska.sys:
10152328.1e4c: CreationTime: 2015-11-06T20:50:34.000000000Z
10162328.1e4c: LastWriteTime: 2015-11-06T20:50:34.000000000Z
10172328.1e4c: ChangeTime: 2015-12-11T00:59:38.156434200Z
10182328.1e4c: FileAttributes: 0x20
10192328.1e4c: Size: 0x2cfb0
10202328.1e4c: NT Headers: 0xd8
10212328.1e4c: Timestamp: 0x563cbe23
10222328.1e4c: Machine: 0x8664 - amd64
10232328.1e4c: Timestamp: 0x563cbe23
10242328.1e4c: Image Version: 6.2
10252328.1e4c: SizeOfImage: 0x2d000 (184320)
10262328.1e4c: Resource Dir: 0x2b000 LB 0x53c
10272328.1e4c: ProductName: AVG Internet Security
10282328.1e4c: ProductVersion: 16.10.0.7261
10292328.1e4c: FileVersion: 16.10.0.7261
10302328.1e4c: SpecialBuild: AvCompile_2015_1106_154256(7261), SVNRev 60acb51db486a91a637a0638931db84615308444 (release/SmallUpdate2016-02_beta), av, gbn 16.10.1.36830
10312328.1e4c: PrivateBuild: x64 Release_Unicode_DRIVER
10322328.1e4c: FileDescription: AVG File Vault Driver
10332328.1e4c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
10342328.1e4c: Calling main()
10352328.1e4c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
10362328.1e4c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
10372328.1e4c: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
10382328.1e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe)
10392328.1e4c: SUPR3HardenedMain: Final process, opening VBoxDrv...
10402328.1e4c: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000500000 LB 0x400000)
10412328.1e4c: supR3HardNtEnableThreadCreation:
10422328.1e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
10432328.1e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
10442328.1e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
10452328.1e4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
10462328.1e4c: supR3HardenedDllNotificationCallback: load 00007fff27420000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
10472328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
10482328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
10492328.1e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10502328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff27420000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
10512328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
10522328.1e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10532328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff27420000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
10542328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff27420000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
10552328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10562328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
10572328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
10582328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
10592328.1e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wintrust.dll)
10602328.1e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wintrust.dll
10612328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
10622328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
10632328.1e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll)
10642328.1e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
10652328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
10662328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
10672328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10682328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'msasn1.dll'.
10692328.1e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\crypt32.dll)
10702328.1e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\crypt32.dll
10712328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
10722328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
10732328.1e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msasn1.dll)
10742328.1e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msasn1.dll
10752328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10762328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10772328.1e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcrt.dll)
10782328.1e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
10792328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
10802328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
10812328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
10822328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10832328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10842328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
10852328.1e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
10862328.1e4c: supR3HardenedDllNotificationCallback: load 00007fff31920000 LB 0x0009d000 C:\WINDOWS\system32\msvcrt.dll [fFlags=0x0]
10872328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
10882328.1e4c: supR3HardenedDllNotificationCallback: load 00007fff2eb50000 LB 0x00010000 C:\WINDOWS\system32\MSASN1.dll [fFlags=0x0]
10892328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
10902328.1e4c: supR3HardenedDllNotificationCallback: load 00007fff2ec40000 LB 0x001c7000 C:\WINDOWS\system32\CRYPT32.dll [fFlags=0x0]
10912328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
10922328.1e4c: supR3HardenedDllNotificationCallback: load 00007fff2fa90000 LB 0x0011c000 C:\WINDOWS\system32\RPCRT4.dll [fFlags=0x0]
10932328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
10942328.1e4c: supR3HardenedDllNotificationCallback: load 00007fff2ebe0000 LB 0x00055000 C:\WINDOWS\system32\Wintrust.dll [fFlags=0x0]
10952328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
10962328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ebe0000 'C:\WINDOWS\system32\Wintrust.dll'
10972328.1e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcrypt.dll)
10982328.1e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
10992328.1e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
11002328.1e4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
11012328.1e4c: supR3HardenedDllNotificationCallback: load 00007fff2e750000 LB 0x00029000 C:\WINDOWS\system32\bcrypt.dll [fFlags=0x0]
11022328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
11032328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e750000 'C:\WINDOWS\system32\bcrypt.dll'
11042328.1e4c: bcrypt.dll loaded at 00007fff2e750000, BCryptOpenAlgorithmProvider at 00007fff2e753b50, preloading providers:
11052328.1e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll)
11062328.1e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
11072328.1e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11082328.1e4c: supR3HardenedDllNotificationCallback: load 00007fff2ee10000 LB 0x0006a000 C:\WINDOWS\system32\bcryptprimitives.dll [fFlags=0x0]
11092328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
11102328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ee10000 'C:\WINDOWS\system32\bcryptprimitives.dll'
11112328.1e4c: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=00000000009c95b0)
11122328.1e4c: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=00000000009c9c70)
11132328.1e4c: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=00000000009c9f40)
11142328.1e4c: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=00000000009ca2a0)
11152328.1e4c: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=00000000009cadc0)
11162328.1e4c: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=00000000009cb0d0)
11172328.1e4c: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=00000000009cb3e0)
11182328.1e4c: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=00000000009cb6b0)
11192328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
11202328.1e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11212328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ebe0000 'C:\Windows\System32\WINTRUST.DLL'
11222328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
11232328.1e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11242328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ebe0000 'C:\Windows\System32\WINTRUST.DLL'
11252328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
11262328.1e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11272328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ebe0000 'C:\Windows\System32\WINTRUST.DLL'
11282328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
11292328.1e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11302328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ebe0000 'C:\Windows\System32\WINTRUST.DLL'
11312328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
11322328.1e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11332328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ebe0000 'C:\Windows\System32\WINTRUST.DLL'
11342328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
11352328.1e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11362328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ebe0000 'C:\Windows\System32\WINTRUST.DLL'
11372328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
11382328.1e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11392328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ebe0000 'C:\Windows\System32\WINTRUST.DLL'
11402328.1e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptsp.dll)
11412328.1e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptsp.dll
11422328.1e4c: supR3HardenedDllNotificationCallback: load 00007fff2e530000 LB 0x00017000 C:\WINDOWS\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
11432328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
11442328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'bcrypt.dll'.
11452328.1e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rsaenh.dll)
11462328.1e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
11472328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
11482328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
11492328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
11502328.1e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11512328.1e4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
11522328.1e4c: supR3HardenedDllNotificationCallback: load 00007fff2e1c0000 LB 0x00034000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
11532328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
11542328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
11552328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
11562328.1e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptbase.dll)
11572328.1e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptbase.dll
11582328.1e4c: supR3HardenedDllNotificationCallback: load 00007fff2e650000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
11592328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
11602328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
11612328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
11622328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
11632328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
11642328.1e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11652328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff301b0000 'C:\WINDOWS\system32\kernel32.dll'
11662328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
11672328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ebe0000 'C:\Windows\System32\WINTRUST.DLL'
11682328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
11692328.1e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
11702328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\CRYPT32.dll'
11712328.1e4c: supR3HardenedDllNotificationCallback: load 00007fff31e10000 LB 0x0001c000 C:\WINDOWS\system32\imagehlp.dll [fFlags=0x0]
11722328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11732328.1e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\imagehlp.dll)
11742328.1e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imagehlp.dll
11752328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
11762328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11772328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11782328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
11792328.1e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11802328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
11812328.1e4c: supR3HardenedDllNotificationCallback: load 00007fff31db0000 LB 0x0005b000 C:\WINDOWS\system32\sechost.dll [fFlags=0x0]
11822328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
11832328.1e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\sechost.dll)
11842328.1e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sechost.dll
11852328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11862328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
11872328.1e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gpapi.dll)
11882328.1e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gpapi.dll
11892328.1e4c: supR3HardenedDllNotificationCallback: load 00007fff2db40000 LB 0x00024000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0]
11902328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
11912328.1e4c: supR3HardenedDllNotificationCallback: load 00007fff2eb60000 LB 0x00014000 C:\WINDOWS\system32\profapi.dll [fFlags=0x0]
11922328.1e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\profapi.dll)
11932328.1e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\profapi.dll
11942328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11952328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
11962328.1e4c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\cryptnet.dll)
11972328.1e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptnet.dll
11982328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
11992328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
12002328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
12012328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12022328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12032328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
12042328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
12052328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
12062328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
12072328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12082328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12092328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
12102328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
12112328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
12122328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
12132328.1e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12142328.1e4c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12152328.1e4c: supR3HardenedDllNotificationCallback: load 00007fff1f670000 LB 0x0002f000 C:\WINDOWS\system32\cryptnet.dll [fFlags=0x0]
12162328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12172328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12182328.1e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
12192328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f670000 'C:\WINDOWS\system32\cryptnet.dll'
12202328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12212328.1e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
12222328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f670000 'C:\WINDOWS\system32\cryptnet.dll'
12232328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12242328.1e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
12252328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f670000 'C:\WINDOWS\system32\cryptnet.dll'
12262328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12272328.1e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
12282328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f670000 'C:\WINDOWS\system32\cryptnet.dll'
12292328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12302328.1e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
12312328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f670000 'C:\WINDOWS\system32\cryptnet.dll'
12322328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12332328.1e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
12342328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f670000 'C:\WINDOWS\system32\cryptnet.dll'
12352328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12362328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f670000 'C:\WINDOWS\system32\cryptnet.dll'
12372328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12382328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f670000 'C:\WINDOWS\system32\cryptnet.dll'
12392328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12402328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f670000 'C:\WINDOWS\system32\cryptnet.dll'
12412328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12422328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f670000 'C:\WINDOWS\system32\cryptnet.dll'
12432328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12442328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f670000 'C:\WINDOWS\system32\cryptnet.dll'
12452328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f670000 'C:\WINDOWS\system32\cryptnet.dll'
12462328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12472328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f670000 'C:\Windows\System32\cryptnet.dll'
12482328.1e4c: supR3HardenedDllNotificationCallback: load 00007fff31bc0000 LB 0x000a7000 C:\WINDOWS\system32\advapi32.dll [fFlags=0x0]
12492328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12502328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'sechost.dll'.
