VirtualBox

Ticket #15123: VBoxHardening.log

File VBoxHardening.log, 377.6 KB (added by OTonn, 9 years ago)

Hardening-log of VBox

Line 
11c2c.2398: Log file opened: 5