12512328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
12522328.1e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\advapi32.dll)
12532328.1e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\advapi32.dll
12542328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
12552328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
12562328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
12572328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
12582328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
12592328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume3\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
12602328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\sechost.dll [lacks WinVerifyTrust]
12612328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12622328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12632328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
12642328.1e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12652328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
12662328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
12672328.1e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12682328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
12692328.1e4c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
12702328.1e4c: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000a01b40
12712328.1e4c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000a01b40
12722328.1e4c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4F4645960244EFDD42AB975126D4872FA9265CC5
12732328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
12742328.1e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12752328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2fa90000 'C:\WINDOWS\system32\rpcrt4.dll'
12762328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
12772328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ebe0000 'C:\Windows\System32\WINTRUST.DLL'
12782328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
12792328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ebe0000 'C:\Windows\System32\WINTRUST.DLL'
12802328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
12812328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ebe0000 'C:\Windows\System32\WINTRUST.DLL'
12822328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
12832328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ebe0000 'C:\Windows\System32\WINTRUST.DLL'
12842328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
12852328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ebe0000 'C:\Windows\System32\WINTRUST.DLL'
12862328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
12872328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ebe0000 'C:\Windows\System32\WINTRUST.DLL'
12882328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
12892328.1e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12902328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ebe0000 'C:\Windows\System32\WINTRUST.DLL'
12912328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
12922328.1e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12932328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
12942328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
12952328.1e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12962328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
12972328.1e4c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_785_for_KB3124200~31bf3856ad364e35~amd64~~10.0.1.3.cat'; file='\SystemRoot\System32\ntdll.dll'
12982328.1e4c: g_pfnWinVerifyTrust=00007fff2ebe74d0
12992328.1e4c: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
13002328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
13012328.1e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
13022328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
13032328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
13042328.1e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
13052328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
13062328.1e4c: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\crypt32.dll'
13072328.1e4c: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
13082328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
13092328.1e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
13102328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
13112328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
13122328.1e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
13132328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
13142328.1e4c: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\wintrust.dll'
13152328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
13162328.1e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
13172328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
13182328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
13192328.1e4c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\advapi32.dll'
13202328.1e4c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000384 pwszName=\Device\HarddiskVolume3\Windows\System32\cryptnet.dll
13212328.1e4c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000a01b40
13222328.1e4c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000a01b40
13232328.1e4c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=357A4685FBBF5E8A1472AE56D4B122532A042630
13242328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
13252328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
13262328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
13272328.1e4c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-CoreSystem-ds-Package~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\cryptnet.dll'
13282328.1e4c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13292328.1e4c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptnet.dll'
13302328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
13312328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
13322328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
13332328.1e4c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\profapi.dll'
13342328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
13352328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
13362328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
13372328.1e4c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gpapi.dll'
13382328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
13392328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
13402328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
13412328.1e4c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\sechost.dll'
13422328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
13432328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
13442328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
13452328.1e4c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imagehlp.dll'
13462328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
13472328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
13482328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
13492328.1e4c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptbase.dll'
13502328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
13512328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
13522328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
13532328.1e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
13542328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
13552328.1e4c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rsaenh.dll'
13562328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
13572328.1e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
13582328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
13592328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
13602328.1e4c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptsp.dll'
13612328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
13622328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
13632328.1e4c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll'
13642328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
13652328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
13662328.1e4c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll'
13672328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
13682328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
13692328.1e4c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll'
13702328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
13712328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
13722328.1e4c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msasn1.dll'
13732328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
13742328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
13752328.1e4c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll'
13762328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
13772328.1e4c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
13782328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
13792328.1e4c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe'
13802328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
13812328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
13822328.1e4c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\KernelBase.dll'
13832328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
13842328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
13852328.1e4c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\kernel32.dll'
13862328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
13872328.1e4c: supR3HardenedWinIsDesiredRootCA: Adding 0xeb0c436b4e27b700 C=CZ, ST=Moravia, L=Brno, O=AVG Technologies cz, OU=Engineering, CN=AVG Technologies
13882328.1e4c: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
13892328.1e4c: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
13902328.1e4c: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
13912328.1e4c: supR3HardenedWinIsDesiredRootCA: Adding 0xad7c217620bf9b00 C=CZ, ST=Moravia, L=Brno, O=AVG Technologies cz, OU=Engineering, CN=AVG Technologies
13922328.1e4c: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
13932328.1e4c: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
13942328.1e4c: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
13952328.1e4c: supR3HardenedWinIsDesiredRootCA: Adding 0x5b16ea32baa9bf00 C=CZ, ST=Moravia, L=Brno, O=AVG Technologies cz, OU=Engineering, CN=AVG Technologies
13962328.1e4c: supR3HardenedWinIsDesiredRootCA: Adding 0xc22a6e9ab893ba00 C=CZ, ST=Moravia, L=Brno, O=AVG Technologies cz, OU=Engineering, CN=AVG Technologies
13972328.1e4c: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
13982328.1e4c: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
13992328.1e4c: supR3HardenedWinIsDesiredRootCA: Adding 0x25bfa4512c9b9d00 C=CZ, ST=Moravia, L=Brno, O=AVG Technologies cz, OU=Engineering, CN=AVG Technologies
14002328.1e4c: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
14012328.1e4c: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
14022328.1e4c: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
14032328.1e4c: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
14042328.1e4c: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
14052328.1e4c: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
14062328.1e4c: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
14072328.1e4c: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
14082328.1e4c: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
14092328.1e4c: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
14102328.1e4c: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
14112328.1e4c: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
14122328.1e4c: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
14132328.1e4c: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
14142328.1e4c: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
14152328.1e4c: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
14162328.1e4c: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
14172328.1e4c: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
14182328.1e4c: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
14192328.1e4c: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
14202328.1e4c: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
14212328.1e4c: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
14222328.1e4c: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
14232328.1e4c: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
14242328.1e4c: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
14252328.1e4c: supR3HardenedWinIsDesiredRootCA: Adding 0x1f78fc529cbacb00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
14262328.1e4c: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
14272328.1e4c: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
14282328.1e4c: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
14292328.1e4c: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=42
14302328.1e4c: SUPR3HardenedMain: Load Runtime...
14312328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
14322328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
14332328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
14342328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
14352328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
14362328.1e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
14372328.1e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
14382328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
14392328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
14402328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
14412328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
14422328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
14432328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
14442328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
14452328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
14462328.1e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ws2_32.dll) WinVerifyTrust
14472328.1e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
14482328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
14492328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
14502328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
14512328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
14522328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
14532328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
14542328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
14552328.1e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
14562328.1e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
14572328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
14582328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
14592328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
14602328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
14612328.1e4c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
14622328.1e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll)
14632328.1e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
14642328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
14652328.1e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
14662328.1e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
14672328.1e4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
14682328.1e4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
14692328.1e4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
14702328.1e4c: supR3HardenedDllNotificationCallback: load 0000000071d90000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
14712328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
14722328.1e4c: supR3HardenedDllNotificationCallback: load 0000000071e70000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
14732328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
14742328.1e4c: supR3HardenedDllNotificationCallback: load 00007fff31d40000 LB 0x0006b000 C:\WINDOWS\system32\WS2_32.dll [fFlags=0x0]
14752328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
14762328.1e4c: supR3HardenedDllNotificationCallback: load 00007ffef5a70000 LB 0x00562000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
14772328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
14782328.1e4c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
14792328.1e4c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
14802328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
14812328.1e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
14822328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef5a70000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
14832328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
14842328.1e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
14852328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef5a70000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
14862328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
14872328.1e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
14882328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef5a70000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
14892328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
14902328.1e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
14912328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef5a70000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
14922328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
14932328.1e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
14942328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef5a70000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
14952328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
14962328.1e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
14972328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef5a70000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
14982328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef5a70000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
14992328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef5a70000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15002328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef5a70000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15012328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef5a70000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15022328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef5a70000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15032328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef5a70000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15042328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef5a70000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15052328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
15062328.1e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
15072328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef5a70000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15082328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef5a70000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15092328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef5a70000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15102328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef5a70000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15112328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef5a70000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15122328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef5a70000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15132328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef5a70000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15142328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef5a70000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15152328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef5a70000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15162328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef5a70000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15172328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef5a70000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15182328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef5a70000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15192328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef5a70000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15202328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef5a70000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15212328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef5a70000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15222328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef5a70000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15232328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
15242328.1e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
15252328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef5a70000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15262328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef5a70000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15272328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef5a70000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15282328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef5a70000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15292328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ebe0000 'C:\WINDOWS\system32\Wintrust.dll'
15302328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
15312328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
15322328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
15332328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
15342328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
15352328.1e4c: SUPR3HardenedMain: Load TrustedMain...
15362328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
15372328.1e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
15382328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
15392328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
15402328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
15412328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
15422328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
15432328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
15442328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qtguivbox4.dll'.
15452328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qtopenglvbox4.dll'.
15462328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
15472328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
15482328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'advapi32.dll'.
15492328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'shell32.dll'.
15502328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'ole32.dll'.
15512328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'oleaut32.dll'.
15522328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'comdlg32.dll'.
15532328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'.
15542328.1e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
15552328.1e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.dll
15562328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
15572328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
15582328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
15592328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
15602328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
15612328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcrt.dll'.
15622328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'user32.dll'.
15632328.1e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winmm.dll) WinVerifyTrust
15642328.1e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winmm.dll
15652328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
15662328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume3\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
15672328.1e4c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000470 pwszName=\Device\HarddiskVolume3\Windows\System32\comdlg32.dll
15682328.1e4c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000a01b40
15692328.1e4c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000a01b40
15702328.1e4c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4A350A9728CCF9D9DA5C34E66C65B031F50EE801
15712328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15722328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15732328.1e4c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
15742328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'gdi32.dll'.
15752328.1e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\user32.dll)
15762328.1e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\user32.dll
15772328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15782328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15792328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
15802328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
15812328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
15822328.1e4c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'.
15832328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
15842328.1e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winmmbase.dll)
15852328.1e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winmmbase.dll
15862328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15872328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15882328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
15892328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15902328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15912328.1e4c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
15922328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'user32.dll'.
15932328.1e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32.dll)
15942328.1e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32.dll
15952328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15962328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15972328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
15982328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
15992328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
16002328.1e4c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-shell~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\comdlg32.dll'
16012328.1e4c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16022328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16032328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'user32.dll'.
16042328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'shlwapi.dll'.
16052328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'gdi32.dll'.
16062328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'comctl32.dll'.
16072328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'shell32.dll'.
16082328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'firewallapi.dll'.
16092328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'netapi32.dll'.
16102328.1e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\comdlg32.dll) WinVerifyTrust
16112328.1e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\comdlg32.dll
16122328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
16132328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
16142328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netapi32.dll'...
16152328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'netapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\netapi32.dll' [rcNtRedir=0xc0150008]
16162328.1e4c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\netapi32.dll'.
16172328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16182328.1e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\netapi32.dll)
16192328.1e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\netapi32.dll
16202328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'firewallapi.dll'...
16212328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'firewallapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\firewallapi.dll' [rcNtRedir=0xc0150008]
16222328.1e4c: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\FirewallAPI.dll'.
16232328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16242328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
16252328.1e4c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\FirewallAPI.dll)
16262328.1e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\FirewallAPI.dll
16272328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
16282328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
16292328.1e4c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
16302328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16312328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #65 'user32.dll'.
16322328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #67 'gdi32.dll'.
16332328.1e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shell32.dll)
16342328.1e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shell32.dll
16352328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
16362328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
16372328.1e4c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\comctl32.dll'.
16382328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
16392328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
16402328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
16412328.1e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\comctl32.dll)
16422328.1e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\comctl32.dll
16432328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16442328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16452328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
16462328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
16472328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
16482328.1e4c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'.
16492328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
16502328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #41 'gdi32.dll'.
16512328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'user32.dll'.
16522328.1e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shlwapi.dll)
16532328.1e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
16542328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16552328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16562328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
16572328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16582328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16592328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16602328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16612328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
16622328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16632328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16642328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
16652328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16662328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16672328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16682328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16692328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
16702328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16712328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16722328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
16732328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
16742328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
16752328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
16762328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16772328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16782328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
16792328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16802328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16812328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
16822328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16832328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16842328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
16852328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
16862328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
16872328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16882328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16892328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16902328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16912328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
16922328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
16932328.1e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16942328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
16952328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16962328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'combase.dll'.
16972328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
16982328.1e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\oleaut32.dll) WinVerifyTrust
16992328.1e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
17002328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
17012328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
17022328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
17032328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
17042328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
17052328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
17062328.1e4c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
17072328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17082328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
17092328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'bcryptprimitives.dll'.
17102328.1e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\combase.dll)
17112328.1e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\combase.dll
17122328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17132328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17142328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
17152328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
17162328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
17172328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
17182328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
17192328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17202328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17212328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
17222328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
17232328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
17242328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'rpcrt4.dll'.
17252328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'gdi32.dll'.
17262328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'user32.dll'.
17272328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'combase.dll'.
17282328.1e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ole32.dll) WinVerifyTrust
17292328.1e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ole32.dll
17302328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
17312328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
17322328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [redoing WinVerifyTrust]
17332328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
17342328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
17352328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [lacks WinVerifyTrust]
17362328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17372328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17382328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
17392328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17402328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17412328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
17422328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
17432328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
17442328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17452328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17462328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
17472328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
17482328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
17492328.1e4c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll'
17502328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
17512328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
17522328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
17532328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17542328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17552328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
17562328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
17572328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
17582328.1e4c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'
17592328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17602328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17612328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [redoing WinVerifyTrust]
17622328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
17632328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
17642328.1e4c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\user32.dll'
17652328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtopenglvbox4.dll'...
17662328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtopenglvbox4.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qtopenglvbox4.dll' [rcNtRedir=0xc0150008]
17672328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
17682328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
17692328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
17702328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
17712328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qtguivbox4.dll'.
17722328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
17732328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'.
17742328.1e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll) WinVerifyTrust
17752328.1e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
17762328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
17772328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
17782328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
17792328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
17802328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
17812328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
17822328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
17832328.1e4c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll'.
17842328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
17852328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
17862328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
17872328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
17882328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
17892328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
17902328.1e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll)
17912328.1e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
17922328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
17932328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
17942328.1e4c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll'.
17952328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
17962328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'comdlg32.dll'.
17972328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'.
17982328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
17992328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
18002328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
18012328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
18022328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
18032328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'advapi32.dll'.
18042328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shell32.dll'.
18052328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'qtcorevbox4.dll'.
18062328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp100.dll'.
18072328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcr100.dll'.
18082328.1e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll)
18092328.1e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
18102328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18112328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18122328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
18132328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18142328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18152328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll
18162328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
18172328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
18182328.1e4c: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\opengl32.dll'.
18192328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18202328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
18212328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
18222328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
18232328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
18242328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
18252328.1e4c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\opengl32.dll)
18262328.1e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\opengl32.dll
18272328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18282328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18292328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
18302328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume3\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
18312328.1e4c: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\ddraw.dll'.
18322328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18332328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'user32.dll'.
18342328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'gdi32.dll'.
18352328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'dciman32.dll'.
18362328.1e4c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\ddraw.dll)
18372328.1e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ddraw.dll
18382328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
18392328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
18402328.1e4c: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
18412328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18422328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
18432328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
18442328.1e4c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\glu32.dll)
18452328.1e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\glu32.dll
18462328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18472328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18482328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll
18492328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
18502328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
18512328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
18522328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18532328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18542328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
18552328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
18562328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
18572328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
18582328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
18592328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
18602328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
18612328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
18622328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [lacks WinVerifyTrust]
18632328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
18642328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
18652328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
18662328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
18672328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
18682328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
18692328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18702328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18712328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
18722328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
18732328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
18742328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
18752328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume3\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
18762328.1e4c: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\winspool.drv'.
18772328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18782328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'bcrypt.dll'.
18792328.1e4c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\winspool.drv)
18802328.1e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winspool.drv
18812328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
18822328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
18832328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
18842328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
18852328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
18862328.1e4c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
18872328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
18882328.1e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\imm32.dll)
18892328.1e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imm32.dll
18902328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
18912328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
18922328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
18932328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
18942328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume3\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
18952328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\comdlg32.dll
18962328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18972328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18982328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
18992328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
19002328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
19012328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
19022328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
19032328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
19042328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
19052328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
19062328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
19072328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
19082328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
19092328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
19102328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
19112328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
19122328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
19132328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19142328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19152328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19162328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19172328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
19182328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
19192328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
19202328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19212328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19222328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19232328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19242328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
19252328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
19262328.1e4c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
19272328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19282328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19292328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
19302328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume3\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
19312328.1e4c: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\dciman32.dll'.
19322328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19332328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
19342328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
19352328.1e4c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\dciman32.dll)
19362328.1e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dciman32.dll
19372328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
19382328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
19392328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19402328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19412328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19422328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19432328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19442328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19452328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
19462328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
19472328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19482328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19492328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
19502328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
19512328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'comdlg32.dll'.
19522328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'.
19532328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
19542328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
19552328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
19562328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
19572328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
19582328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'advapi32.dll'.
19592328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shell32.dll'.
19602328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'qtcorevbox4.dll'.
19612328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp100.dll'.
19622328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcr100.dll'.
19632328.1e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll) WinVerifyTrust
19642328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
19652328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
19662328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [redoing WinVerifyTrust]
19672328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
19682328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
19692328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
19702328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
19712328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
19722328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
19732328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
19742328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
19752328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [lacks WinVerifyTrust]
19762328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
19772328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
19782328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
19792328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
19802328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
19812328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
19822328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19832328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19842328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
19852328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
19862328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
19872328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
19882328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
19892328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume3\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
19902328.1e4c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\winspool.drv [lacks WinVerifyTrust]
19912328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
19922328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
19932328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
19942328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
19952328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
19962328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [lacks WinVerifyTrust]
19972328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
19982328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
19992328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
20002328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
20012328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume3\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
20022328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\comdlg32.dll
20032328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
20042328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
20052328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
20062328.1e4c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll'
20072328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
20082328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
20092328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [redoing WinVerifyTrust]
20102328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
20112328.1e4c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'
20122328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
20132328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
20142328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
20152328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
20162328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
20172328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
20182328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
20192328.1e4c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
20202328.1e4c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000051c pwszName=\Device\HarddiskVolume3\Windows\System32\opengl32.dll
20212328.1e4c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000a01b40
20222328.1e4c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000a01b40
20232328.1e4c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A59A12801C3E68C49056D7AF56FE4F31F6CB06E1
20242328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
20252328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
20262328.1e4c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-windows~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\opengl32.dll'
20272328.1e4c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20282328.1e4c: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\opengl32.dll'
20292328.1e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
20302328.1e4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.dll
20312328.1e4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
20322328.1e4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
20332328.1e4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [avoiding WinVerifyTrust]
20342328.1e4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
20352328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
20362328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
20372328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
20382328.1e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_396e892957c7fb25\comctl32.dll)
20392328.1e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_396e892957c7fb25\comctl32.dll
20402328.1e4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
20412328.1e4c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
20422328.1e4c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\ddraw.dll [avoiding WinVerifyTrust]
20432328.1e4c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
20442328.1e4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
20452328.1e4c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\dciman32.dll [avoiding WinVerifyTrust]
20462328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20472328.1e4c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\davhlpr.dll)
20482328.1e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\davhlpr.dll
20492328.1e4c: supR3HardenedDllNotificationCallback: load 00007fff2f930000 LB 0x00156000 C:\WINDOWS\system32\USER32.dll [fFlags=0x0]
20502328.1e4c: supR3HardenedDllNotificationCallback: load 00007fff2ffe0000 LB 0x00186000 C:\WINDOWS\system32\GDI32.dll [fFlags=0x0]
20512328.1e4c: supR3HardenedDllNotificationCallback: load 00007fff273c0000 LB 0x00008000 C:\WINDOWS\SYSTEM32\DCIMAN32.dll [fFlags=0x0]
20522328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\dciman32.dll [avoiding WinVerifyTrust]
20532328.1e4c: supR3HardenedDllNotificationCallback: load 00007fff0c040000 LB 0x000fa000 C:\WINDOWS\SYSTEM32\DDRAW.dll [fFlags=0x0]
20542328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\ddraw.dll [avoiding WinVerifyTrust]
20552328.1e4c: supR3HardenedDllNotificationCallback: load 00007fff1e040000 LB 0x0002e000 C:\WINDOWS\SYSTEM32\GLU32.dll [fFlags=0x0]
20562328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
20572328.1e4c: supR3HardenedDllNotificationCallback: load 00007fff11ce0000 LB 0x00129000 C:\WINDOWS\SYSTEM32\OPENGL32.dll [fFlags=0x0]
20582328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
20592328.1e4c: supR3HardenedDllNotificationCallback: load 00007fff322b0000 LB 0x0027d000 C:\WINDOWS\system32\combase.dll [fFlags=0x0]
20602328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [avoiding WinVerifyTrust]
20612328.1e4c: supR3HardenedDllNotificationCallback: load 00007fff32160000 LB 0x00143000 C:\WINDOWS\system32\ole32.dll [fFlags=0x0]
20622328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
20632328.1e4c: supR3HardenedDllNotificationCallback: load 0000000071ab0000 LB 0x002de000 C:\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [fFlags=0x0]
20642328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
20652328.1e4c: supR3HardenedDllNotificationCallback: load 00007fff2f750000 LB 0x000b5000 C:\WINDOWS\system32\shcore.dll [fFlags=0x0]
20662328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20672328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'rpcrt4.dll'.
20682328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'combase.dll'.
20692328.1e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\SHCore.dll)
20702328.1e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\SHCore.dll
20712328.1e4c: supR3HardenedDllNotificationCallback: load 00007fff31c70000 LB 0x00052000 C:\WINDOWS\system32\shlwapi.dll [fFlags=0x0]
20722328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll [avoiding WinVerifyTrust]
20732328.1e4c: supR3HardenedDllNotificationCallback: load 00007fff188d0000 LB 0x000aa000 C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_396e892957c7fb25\COMCTL32.dll [fFlags=0x0]
20742328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_396e892957c7fb25\comctl32.dll [avoiding WinVerifyTrust]
20752328.1e4c: supR3HardenedDllNotificationCallback: load 00007fff2f830000 LB 0x00043000 C:\WINDOWS\system32\cfgmgr32.dll [fFlags=0x0]
20762328.1e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll)
20772328.1e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
20782328.1e4c: supR3HardenedDllNotificationCallback: load 00007fff2ebd0000 LB 0x0000f000 C:\WINDOWS\system32\kernel.appcore.dll [fFlags=0x0]
20792328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcrt.dll'.
20802328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
20812328.1e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll)
20822328.1e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll
20832328.1e4c: supR3HardenedDllNotificationCallback: load 00007fff2eb80000 LB 0x0004b000 C:\WINDOWS\system32\powrprof.dll [fFlags=0x0]
20842328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20852328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
20862328.1e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\powrprof.dll)
20872328.1e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\powrprof.dll
20882328.1e4c: supR3HardenedDllNotificationCallback: load 00007fff2ef10000 LB 0x00644000 C:\WINDOWS\system32\windows.storage.dll [fFlags=0x0]
20892328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20902328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
20912328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #59 'combase.dll'.
20922328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #66 'profapi.dll'.
20932328.1e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\windows.storage.dll)
20942328.1e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\windows.storage.dll
20952328.1e4c: supR3HardenedDllNotificationCallback: load 00007fff30260000 LB 0x0155f000 C:\WINDOWS\system32\SHELL32.dll [fFlags=0x0]
20962328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
20972328.1e4c: supR3HardenedDllNotificationCallback: load 00007fff2ee80000 LB 0x00086000 C:\WINDOWS\system32\FirewallAPI.dll [fFlags=0x0]
20982328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\FirewallAPI.dll [avoiding WinVerifyTrust]
20992328.1e4c: supR3HardenedDllNotificationCallback: load 00007fff2f810000 LB 0x00017000 C:\WINDOWS\system32\NETAPI32.dll [fFlags=0x0]
21002328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\netapi32.dll [avoiding WinVerifyTrust]
21012328.1e4c: supR3HardenedDllNotificationCallback: load 00007fff2d310000 LB 0x0000c000 C:\WINDOWS\SYSTEM32\DAVHLPR.DLL [fFlags=0x0]
21022328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\davhlpr.dll [avoiding WinVerifyTrust]
21032328.1e4c: supR3HardenedDllNotificationCallback: load 00007fff31fe0000 LB 0x0010b000 C:\WINDOWS\system32\COMDLG32.dll [fFlags=0x0]
21042328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\comdlg32.dll
21052328.1e4c: supR3HardenedDllNotificationCallback: load 00007fff31af0000 LB 0x000c1000 C:\WINDOWS\system32\OLEAUT32.dll [fFlags=0x0]
21062328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
21072328.1e4c: supR3HardenedDllNotificationCallback: load 00007fff30170000 LB 0x0003b000 C:\WINDOWS\system32\IMM32.dll [fFlags=0x0]
21082328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
21092328.1e4c: supR3HardenedDllNotificationCallback: load 00007fff2d280000 LB 0x0002c000 C:\WINDOWS\SYSTEM32\WINMMBASE.dll [fFlags=0x0]
21102328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
21112328.1e4c: supR3HardenedDllNotificationCallback: load 00007fff2d2e0000 LB 0x00023000 C:\WINDOWS\SYSTEM32\WINMM.dll [fFlags=0x0]
21122328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
21132328.1e4c: supR3HardenedDllNotificationCallback: load 00007fff1f910000 LB 0x00084000 C:\WINDOWS\SYSTEM32\WINSPOOL.DRV [fFlags=0x0]
21142328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
21152328.1e4c: supR3HardenedDllNotificationCallback: load 0000000071140000 LB 0x0096c000 C:\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [fFlags=0x0]
21162328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [avoiding WinVerifyTrust]
21172328.1e4c: supR3HardenedDllNotificationCallback: load 0000000071060000 LB 0x000dc000 C:\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll [fFlags=0x0]
21182328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
21192328.1e4c: supR3HardenedDllNotificationCallback: load 00007ffef4fb0000 LB 0x00abb000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
21202328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.dll
21212328.1e4c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'.
21222328.1e4c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' [rescheduled]
21232328.1e4c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'.
21242328.1e4c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled]
21252328.1e4c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'.
21262328.1e4c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll' [rescheduled]
21272328.1e4c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'.
21282328.1e4c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rescheduled]
21292328.1e4c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'.
21302328.1e4c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' [rescheduled]
21312328.1e4c: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\davhlpr.dll'.
21322328.1e4c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\davhlpr.dll' [rescheduled]
21332328.1e4c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_396e892957c7fb25\comctl32.dll'.
21342328.1e4c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_396e892957c7fb25\comctl32.dll' [rescheduled]
21352328.1e4c: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\dciman32.dll'.
21362328.1e4c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\dciman32.dll' [rescheduled]
21372328.1e4c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
21382328.1e4c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rescheduled]
21392328.1e4c: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\winspool.drv'.
21402328.1e4c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winspool.drv' [rescheduled]
21412328.1e4c: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
21422328.1e4c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
21432328.1e4c: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\ddraw.dll'.
21442328.1e4c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\ddraw.dll' [rescheduled]
21452328.1e4c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll'.
21462328.1e4c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll' [rescheduled]
21472328.1e4c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
21482328.1e4c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
21492328.1e4c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'.
21502328.1e4c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rescheduled]
21512328.1e4c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\comctl32.dll'.
21522328.1e4c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\comctl32.dll' [rescheduled]
21532328.1e4c: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\FirewallAPI.dll'.
21542328.1e4c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\FirewallAPI.dll' [rescheduled]
21552328.1e4c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\netapi32.dll'.
21562328.1e4c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\netapi32.dll' [rescheduled]
21572328.1e4c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'.
21582328.1e4c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled]
21592328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [redoing WinVerifyTrust]
21602328.1e4c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
21612328.1e4c: supR3HardenedScreenImage/LdrLoadDll: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\imm32.dll
21622328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
21632328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
21642328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\profapi.dll
21652328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
21662328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
21672328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [redoing WinVerifyTrust]
21682328.1e4c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
21692328.1e4c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\combase.dll
21702328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
21712328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
21722328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21732328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21742328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
21752328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
21762328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21772328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21782328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
21792328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
21802328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21812328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21822328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
21832328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
21842328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [redoing WinVerifyTrust]
21852328.1e4c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
21862328.1e4c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\combase.dll
21872328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
21882328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
21892328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21902328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21912328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21922328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21932328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
21942328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
21952328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
21962328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
21972328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
21982328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
21992328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
22002328.1e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22012328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff30170000 'C:\WINDOWS\system32\imm32.dll'
22022328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22032328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
22042328.1e4c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\fwbase.dll)
22052328.1e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\fwbase.dll
22062328.1e4c: supR3HardenedDllNotificationCallback: load 00007fff2d930000 LB 0x00032000 C:\WINDOWS\SYSTEM32\fwbase.dll [fFlags=0x0]
22072328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\fwbase.dll [avoiding WinVerifyTrust]
22082328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef4fb0000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
22092328.1e4c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005d0 pwszName=\Device\HarddiskVolume3\Windows\System32\fwbase.dll
22102328.1e4c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000a01b40
22112328.1e4c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000a01b40
22122328.1e4c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6E4D167517C7EAF637013768F544E99C63255E3F
22132328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
22142328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
22152328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
22162328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22172328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22182328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
22192328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
22202328.1e4c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Network-Security-MPSSVC-net-Package~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\fwbase.dll'
22212328.1e4c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
22222328.1e4c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\fwbase.dll'
22232328.1e4c: SUPR3HardenedMain: Calling TrustedMain (00007ffef4fb10d0)...
22242328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
22252328.1e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22262328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2d2e0000 'C:\WINDOWS\system32\winmm.dll'
22272328.1e4c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000644 pwszName=\Device\HarddiskVolume3\Windows\System32\uxtheme.dll
22282328.1e4c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000a01b40
22292328.1e4c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000a01b40
22302328.1e4c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4F9BD6CD3F872DBBFCD5F712A95134C3D7F47679
22312328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
22322328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
22332328.1e4c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-shell~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\uxtheme.dll'
22342328.1e4c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
22352328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22362328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'gdi32.dll'.
22372328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'user32.dll'.
22382328.1e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\uxtheme.dll) WinVerifyTrust
22392328.1e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
22402328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
22412328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
22422328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
22432328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
22442328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22452328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22462328.1e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
22472328.1e4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
22482328.1e4c: supR3HardenedDllNotificationCallback: load 00007fff2d460000 LB 0x00096000 C:\WINDOWS\system32\uxtheme.dll [fFlags=0x0]
22492328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
22502328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2d460000 'C:\WINDOWS\system32\uxtheme.dll'
22512328.1e4c: supR3HardenedDllNotificationCallback: load 00007fff317c0000 LB 0x0015a000 C:\WINDOWS\system32\MSCTF.dll [fFlags=0x0]
22522328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22532328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
22542328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'gdi32.dll'.
22552328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'imm32.dll'.
22562328.1e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msctf.dll)
22572328.1e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msctf.dll
22582328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22592328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'user32.dll'.
22602328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'gdi32.dll'.
22612328.1e4c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\dwmapi.dll)
22622328.1e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dwmapi.dll
22632328.1e4c: supR3HardenedDllNotificationCallback: load 00007fff2ba80000 LB 0x00022000 C:\WINDOWS\system32\dwmapi.dll [fFlags=0x0]
22642328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
22652328.1e4c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000660 pwszName=\Device\HarddiskVolume3\Windows\System32\dwmapi.dll
22662328.1e4c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000a01b40
22672328.1e4c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000a01b40
22682328.1e4c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A8900DBF59D51D3F67CECDDA4ED1690DFAAE4945
22692328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
22702328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
22712328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll
22722328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
22732328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
22742328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22752328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22762328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
22772328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
22782328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [lacks WinVerifyTrust]
22792328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
22802328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
22812328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
22822328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
22832328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22842328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22852328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
22862328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
22872328.1e4c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Composition-Core-windows-Package~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\dwmapi.dll'
22882328.1e4c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
22892328.1e4c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dwmapi.dll'
22902328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
22912328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
22922328.1e4c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msctf.dll'
22932328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
22942328.1e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22952328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff30260000 'C:\WINDOWS\system32\shell32.dll'
22962328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
22972328.1e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22982328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff301b0000 'C:\WINDOWS\system32\kernel32.dll'
22992328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
23002328.1e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23012328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2d460000 'C:\WINDOWS\system32\uxtheme.dll'
23022328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
23032328.1e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23042328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2d460000 'C:\WINDOWS\system32\uxtheme.dll'
23052328.1e4c: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll; rcNtGetDll=0x0
23062328.1e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23072328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\WINDOWS\system32\wintab32.dll'
23082328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2f930000 'C:\WINDOWS\system32\user32.dll'
23092328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
23102328.1e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23112328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2d460000 'C:\WINDOWS\system32\uxtheme.dll'
23122328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2f930000 'C:\WINDOWS\system32\user32.dll'
23132328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
23142328.1e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23152328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff31bc0000 'C:\WINDOWS\system32\advapi32.dll'
23162328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
23172328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
23182328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23192328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
23202328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'profapi.dll'.
23212328.1e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\userenv.dll) WinVerifyTrust
23222328.1e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\userenv.dll
23232328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
23242328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
23252328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\profapi.dll
23262328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
23272328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
23282328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23292328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23302328.1e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23312328.1e4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll
23322328.1e4c: supR3HardenedDllNotificationCallback: load 00007fff2e310000 LB 0x0001f000 C:\WINDOWS\system32\userenv.dll [fFlags=0x0]
23332328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll
23342328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e310000 'C:\WINDOWS\system32\userenv.dll'
23352328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
23362328.1e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23372328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff301b0000 'C:\WINDOWS\system32\kernel32.dll'
23382328.1e4c: supR3HardenedDllNotificationCallback: load 00007fff319c0000 LB 0x000a7000 C:\WINDOWS\system32\clbcatq.dll [fFlags=0x0]
23392328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23402328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
23412328.1e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\clbcatq.dll)
23422328.1e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\clbcatq.dll
23432328.8ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
23442328.8ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
23452328.8ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23462328.8ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23472328.8ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
23482328.8ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
23492328.8ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
23502328.8ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\clbcatq.dll'
23512328.8ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
23522328.8ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
23532328.8ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
23542328.8ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'psapi.dll'.
23552328.8ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
23562328.8ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
23572328.8ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'version.dll'.
23582328.8ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ws2_32.dll'.
23592328.8ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'.
23602328.8ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
23612328.8ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
23622328.8ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
23632328.8ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
23642328.8ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
23652328.8ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
23662328.8ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
23672328.8ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
23682328.8ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
23692328.8ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
23702328.8ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
23712328.8ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
23722328.8ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
23732328.8ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume3\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
23742328.8ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
23752328.8ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
23762328.8ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23772328.8ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\version.dll) WinVerifyTrust
23782328.8ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\version.dll
23792328.8ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
23802328.8ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
23812328.8ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
23822328.8ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
23832328.8ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'psapi.dll'...
23842328.8ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'psapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\psapi.dll' [rcNtRedir=0xc0150008]
23852328.8ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23862328.8ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23872328.8ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
23882328.8ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
23892328.8ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\psapi.dll) WinVerifyTrust
23902328.8ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\psapi.dll
23912328.8ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
23922328.8ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
23932328.8ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
23942328.8ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
23952328.8ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
23962328.8ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
23972328.8ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
23982328.8ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
23992328.8ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\version.dll
24002328.8ac: supR3HardenedDllNotificationCallback: load 00007fff32150000 LB 0x00008000 C:\WINDOWS\system32\PSAPI.DLL [fFlags=0x0]
24012328.8ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\psapi.dll
24022328.8ac: supR3HardenedDllNotificationCallback: load 00007fff24830000 LB 0x0000a000 C:\WINDOWS\SYSTEM32\VERSION.dll [fFlags=0x0]
24032328.8ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\version.dll
24042328.8ac: supR3HardenedDllNotificationCallback: load 00007ffef49d0000 LB 0x005d8000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
24052328.8ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
24062328.8ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef49d0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
24072328.8ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
24082328.8ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
24092328.8ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff31af0000 'C:\Windows\System32\oleaut32.dll'
24102328.8ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\sxs.dll)
24112328.8ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sxs.dll
24122328.8ac: supR3HardenedDllNotificationCallback: load 00007fff2ea10000 LB 0x00099000 C:\WINDOWS\SYSTEM32\sxs.dll [fFlags=0x0]
24132328.8ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\sxs.dll [avoiding WinVerifyTrust]
24142328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
24152328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
24162328.1e4c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\sxs.dll'
24172328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
24182328.1e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\OLEAUT32.dll (Input=OLEAUT32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24192328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff31af0000 'C:\WINDOWS\system32\OLEAUT32.dll'
24202328.1e4c: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll; rcNtGetDll=0x0
24212328.1e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24222328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\WINDOWS\system32\wintab32.dll'
24232328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ffe0000 'C:\WINDOWS\system32\gdi32.dll'
24242328.20a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
24252328.20a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
24262328.20a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
24272328.20a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
24282328.20a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
24292328.20a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll) WinVerifyTrust
24302328.20a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
24312328.20a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
24322328.20a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
24332328.20a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24342328.20a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
24352328.20a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxPuelMain.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24362328.20a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
24372328.20a0: supR3HardenedDllNotificationCallback: load 00007fff27280000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL [fFlags=0x0]
24382328.20a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
24392328.20a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff27280000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxPuelMain.DLL'
24402328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2f930000 'C:\WINDOWS\system32\user32.dll'
24412328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
24422328.1e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24432328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff30260000 'C:\WINDOWS\system32\shell32.dll'
24442328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff31bc0000 'C:\WINDOWS\system32\ADVAPI32.DLL'
24452328.1e4c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ac4 pwszName=\Device\HarddiskVolume3\Windows\System32\DataExchange.dll
24462328.1e4c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000a01b40
24472328.1e4c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000a01b40
24482328.1e4c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=75640CA57CB5630DA16BB2F35FAEDB2EAB5C3525
24492328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
24502328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
24512328.1e4c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-shell~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\DataExchange.dll'
24522328.1e4c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24532328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24542328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shcore.dll'.
24552328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'combase.dll'.
24562328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'd3d11.dll'.
24572328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'dcomp.dll'.
24582328.1e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\DataExchange.dll) WinVerifyTrust
24592328.1e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\DataExchange.dll
24602328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'...
24612328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume3\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008]
24622328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
24632328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
24642328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24652328.1e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dcomp.dll) WinVerifyTrust
24662328.1e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dcomp.dll
24672328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
24682328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume3\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
24692328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24702328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24712328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
24722328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
24732328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24742328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'dxgi.dll'.
24752328.1e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\d3d11.dll) WinVerifyTrust
24762328.1e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\d3d11.dll
24772328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
24782328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
24792328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [redoing WinVerifyTrust]
24802328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
24812328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume3\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
24822328.1e4c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\dxgi.dll'.
24832328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24842328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
24852328.1e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dxgi.dll)
24862328.1e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dxgi.dll
24872328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24882328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24892328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
24902328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
24912328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24922328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24932328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
24942328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
24952328.1e4c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\combase.dll'
24962328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
24972328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume3\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
24982328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll [redoing WinVerifyTrust]
24992328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
25002328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
25012328.1e4c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'
25022328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25032328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25042328.1e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
25052328.1e4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DataExchange.dll
25062328.1e4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d11.dll
25072328.1e4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dcomp.dll
25082328.1e4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
25092328.1e4c: supR3HardenedDllNotificationCallback: load 00007fff2bc40000 LB 0x000a2000 C:\WINDOWS\system32\dxgi.dll [fFlags=0x0]
25102328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
25112328.1e4c: supR3HardenedDllNotificationCallback: load 00007fff2b7d0000 LB 0x002a8000 C:\WINDOWS\system32\d3d11.dll [fFlags=0x0]
25122328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d11.dll
25132328.1e4c: supR3HardenedDllNotificationCallback: load 00007fff2c660000 LB 0x000e3000 C:\WINDOWS\system32\dcomp.dll [fFlags=0x0]
25142328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dcomp.dll
25152328.1e4c: supR3HardenedDllNotificationCallback: load 00007fff1d970000 LB 0x0004a000 C:\WINDOWS\system32\dataexchange.dll [fFlags=0x0]
25162328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DataExchange.dll
25172328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1d970000 'C:\WINDOWS\system32\dataexchange.dll'
25182328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
25192328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
25202328.1e4c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dxgi.dll'
25212328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25222328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'bcrypt.dll'.
25232328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'rpcrt4.dll'.
25242328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'combase.dll'.
25252328.1e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll)
25262328.1e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll
25272328.1e4c: supR3HardenedDllNotificationCallback: load 00007fff2d670000 LB 0x00100000 C:\WINDOWS\system32\twinapi.appcore.dll [fFlags=0x0]
25282328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust]
25292328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
25302328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
25312328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
25322328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll
25332328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
25342328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
25352328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
25362328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
25372328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
25382328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25392328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25402328.1e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25412328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
25422328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
25432328.1e4c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll'
25442328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
25452328.1e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25462328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff30260000 'C:\WINDOWS\system32\shell32.dll'
25472328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
25482328.1e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25492328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff30260000 'C:\WINDOWS\system32\shell32.dll'
25502328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
25512328.1e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25522328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff32160000 'C:\WINDOWS\system32\ole32.dll'
25532328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
25542328.1e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25552328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff31af0000 'C:\WINDOWS\system32\OLEAUT32.dll'
25562328.1e4c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bcc pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
25572328.1e4c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000a01b40
25582328.1e4c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000a01b40
25592328.1e4c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3488B506C76AED41BC3048EF4C38C6A11D8B3CC4
25602328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
25612328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
25622328.1e4c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-admin-Package~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll'
25632328.1e4c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
25642328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25652328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
25662328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
25672328.1e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
25682328.1e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
25692328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
25702328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
25712328.1e4c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bdc pwszName=\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
25722328.1e4c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000a01b40
25732328.1e4c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000a01b40
25742328.1e4c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D0F5B8FB82A59EE0D6149941C8198202D2D48FDA
25752328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
25762328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
25772328.1e4c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-admin-Package~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll'
25782328.1e4c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
25792328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25802328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'bcrypt.dll'.
25812328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'ws2_32.dll'.
25822328.1e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll) WinVerifyTrust
25832328.1e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
25842328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
25852328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
25862328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
25872328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25882328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25892328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
25902328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
25912328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
25922328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
25932328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
25942328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
25952328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25962328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25972328.1e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
25982328.1e4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
25992328.1e4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
26002328.1e4c: supR3HardenedDllNotificationCallback: load 00007fff23dc0000 LB 0x0007f000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [fFlags=0x0]
26012328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
26022328.1e4c: supR3HardenedDllNotificationCallback: load 00007fff22cf0000 LB 0x00011000 C:\WINDOWS\system32\wbem\wbemprox.dll [fFlags=0x0]
26032328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
26042328.1e4c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
26052328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2f560000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
26062328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff22cf0000 'C:\WINDOWS\system32\wbem\wbemprox.dll'
26072328.1e4c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b8c pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
26082328.1e4c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000a01b40
26092328.1e4c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000a01b40
26102328.1e4c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9CE21DDF09B1BCCF1977CBD665E28F9BA3B97D79
26112328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
26122328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
26132328.1e4c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-admin-Package~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll'
26142328.1e4c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
26152328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26162328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
26172328.1e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
26182328.1e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
26192328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
26202328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
26212328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26222328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26232328.1e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
26242328.1e4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
26252328.1e4c: supR3HardenedDllNotificationCallback: load 00007fff2d3a0000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [fFlags=0x0]
26262328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
26272328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2d3a0000 'C:\WINDOWS\system32\wbem\wbemsvc.dll'
26282328.1e4c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
26292328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2f560000 'api-ms-win-core-localization-l1-2-0.dll'
26302328.1e4c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
26312328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2f560000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
26322328.1e4c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bb8 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
26332328.1e4c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000a01b40
26342328.1e4c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000a01b40
26352328.1e4c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AFD9E9630890EA6E6C472D5579966609C56F9EFD
26362328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
26372328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
26382328.1e4c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-admin-Package~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll'
26392328.1e4c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
26402328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26412328.1e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
26422328.1e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
26432328.1e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
26442328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
26452328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
26462328.1e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
26472328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26482328.1e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26492328.1e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
26502328.1e4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
26512328.1e4c: supR3HardenedDllNotificationCallback: load 00007fff22710000 LB 0x000f6000 C:\WINDOWS\system32\wbem\fastprox.dll [fFlags=0x0]
26522328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
26532328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff22710000 'C:\WINDOWS\system32\wbem\fastprox.dll'
26542328.1e4c: supR3HardenedMonitor_LdrLoadDll: 'C:\WINDOWS\system32\comctl32.dll' -> 'C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_396e892957c7fb25\comctl32.dll' [redir]
26552328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_396e892957c7fb25\comctl32.dll [redoing WinVerifyTrust]
26562328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
26572328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
26582328.1e4c: supR3HardenedScreenImage/LdrLoadDll: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_396e892957c7fb25\comctl32.dll'
26592328.1e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_396e892957c7fb25\comctl32.dll (Input=C:\WINDOWS\system32\comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26602328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff188d0000 'C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_396e892957c7fb25\comctl32.dll'
26612328.b88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
26622328.b88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
26632328.b88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
26642328.b88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
26652328.b88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
26662328.b88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
26672328.b88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
26682328.b88: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
26692328.b88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
26702328.b88: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
26712328.b88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
26722328.b88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
26732328.b88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
26742328.b88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
26752328.b88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
26762328.b88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll
26772328.b88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
26782328.b88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
26792328.b88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26802328.b88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26812328.b88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
26822328.b88: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
26832328.b88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
26842328.b88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
26852328.b88: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
26862328.b88: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26872328.b88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
26882328.b88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll
26892328.b88: supR3HardenedDllNotificationCallback: load 0000000073e10000 LB 0x0010a000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
26902328.b88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll
26912328.b88: supR3HardenedDllNotificationCallback: load 00007fff06150000 LB 0x0029c000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
26922328.b88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
26932328.b88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff06150000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
26942328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
26952328.1fd4: \Device\HarddiskVolume3\Windows\System32\drivers\VBoxNetAdp6.sys: Owner is administrators group.
26962328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ndis.sys'.
26972328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ntoskrnl.exe'.
26982328.1fd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\drivers\VBoxNetAdp6.sys)
26992328.1fd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\drivers\VBoxNetAdp6.sys
27002328.1fd4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\drivers\VBoxNetAdp6.sys [avoiding WinVerifyTrust]
27012328.1fd4: \Device\HarddiskVolume3\Windows\System32\drivers\VBoxNetLwf.sys: Owner is administrators group.
27022328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
27032328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ndis.sys'.
27042328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'netio.sys'.
27052328.1fd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\drivers\VBoxNetLwf.sys)
27062328.1fd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\drivers\VBoxNetLwf.sys
27072328.1fd4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\drivers\VBoxNetLwf.sys [avoiding WinVerifyTrust]
27082328.1fd4: \Device\HarddiskVolume3\Windows\System32\drivers\VBoxUSBMon.sys: Owner is administrators group.
27092328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
27102328.1fd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\drivers\VBoxUSBMon.sys)
27112328.1fd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\drivers\VBoxUSBMon.sys
27122328.1fd4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\drivers\VBoxUSBMon.sys [avoiding WinVerifyTrust]
27132328.1fd4: \Device\HarddiskVolume3\Windows\System32\drivers\VBoxDrv.sys: Owner is administrators group.
27142328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
27152328.1fd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\drivers\VBoxDrv.sys)
27162328.1fd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\drivers\VBoxDrv.sys
27172328.1fd4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\drivers\VBoxDrv.sys [avoiding WinVerifyTrust]
27182328.1678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
27192328.1678: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume3\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
27202328.1678: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\ntoskrnl.exe'.
27212328.1678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'hal.dll'.
27222328.1678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'pshed.dll'.
27232328.1678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'bootvid.dll'.
27242328.1678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'kdcom.dll'.
27252328.1678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ci.dll'.
27262328.1678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'msrpc.sys'.
27272328.1678: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntoskrnl.exe)
27282328.1678: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntoskrnl.exe
27292328.1678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
27302328.1678: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume3\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
27312328.1678: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
27322328.1678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netio.sys'...
27332328.1678: supR3HardenedWinVerifyCacheProcessImportTodos: 'netio.sys' -> '\Device\HarddiskVolume3\Windows\System32\drivers\netio.sys' [rcNtRedir=0xc0150008]
27342328.1678: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\drivers\netio.sys'.
27352328.1678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
27362328.1678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ndis.sys'.
27372328.1678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msrpc.sys'.
27382328.1678: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\drivers\netio.sys)
27392328.1678: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\drivers\netio.sys
27402328.1678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ndis.sys'...
27412328.1678: supR3HardenedWinVerifyCacheProcessImportTodos: 'ndis.sys' -> '\Device\HarddiskVolume3\Windows\System32\drivers\ndis.sys' [rcNtRedir=0xc0150008]
27422328.1678: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\drivers\ndis.sys'.
27432328.1678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
27442328.1678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
27452328.1678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'netio.sys'.
27462328.1678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'wpprecorder.sys'.
27472328.1678: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\drivers\ndis.sys)
27482328.1678: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\drivers\ndis.sys
27492328.1678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
27502328.1678: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume3\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
27512328.1678: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
27522328.1678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
27532328.1678: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume3\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
27542328.1678: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
27552328.1678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ndis.sys'...
27562328.1678: supR3HardenedWinVerifyCacheProcessImportTodos: 'ndis.sys' -> '\Device\HarddiskVolume3\Windows\System32\drivers\ndis.sys' [rcNtRedir=0xc0150008]
27572328.1678: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\drivers\ndis.sys [lacks WinVerifyTrust]
27582328.1678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wpprecorder.sys'...
27592328.1678: supR3HardenedWinVerifyCacheProcessImportTodos: 'wpprecorder.sys' -> '\Device\HarddiskVolume3\Windows\System32\drivers\wpprecorder.sys' [rcNtRedir=0xc0150008]
27602328.1678: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\drivers\WppRecorder.sys'.
27612328.1678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
27622328.1678: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\drivers\WppRecorder.sys)
27632328.1678: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\drivers\WppRecorder.sys
27642328.1678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netio.sys'...
27652328.1678: supR3HardenedWinVerifyCacheProcessImportTodos: 'netio.sys' -> '\Device\HarddiskVolume3\Windows\System32\drivers\netio.sys' [rcNtRedir=0xc0150008]
27662328.1678: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\drivers\netio.sys [lacks WinVerifyTrust]
27672328.1678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
27682328.1678: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume3\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
27692328.1678: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\hal.dll'.
27702328.1678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
27712328.1678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'kdcom.dll'.
27722328.1678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'pshed.dll'.
27732328.1678: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\hal.dll)
27742328.1678: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\hal.dll
27752328.1678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
27762328.1678: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume3\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
27772328.1678: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
27782328.1678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msrpc.sys'...
27792328.1678: supR3HardenedWinVerifyCacheProcessImportTodos: 'msrpc.sys' -> '\Device\HarddiskVolume3\Windows\System32\drivers\msrpc.sys' [rcNtRedir=0xc0150008]
27802328.1678: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\drivers\msrpc.sys'.
27812328.1678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
27822328.1678: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\drivers\msrpc.sys)
27832328.1678: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\drivers\msrpc.sys
27842328.1678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ndis.sys'...
27852328.1678: supR3HardenedWinVerifyCacheProcessImportTodos: 'ndis.sys' -> '\Device\HarddiskVolume3\Windows\System32\drivers\ndis.sys' [rcNtRedir=0xc0150008]
27862328.1678: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\drivers\ndis.sys [lacks WinVerifyTrust]
27872328.1678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
27882328.1678: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume3\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
27892328.1678: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
27902328.1678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msrpc.sys'...
27912328.1678: supR3HardenedWinVerifyCacheProcessImportTodos: Failed to locate 'msrpc.sys'
27922328.1678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ci.dll'...
27932328.1678: supR3HardenedWinVerifyCacheProcessImportTodos: 'ci.dll' -> '\Device\HarddiskVolume3\Windows\System32\ci.dll' [rcNtRedir=0xc0150008]
27942328.1678: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\ci.dll'.
27952328.1678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
27962328.1678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
27972328.1678: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ci.dll)
27982328.1678: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ci.dll
27992328.1678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'kdcom.dll'...
28002328.1678: supR3HardenedWinVerifyCacheProcessImportTodos: 'kdcom.dll' -> '\Device\HarddiskVolume3\Windows\System32\kdcom.dll' [rcNtRedir=0xc0150008]
28012328.1678: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\kdcom.dll'.
28022328.1678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
28032328.1678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
28042328.1678: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kdcom.dll)
28052328.1678: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kdcom.dll
28062328.1678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bootvid.dll'...
28072328.1678: supR3HardenedWinVerifyCacheProcessImportTodos: 'bootvid.dll' -> '\Device\HarddiskVolume3\Windows\System32\bootvid.dll' [rcNtRedir=0xc0150008]
28082328.1678: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\BOOTVID.DLL'.
28092328.1678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
28102328.1678: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\BOOTVID.DLL)
28112328.1678: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\BOOTVID.DLL
28122328.1678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'pshed.dll'...
28132328.1678: supR3HardenedWinVerifyCacheProcessImportTodos: 'pshed.dll' -> '\Device\HarddiskVolume3\Windows\System32\pshed.dll' [rcNtRedir=0xc0150008]
28142328.1678: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\PSHED.DLL'.
28152328.1678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
28162328.1678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
28172328.1678: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\PSHED.DLL)
28182328.1678: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\PSHED.DLL
28192328.1678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
28202328.1678: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume3\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
28212328.1678: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\hal.dll [lacks WinVerifyTrust]
28222328.1678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
28232328.1678: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume3\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
28242328.1678: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\hal.dll [lacks WinVerifyTrust]
28252328.1678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
28262328.1678: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume3\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
28272328.1678: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
28282328.1678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
28292328.1678: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume3\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
28302328.1678: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
28312328.1678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
28322328.1678: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume3\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
28332328.1678: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\hal.dll [lacks WinVerifyTrust]
28342328.1678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
28352328.1678: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume3\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
28362328.1678: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
28372328.1678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
28382328.1678: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume3\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
28392328.1678: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\hal.dll [lacks WinVerifyTrust]
28402328.1678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
28412328.1678: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume3\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
28422328.1678: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
28432328.1678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
28442328.1678: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume3\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
28452328.1678: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
28462328.1678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'pshed.dll'...
28472328.1678: supR3HardenedWinVerifyCacheProcessImportTodos: 'pshed.dll' -> '\Device\HarddiskVolume3\Windows\System32\pshed.dll' [rcNtRedir=0xc0150008]
28482328.1678: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\PSHED.DLL [lacks WinVerifyTrust]
28492328.1678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'kdcom.dll'...
28502328.1678: supR3HardenedWinVerifyCacheProcessImportTodos: 'kdcom.dll' -> '\Device\HarddiskVolume3\Windows\System32\kdcom.dll' [rcNtRedir=0xc0150008]
28512328.1678: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kdcom.dll [lacks WinVerifyTrust]
28522328.1678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
28532328.1678: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume3\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
28542328.1678: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
28552328.1678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
28562328.1678: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume3\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
28572328.1678: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
28582328.1678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
28592328.1678: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\drivers\VBoxDrv.sys'
28602328.1678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
28612328.1678: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\drivers\VBoxUSBMon.sys'
28622328.1678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
28632328.1678: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\drivers\VBoxNetLwf.sys'
28642328.1678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
28652328.1678: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\drivers\VBoxNetAdp6.sys'
28662328.1678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
28672328.1678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
28682328.1678: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\PSHED.DLL'
28692328.1678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
28702328.1678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
28712328.1678: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\BOOTVID.DLL'
28722328.1678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
28732328.1678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
28742328.1678: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\kdcom.dll'
28752328.1678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
28762328.1678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
28772328.1678: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ci.dll'
28782328.1678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
28792328.1678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
28802328.1678: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\drivers\msrpc.sys'
28812328.1678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
28822328.1678: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
28832328.1678: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28842328.1678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
28852328.1678: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\hal.dll'
28862328.1678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
28872328.1678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
28882328.1678: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\drivers\WppRecorder.sys'
28892328.1678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
28902328.1678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
28912328.1678: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\drivers\ndis.sys'
28922328.1678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
28932328.1678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
28942328.1678: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\drivers\netio.sys'
28952328.1678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
28962328.1678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
28972328.1678: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ntoskrnl.exe'
28982328.1678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
28992328.1678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
29002328.1678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
29012328.1678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
29022328.1678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
29032328.1678: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
29042328.1678: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
29052328.1678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
29062328.1678: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
29072328.1678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
29082328.1678: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
29092328.1678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
29102328.1678: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
29112328.1678: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
29122328.1678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
29132328.1678: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
29142328.1678: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29152328.1678: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
29162328.1678: supR3HardenedDllNotificationCallback: load 00007fff27340000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
29172328.1678: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
29182328.1678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff27340000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
29192328.2150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
29202328.2150: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
29212328.2150: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
29222328.2150: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
29232328.2150: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
29242328.2150: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
29252328.2150: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
29262328.2150: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
29272328.2150: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
29282328.2150: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
29292328.2150: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
29302328.2150: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
29312328.2150: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
29322328.2150: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29332328.2150: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
29342328.2150: supR3HardenedDllNotificationCallback: load 00007fff27200000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
29352328.2150: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
29362328.2150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff27200000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
29372328.1434: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
29382328.1434: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
29392328.1434: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxoglhostcrutil.dll'.
29402328.1434: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
29412328.1434: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxvmm.dll'.
29422328.1434: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxoglrenderspu.dll'.
29432328.1434: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
29442328.1434: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ole32.dll'.
29452328.1434: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'oleaut32.dll'.
29462328.1434: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.dll) WinVerifyTrust
29472328.1434: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.dll
29482328.1434: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
29492328.1434: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
29502328.1434: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
29512328.1434: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
29522328.1434: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
29532328.1434: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
29542328.1434: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
29552328.1434: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
29562328.1434: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglrenderspu.dll'...
29572328.1434: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglrenderspu.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxoglrenderspu.dll' [rcNtRedir=0xc0150008]
29582328.1434: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
29592328.1434: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
29602328.1434: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxoglhostcrutil.dll'.
29612328.1434: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
29622328.1434: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
29632328.1434: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
29642328.1434: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
29652328.1434: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll) WinVerifyTrust
29662328.1434: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll
29672328.1434: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
29682328.1434: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
29692328.1434: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
29702328.1434: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
29712328.1434: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
29722328.1434: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglhostcrutil.dll'...
29732328.1434: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglhostcrutil.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxoglhostcrutil.dll' [rcNtRedir=0xc0150008]
29742328.1434: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
29752328.1434: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
29762328.1434: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
29772328.1434: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
29782328.1434: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
29792328.1434: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
29802328.1434: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
29812328.1434: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
29822328.1434: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglhostcrutil.dll'...
29832328.1434: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglhostcrutil.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxoglhostcrutil.dll' [rcNtRedir=0xc0150008]
29842328.1434: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll'.
29852328.1434: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
29862328.1434: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
29872328.1434: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'shlwapi.dll'.
29882328.1434: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
29892328.1434: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll)
29902328.1434: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll
29912328.1434: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
29922328.1434: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
29932328.1434: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
29942328.1434: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
29952328.1434: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
29962328.1434: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
29972328.1434: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
29982328.1434: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
29992328.1434: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
30002328.1434: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
30012328.1434: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
30022328.1434: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
30032328.1434: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
30042328.1434: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
30052328.1434: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
30062328.1434: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'shlwapi.dll'.
30072328.1434: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
30082328.1434: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll) WinVerifyTrust
30092328.1434: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
30102328.1434: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
30112328.1434: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
30122328.1434: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
30132328.1434: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
30142328.1434: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
30152328.1434: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
30162328.1434: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll [redoing WinVerifyTrust]
30172328.1434: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
30182328.1434: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
30192328.1434: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'
30202328.1434: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
30212328.1434: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
30222328.1434: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
30232328.1434: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
30242328.1434: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
30252328.1434: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30262328.1434: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.dll
30272328.1434: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll [avoiding WinVerifyTrust]
30282328.1434: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll
30292328.1434: supR3HardenedDllNotificationCallback: load 00007fff15fb0000 LB 0x00034000 C:\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll [fFlags=0x0]
30302328.1434: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll [avoiding WinVerifyTrust]
30312328.1434: supR3HardenedDllNotificationCallback: load 00007fff1b100000 LB 0x00028000 C:\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll [fFlags=0x0]
30322328.1434: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll
30332328.1434: supR3HardenedDllNotificationCallback: load 00007fff02ee0000 LB 0x0012c000 C:\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.DLL [fFlags=0x0]
30342328.1434: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.dll
30352328.1434: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff02ee0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.DLL'
30362328.1434: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
30372328.1434: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll'
30382328.1434: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll
30392328.1434: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30402328.1434: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1b100000 'C:\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll'
30412328.1434: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
30422328.1434: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
30432328.1434: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxoglhostcrutil.dll'.
30442328.1434: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll) WinVerifyTrust
30452328.1434: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll
30462328.1434: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglhostcrutil.dll'...
30472328.1434: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglhostcrutil.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxoglhostcrutil.dll' [rcNtRedir=0xc0150008]
30482328.1434: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll
30492328.1434: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
30502328.1434: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
30512328.1434: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30522328.1434: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll
30532328.1434: supR3HardenedDllNotificationCallback: load 00007fff1f240000 LB 0x0001a000 C:\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll [fFlags=0x0]
30542328.1434: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll
30552328.1434: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f240000 'C:\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll'
30562328.1434: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
30572328.1434: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32/opengl32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30582328.1434: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff11ce0000 'C:\WINDOWS\system32/opengl32.dll'
30592328.1434: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
30602328.1434: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\OPENGL32.dll (Input=OPENGL32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30612328.1434: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff11ce0000 'C:\WINDOWS\system32\OPENGL32.dll'
30622328.1434: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ffe0000 'C:\WINDOWS\system32\gdi32.dll'
30632328.1434: \Device\HarddiskVolume3\Windows\System32\ig4icd64.dll: Owner is administrators group.
30642328.1434: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
30652328.1434: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
30662328.1434: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
30672328.1434: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
30682328.1434: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
30692328.1434: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
30702328.1434: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ig4icd64.dll) WinVerifyTrust
30712328.1434: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ig4icd64.dll
30722328.1434: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
30732328.1434: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
30742328.1434: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
30752328.1434: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
30762328.1434: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
30772328.1434: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
30782328.1434: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
30792328.1434: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
30802328.1434: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
30812328.1434: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\ig4icd64.dll (Input=ig4icd64.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30822328.1434: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ig4icd64.dll
30832328.1434: supR3HardenedDllNotificationCallback: load 00007ffefe270000 LB 0x00c84000 C:\WINDOWS\system32\ig4icd64.dll [fFlags=0x0]
30842328.1434: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ig4icd64.dll
30852328.1434: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ffe0000 'C:\WINDOWS\system32\gdi32.dll'
30862328.1434: supR3HardenedDllNotificationCallback: Unload 00007ffefe270000 LB 0x00c84000 C:\WINDOWS\system32\ig4icd64.dll [flags=0x0]
30872328.1434: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000142 'C:\WINDOWS\system32\ig4icd64.dll'
30882328.1434: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
30892328.1434: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\OPENGL32.dll (Input=OPENGL32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30902328.1434: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff11ce0000 'C:\WINDOWS\system32\OPENGL32.dll'
30912328.1434: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff11ce0000 'C:\WINDOWS\system32\OPENGL32.dll'
30922328.1434: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff11ce0000 'C:\WINDOWS\system32\OPENGL32.dll'
30932328.1434: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff11ce0000 'C:\WINDOWS\system32\OPENGL32.dll'
30942328.1434: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff11ce0000 'C:\WINDOWS\system32\OPENGL32.dll'
30952328.1434: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff11ce0000 'C:\WINDOWS\system32\OPENGL32.dll'
30962328.1ae8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
30972328.1ae8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
30982328.1ae8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
30992328.1ae8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
31002328.1ae8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
31012328.1ae8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
31022328.1ae8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
31032328.1ae8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
31042328.1ae8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
31052328.1ae8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
31062328.1ae8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
31072328.1ae8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
31082328.1ae8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
31092328.1ae8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
31102328.1ae8: supR3HardenedDllNotificationCallback: load 00007fff26670000 LB 0x0000f000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
31112328.1ae8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
31122328.1ae8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff26670000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
31132328.bb0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
31142328.bb0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
31152328.bb0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
31162328.bb0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
31172328.bb0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
31182328.bb0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
31192328.bb0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
31202328.bb0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
31212328.bb0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
31222328.bb0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
31232328.bb0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
31242328.bb0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
31252328.bb0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
31262328.bb0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
31272328.bb0: supR3HardenedDllNotificationCallback: load 00007fff25d90000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
31282328.bb0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
31292328.bb0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff25d90000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
31302328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff30260000 'C:\WINDOWS\system32/Shell32.dll'
31312328.1fd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
31322328.1fd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
31332328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff06150000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
31342328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
31352328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
31362328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
31372328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
31382328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
31392328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
31402328.1fd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll) WinVerifyTrust
31412328.1fd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
31422328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
31432328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
31442328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
31452328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
31462328.1fd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
31472328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
31482328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
31492328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
31502328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
31512328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
31522328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
31532328.1fd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
31542328.1fd4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
31552328.1fd4: supR3HardenedDllNotificationCallback: load 00007fff13340000 LB 0x00033000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
31562328.1fd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
31572328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff13340000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxHostWebcam.DLL'
31582328.1fd4: supR3HardenedDllNotificationCallback: Unload 00007fff13340000 LB 0x00033000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
31592328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
31602328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
31612328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
31622328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
31632328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
31642328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
31652328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
31662328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
31672328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
31682328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
31692328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
31702328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
31712328.1fd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
31722328.1fd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
31732328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
31742328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
31752328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
31762328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
31772328.1fd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
31782328.1fd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
31792328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
31802328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
31812328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
31822328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
31832328.1fd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
31842328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
31852328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
31862328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
31872328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
31882328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'cfgmgr32.dll'.
31892328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
31902328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
31912328.1fd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\setupapi.dll) WinVerifyTrust
31922328.1fd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\setupapi.dll
31932328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
31942328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
31952328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
31962328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
31972328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
31982328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
31992328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
32002328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
32012328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
32022328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
32032328.1fd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust]
32042328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
32052328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
32062328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
32072328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
32082328.1fd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
32092328.1fd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
32102328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
32112328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
32122328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
32132328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
32142328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
32152328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
32162328.1fd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
32172328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
32182328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
32192328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
32202328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
32212328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
32222328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
32232328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
32242328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'newdev.dll'.
32252328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
32262328.1fd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
32272328.1fd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
32282328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
32292328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
32302328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
32312328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
32322328.1fd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
32332328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
32342328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
32352328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
32362328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
32372328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'newdev.dll'...
32382328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'newdev.dll' -> '\Device\HarddiskVolume3\Windows\System32\newdev.dll' [rcNtRedir=0xc0150008]
32392328.1fd4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e64 pwszName=\Device\HarddiskVolume3\Windows\System32\newdev.dll
32402328.1fd4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000a01b40
32412328.1fd4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000a01b40
32422328.1fd4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=668FD39FDE68075AB44D78A92AF8BD445DF77C1A
32432328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
32442328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
32452328.1fd4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-base~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\newdev.dll'
32462328.1fd4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
32472328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
32482328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
32492328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'gdi32.dll'.
32502328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'uxtheme.dll'.
32512328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'cfgmgr32.dll'.
32522328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'setupapi.dll'.
32532328.1fd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\newdev.dll) WinVerifyTrust
32542328.1fd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\newdev.dll
32552328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
32562328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
32572328.1fd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
32582328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
32592328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
32602328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
32612328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
32622328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
32632328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
32642328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
32652328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
32662328.1fd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
32672328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
32682328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
32692328.1fd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll [redoing WinVerifyTrust]
32702328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
32712328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
32722328.1fd4: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'
32732328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uxtheme.dll'...
32742328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'uxtheme.dll' -> '\Device\HarddiskVolume3\Windows\System32\uxtheme.dll' [rcNtRedir=0xc0150008]
32752328.1fd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
32762328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
32772328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
32782328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
32792328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
32802328.1fd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
32812328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
32822328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
32832328.1fd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32842328.1fd4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
32852328.1fd4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
32862328.1fd4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
32872328.1fd4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
32882328.1fd4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\newdev.dll
32892328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
32902328.1fd4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\devrtl.dll)
32912328.1fd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\devrtl.dll
32922328.1fd4: supR3HardenedDllNotificationCallback: load 00007fff2fbb0000 LB 0x00429000 C:\WINDOWS\system32\SETUPAPI.dll [fFlags=0x0]
32932328.1fd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
32942328.1fd4: supR3HardenedDllNotificationCallback: load 00007fff1f7d0000 LB 0x00013000 C:\WINDOWS\SYSTEM32\devrtl.DLL [fFlags=0x0]
32952328.1fd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\devrtl.dll [avoiding WinVerifyTrust]
32962328.1fd4: supR3HardenedDllNotificationCallback: load 00007fff24b70000 LB 0x00082000 C:\WINDOWS\SYSTEM32\newdev.dll [fFlags=0x0]
32972328.1fd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\newdev.dll
32982328.1fd4: supR3HardenedDllNotificationCallback: load 00007fff1dfd0000 LB 0x00061000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
32992328.1fd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
33002328.1fd4: supR3HardenedDllNotificationCallback: load 00007fff13340000 LB 0x00035000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
33012328.1fd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
33022328.1fd4: supR3HardenedDllNotificationCallback: load 00007fff29980000 LB 0x00038000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
33032328.1fd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
33042328.1fd4: supR3HardenedDllNotificationCallback: load 00007fff00530000 LB 0x008e4000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
33052328.1fd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
33062328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff00530000 'C:\Program Files\Oracle\VirtualBox/VBoxDD.DLL'
33072328.1fd4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e50 pwszName=\Device\HarddiskVolume3\Windows\System32\devrtl.dll
33082328.1fd4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000a01b40
33092328.1fd4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000a01b40
33102328.1fd4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9566730BDA7E6EB3E1397940D3DD3BA80C5317F3
33112328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
33122328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
33132328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
33142328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
33152328.1fd4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-base~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\devrtl.dll'
33162328.1fd4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
33172328.1fd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\devrtl.dll'
33182328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
33192328.1fd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
33202328.1fd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33212328.1fd4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
33222328.1fd4: supR3HardenedDllNotificationCallback: load 00007fff12eb0000 LB 0x00033000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
33232328.1fd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
33242328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff12eb0000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxHostWebcam.DLL'
33252328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
33262328.1fd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
33272328.1fd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33282328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef49d0000 'C:\Program Files\Oracle\VirtualBox/VBoxC.DLL'
33292328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
33302328.1fd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
33312328.1fd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33322328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff13340000 'C:\Program Files\Oracle\VirtualBox/VBoxDD2.DLL'
33332328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
33342328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
33352328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
33362328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
33372328.1fd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll) WinVerifyTrust
33382328.1fd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
33392328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
33402328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
33412328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
33422328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
33432328.1fd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxEhciR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33442328.1fd4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
33452328.1fd4: supR3HardenedDllNotificationCallback: load 00007fff1f110000 LB 0x0001f000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [fFlags=0x0]
33462328.1fd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
33472328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f110000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxEhciR3.DLL'
33482328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
33492328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
33502328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
33512328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
33522328.1fd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll) WinVerifyTrust
33532328.1fd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
33542328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
33552328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
33562328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
33572328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
33582328.1fd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxUsbCardReaderR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33592328.1fd4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
33602328.1fd4: supR3HardenedDllNotificationCallback: load 00007fff1f030000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [fFlags=0x0]
33612328.1fd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
33622328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f030000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxUsbCardReaderR3.DLL'
33632328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
33642328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
33652328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
33662328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
33672328.1fd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll) WinVerifyTrust
33682328.1fd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
33692328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
33702328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
33712328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
33722328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
33732328.1fd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxUsbWebcamR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33742328.1fd4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
33752328.1fd4: supR3HardenedDllNotificationCallback: load 00007fff1bc00000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [fFlags=0x0]
33762328.1fd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
33772328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1bc00000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxUsbWebcamR3.DLL'
33782328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
33792328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
33802328.a94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
33812328.a94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
33822328.a94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
33832328.a94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
33842328.a94: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
33852328.a94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
33862328.a94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
33872328.a94: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
33882328.a94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
33892328.a94: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
33902328.a94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
33912328.a94: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
33922328.a94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33932328.a94: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
33942328.a94: supR3HardenedDllNotificationCallback: load 00007fff24a90000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
33952328.a94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
33962328.a94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff24a90000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
33972328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff06150000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
33982328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
33992328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
34002328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
34012328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
34022328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
34032328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
34042328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
34052328.1fd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll) WinVerifyTrust
34062328.1fd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
34072328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
34082328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
34092328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
34102328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
34112328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
34122328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
34132328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
34142328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
34152328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
34162328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
34172328.1fd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VDPluginCrypt.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
34182328.1fd4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
34192328.1fd4: supR3HardenedDllNotificationCallback: load 00007fff1d440000 LB 0x000c4000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL [fFlags=0x0]
34202328.1fd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
34212328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1d440000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VDPluginCrypt.DLL'
34222328.1fd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
34232328.1fd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32/Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
34242328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff29980000 'C:\WINDOWS\system32/Iphlpapi.dll'
34252328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
34262328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
34272328.1fd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winnsi.dll)
34282328.1fd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winnsi.dll
34292328.1fd4: supR3HardenedDllNotificationCallback: load 00007fff31ae0000 LB 0x00008000 C:\WINDOWS\system32\NSI.dll [fFlags=0x0]
34302328.1fd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\nsi.dll)
34312328.1fd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\nsi.dll
34322328.1fd4: supR3HardenedDllNotificationCallback: load 00007fff29920000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\WINNSI.DLL [fFlags=0x0]
34332328.1fd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winnsi.dll [avoiding WinVerifyTrust]
34342328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
34352328.1fd4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll)
34362328.1fd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll
34372328.1fd4: supR3HardenedDllNotificationCallback: load 00007fff291e0000 LB 0x00016000 C:\WINDOWS\SYSTEM32\dhcpcsvc6.DLL [fFlags=0x0]
34382328.1fd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll [avoiding WinVerifyTrust]
34392328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
34402328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
34412328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'nsi.dll'.
34422328.1fd4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll)
34432328.1fd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll
34442328.1fd4: supR3HardenedDllNotificationCallback: load 00007fff291c0000 LB 0x0001a000 C:\WINDOWS\SYSTEM32\dhcpcsvc.DLL [fFlags=0x0]
34452328.1fd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll [avoiding WinVerifyTrust]
34462328.1fd4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001058 pwszName=\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll
34472328.1fd4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000a01b40
34482328.1fd4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000a01b40
34492328.1fd4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1B252225ADEF97FEC2943324DF61B5FDC9AB3A05
34502328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
34512328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
34522328.1fd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll [lacks WinVerifyTrust]
34532328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
34542328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
34552328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
34562328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
34572328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
34582328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
34592328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
34602328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
34612328.1fd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll [lacks WinVerifyTrust]
34622328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
34632328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
34642328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
34652328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
34662328.1fd4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-CoreSystem-minio-Package~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll'
34672328.1fd4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
34682328.1fd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll'
34692328.1fd4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000104c pwszName=\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll
34702328.1fd4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000a01b40
34712328.1fd4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000a01b40
34722328.1fd4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C2FEBD2E98F4EB4C528973059B9FC09175BAA914
34732328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
34742328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
34752328.1fd4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-CoreSystem-minio-Package~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll'
34762328.1fd4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
34772328.1fd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll'
34782328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
34792328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
34802328.1fd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\nsi.dll'
34812328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
34822328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
34832328.1fd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\winnsi.dll'
34842328.1fd4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000010f4 pwszName=\Device\HarddiskVolume3\Windows\System32\dsound.dll
34852328.1fd4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000a01b40
34862328.1fd4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000a01b40
34872328.1fd4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5C46CF6D8C425A34B7EDE4E8FD0F2E4A8182CBB1
34882328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
34892328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
34902328.1fd4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SKU-Foundation-Package-avcore-noindeo-Group-avcore-Package~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\dsound.dll'
34912328.1fd4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
34922328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
34932328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'advapi32.dll'.
34942328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
34952328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'winmm.dll'.
34962328.1fd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dsound.dll) WinVerifyTrust
34972328.1fd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dsound.dll
34982328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
34992328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
35002328.1fd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
35012328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
35022328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
35032328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
35042328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
35052328.1fd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
35062328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
35072328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
35082328.1fd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32/dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
35092328.1fd4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
35102328.1fd4: supR3HardenedDllNotificationCallback: load 00007fff12950000 LB 0x0009c000 C:\WINDOWS\system32\dsound.dll [fFlags=0x0]
35112328.1fd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
35122328.1fd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
35132328.1fd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
35142328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff12950000 'C:\WINDOWS\system32\dsound.dll'
35152328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff12950000 'C:\WINDOWS\system32/dsound.dll'
35162328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
35172328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
35182328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
35192328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
35202328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'devobj.dll'.
35212328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'propsys.dll'.
35222328.1fd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll) WinVerifyTrust
35232328.1fd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
35242328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
35252328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume3\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
35262328.1fd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
35272328.1fd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
35282328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
35292328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
35302328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
35312328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
35322328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
35332328.1fd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\propsys.dll) WinVerifyTrust
35342328.1fd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\propsys.dll
35352328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
35362328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume3\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
35372328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
35382328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
35392328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
35402328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
35412328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
35422328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
35432328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
35442328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
35452328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
35462328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'cfgmgr32.dll'.
35472328.1fd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\devobj.dll) WinVerifyTrust
35482328.1fd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\devobj.dll
35492328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
35502328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
35512328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
35522328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
35532328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
35542328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
35552328.1fd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
35562328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
35572328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
35582328.1fd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
35592328.1fd4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
35602328.1fd4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devobj.dll
35612328.1fd4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\propsys.dll
35622328.1fd4: supR3HardenedDllNotificationCallback: load 00007fff2d570000 LB 0x00027000 C:\WINDOWS\System32\DEVOBJ.dll [fFlags=0x0]
35632328.1fd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devobj.dll
35642328.1fd4: supR3HardenedDllNotificationCallback: load 00007fff2caa0000 LB 0x00186000 C:\WINDOWS\System32\PROPSYS.dll [fFlags=0x0]
35652328.1fd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\propsys.dll
35662328.1fd4: supR3HardenedDllNotificationCallback: load 00007fff2b3f0000 LB 0x00070000 C:\WINDOWS\System32\MMDevApi.dll [fFlags=0x0]
35672328.1fd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
35682328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2b3f0000 'C:\WINDOWS\System32\MMDevApi.dll'
35692328.1fd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
35702328.1fd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
35712328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2b3f0000 'C:\WINDOWS\system32\MMDEVAPI.DLL'
35722328.1fd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
35732328.1fd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
35742328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2d2e0000 'C:\WINDOWS\system32\winmm.dll'
35752328.1fd4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001144 pwszName=\Device\HarddiskVolume3\Windows\System32\wdmaud.drv
35762328.1fd4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000a01b40
35772328.1fd4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000a01b40
35782328.1fd4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0E241BE9D4F52A26C9ED7BD86312051FE44DA417
35792328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
35802328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
35812328.1fd4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Multimedia-MMECoreWdmAudio-Package~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\wdmaud.drv'
35822328.1fd4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
35832328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
35842328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'ksuser.dll'.
35852328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'user32.dll'.
35862328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'winmm.dll'.
35872328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'avrt.dll'.
35882328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'mmdevapi.dll'.
35892328.1fd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wdmaud.drv) WinVerifyTrust
35902328.1fd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
35912328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
35922328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
35932328.1fd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
35942328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
35952328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
35962328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
35972328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
35982328.1fd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\avrt.dll) WinVerifyTrust
35992328.1fd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\avrt.dll
36002328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
36012328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
36022328.1fd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
36032328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
36042328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
36052328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
36062328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume3\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
36072328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
36082328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
36092328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
36102328.1fd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ksuser.dll) WinVerifyTrust
36112328.1fd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ksuser.dll
36122328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
36132328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
36142328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
36152328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
36162328.1fd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
36172328.1fd4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
36182328.1fd4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ksuser.dll
36192328.1fd4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\avrt.dll
36202328.1fd4: supR3HardenedDllNotificationCallback: load 00007fff2d350000 LB 0x00008000 C:\WINDOWS\SYSTEM32\ksuser.dll [fFlags=0x0]
36212328.1fd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ksuser.dll
36222328.1fd4: supR3HardenedDllNotificationCallback: load 00007fff2bb00000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\AVRT.dll [fFlags=0x0]
36232328.1fd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\avrt.dll
36242328.1fd4: supR3HardenedDllNotificationCallback: load 00007fff29790000 LB 0x00042000 C:\WINDOWS\system32\wdmaud.drv [fFlags=0x0]
36252328.1fd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
36262328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff29790000 'C:\WINDOWS\system32\wdmaud.drv'
36272328.1fd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
36282328.1fd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
36292328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff29790000 'C:\WINDOWS\system32\wdmaud.drv'
36302328.1fd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
36312328.1fd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
36322328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff29790000 'C:\WINDOWS\system32\wdmaud.drv'
36332328.1fd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
36342328.1fd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
36352328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff29790000 'C:\WINDOWS\system32\wdmaud.drv'
36362328.1fd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
36372328.1fd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
36382328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff29790000 'C:\WINDOWS\system32\wdmaud.drv'
36392328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
36402328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
36412328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
36422328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
36432328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
36442328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'mmdevapi.dll'.
36452328.1fd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\AudioSes.dll) WinVerifyTrust
36462328.1fd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\AudioSes.dll
36472328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
36482328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
36492328.1fd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
36502328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
36512328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
36522328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
36532328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
36542328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
36552328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
36562328.1fd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
36572328.1fd4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\AudioSes.dll
36582328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
36592328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'combase.dll'.
36602328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
36612328.1fd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\WinTypes.dll)
36622328.1fd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\WinTypes.dll
36632328.1fd4: supR3HardenedDllNotificationCallback: load 00007fff29e80000 LB 0x00136000 C:\WINDOWS\SYSTEM32\wintypes.dll [fFlags=0x0]
36642328.1fd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust]
36652328.1fd4: supR3HardenedDllNotificationCallback: load 00007fff293b0000 LB 0x00088000 C:\WINDOWS\system32\AUDIOSES.DLL [fFlags=0x0]
36662328.1fd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\AudioSes.dll
36672328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff293b0000 'C:\WINDOWS\system32\AUDIOSES.DLL'
36682328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
36692328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
36702328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
36712328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
36722328.1fd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll
36732328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
36742328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
36752328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
36762328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
36772328.1fd4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\WinTypes.dll'
36782328.1fd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
36792328.1fd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
36802328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff29790000 'C:\WINDOWS\system32\wdmaud.drv'
36812328.1fd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
36822328.1fd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
36832328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff29790000 'C:\WINDOWS\system32\wdmaud.drv'
36842328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff29790000 'C:\WINDOWS\system32\wdmaud.drv'
36852328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff29790000 'C:\WINDOWS\system32\wdmaud.drv'
36862328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff29790000 'C:\WINDOWS\system32\wdmaud.drv'
36872328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff29790000 'C:\WINDOWS\system32\wdmaud.drv'
36882328.1fd4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000105c pwszName=\Device\HarddiskVolume3\Windows\System32\msacm32.drv
36892328.1fd4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000a01b40
36902328.1fd4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000a01b40
36912328.1fd4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7E2C15A147F336A77E08F63DA2B7DC249BAC5291
36922328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
36932328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
36942328.1fd4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SKU-Foundation-Package-avcore-noindeo-Group-avcore-Package~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\msacm32.drv'
36952328.1fd4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
36962328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
36972328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'mmdevapi.dll'.
36982328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msacm32.dll'.
36992328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'user32.dll'.
37002328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'winmm.dll'.
37012328.1fd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msacm32.drv) WinVerifyTrust
37022328.1fd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msacm32.drv
37032328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
37042328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
37052328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
37062328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
37072328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
37082328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
37092328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
37102328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
37112328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
37122328.1fd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msacm32.dll) WinVerifyTrust
37132328.1fd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msacm32.dll
37142328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
37152328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
37162328.1fd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
37172328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
37182328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
37192328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
37202328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
37212328.1fd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
37222328.1fd4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
37232328.1fd4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.dll
37242328.1fd4: supR3HardenedDllNotificationCallback: load 00007fff2d320000 LB 0x0001c000 C:\WINDOWS\SYSTEM32\MSACM32.dll [fFlags=0x0]
37252328.1fd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.dll
37262328.1fd4: supR3HardenedDllNotificationCallback: load 00007fff2d340000 LB 0x0000c000 C:\WINDOWS\system32\msacm32.drv [fFlags=0x0]
37272328.1fd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
37282328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2d340000 'C:\WINDOWS\system32\msacm32.drv'
37292328.1fd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
37302328.1fd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
37312328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2d340000 'C:\WINDOWS\system32\msacm32.drv'
37322328.1fd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
37332328.1fd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
37342328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2d340000 'C:\WINDOWS\system32\msacm32.drv'
37352328.1fd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
37362328.1fd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
37372328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2d340000 'C:\WINDOWS\system32\msacm32.drv'
37382328.1fd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
37392328.1fd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
37402328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2d340000 'C:\WINDOWS\system32\msacm32.drv'
37412328.1fd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
37422328.1fd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
37432328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2d340000 'C:\WINDOWS\system32\msacm32.drv'
37442328.1fd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
37452328.1fd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
37462328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2d340000 'C:\WINDOWS\system32\msacm32.drv'
37472328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2d340000 'C:\WINDOWS\system32\msacm32.drv'
37482328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2d340000 'C:\WINDOWS\system32\msacm32.drv'
37492328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2d340000 'C:\WINDOWS\system32\msacm32.drv'
37502328.1fd4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001118 pwszName=\Device\HarddiskVolume3\Windows\System32\midimap.dll
37512328.1fd4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000a01b40
37522328.1fd4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000a01b40
37532328.1fd4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=92C5FAE1499C6920F25025123B65102443C15281
37542328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
37552328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
37562328.1fd4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SKU-Foundation-Package-avcore-noindeo-Group-avcore-Package~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\midimap.dll'
37572328.1fd4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
37582328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
37592328.1fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'winmm.dll'.
37602328.1fd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\midimap.dll) WinVerifyTrust
37612328.1fd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\midimap.dll
37622328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
37632328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
37642328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
37652328.1fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
37662328.1fd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
37672328.1fd4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
37682328.1fd4: supR3HardenedDllNotificationCallback: load 00007fff299e0000 LB 0x0000a000 C:\WINDOWS\system32\midimap.dll [fFlags=0x0]
37692328.1fd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
37702328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff299e0000 'C:\WINDOWS\system32\midimap.dll'
37712328.1fd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
37722328.1fd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
37732328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff299e0000 'C:\WINDOWS\system32\midimap.dll'
37742328.1fd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
37752328.1fd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
37762328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff299e0000 'C:\WINDOWS\system32\midimap.dll'
37772328.1fd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
37782328.1fd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
37792328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff299e0000 'C:\WINDOWS\system32\midimap.dll'
37802328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2d2e0000 'C:\WINDOWS\system32\winmm.dll'
37812328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2d2e0000 'C:\WINDOWS\system32\winmm.dll'
37822328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2d2e0000 'C:\WINDOWS\system32\winmm.dll'
37832328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2d2e0000 'C:\WINDOWS\system32\winmm.dll'
37842328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2d2e0000 'C:\WINDOWS\system32\winmm.dll'
37852328.1fd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
37862328.1fd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
37872328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2d2e0000 'C:\WINDOWS\system32\winmm.dll'
37882328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2d2e0000 'C:\WINDOWS\system32\winmm.dll'
37892328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2d2e0000 'C:\WINDOWS\system32\winmm.dll'
37902328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2d2e0000 'C:\WINDOWS\system32\winmm.dll'
37912328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2d2e0000 'C:\WINDOWS\system32\winmm.dll'
37922328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2d2e0000 'C:\WINDOWS\system32\winmm.dll'
37932328.1fd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
37942328.1fd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
37952328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff12950000 'C:\WINDOWS\System32\dsound.dll'
37962328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2d2e0000 'C:\WINDOWS\system32\winmm.dll'
37972328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2d2e0000 'C:\WINDOWS\system32\winmm.dll'
37982328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2d2e0000 'C:\WINDOWS\system32\winmm.dll'
37992328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff06150000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
38002328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
38012328.1fd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
38022328.1fd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32/kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
38032328.1fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff301b0000 'C:\WINDOWS\system32/kernel32.dll'
38042328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff30260000 'C:\WINDOWS\system32\shell32.dll'
38052328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff30260000 'C:\WINDOWS\system32\shell32.dll'
38062328.2154: '\Device\HarddiskVolume3\Windows\System32\tzres.dll' has no imports
38072328.2154: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\tzres.dll)
38082328.2154: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\tzres.dll
38092328.2154: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\tzres.dll [avoiding WinVerifyTrust]
38102328.2154: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000012c8 pwszName=\Device\HarddiskVolume3\Windows\System32\tzres.dll
38112328.2154: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000a01b40
38122328.2154: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000a01b40
38132328.2154: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ebe0000 'C:\Windows\System32\WINTRUST.DLL'
38142328.2154: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\CRYPT32.dll'
38152328.2154: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=97A9AAA41AAA9A3C41392C579FD1454246CD6A04
38162328.2154: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
38172328.2154: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
38182328.2154: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1f670000 'C:\Windows\System32\cryptnet.dll'
38192328.2154: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-base~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\tzres.dll'
38202328.2154: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
38212328.2154: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\tzres.dll'
38222328.2154: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e1c0000 'C:\WINDOWS\system32\rsaenh.dll'
38232328.2154: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2ec40000 'C:\WINDOWS\system32\crypt32.dll'
38242328.2154: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
38252328.2154: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
38262328.2154: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\mswsock.dll) WinVerifyTrust
38272328.2154: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\mswsock.dll
38282328.2154: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
38292328.2154: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
38302328.2154: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
38312328.2154: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
38322328.2154: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\mswsock.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
38332328.2154: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mswsock.dll
38342328.2154: supR3HardenedDllNotificationCallback: load 00007fff2e480000 LB 0x0005c000 C:\WINDOWS\system32\mswsock.dll [fFlags=0x0]
38352328.2154: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mswsock.dll
38362328.2154: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2e480000 'C:\WINDOWS\system32\mswsock.dll'
38372328.1dd0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\avrt.dll
38382328.1dd0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\avrt.dll (Input=avrt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
38392328.1dd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2bb00000 'C:\WINDOWS\system32\avrt.dll'
38402328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff2f930000 'C:\WINDOWS\system32\user32.dll'
38412328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff30260000 'C:\WINDOWS\system32\shell32.dll'
38422328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff30260000 'C:\WINDOWS\system32\shell32.dll'
38432328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff30260000 'C:\WINDOWS\system32\shell32.dll'
38442328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff30260000 'C:\WINDOWS\system32\shell32.dll'
38452328.1e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
38462328.1e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
38472328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff30260000 'C:\WINDOWS\system32\shell32.dll'
38482328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff30260000 'C:\WINDOWS\system32\shell32.dll'
38492328.1e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff30260000 'C:\WINDOWS\system32\shell32.dll'

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy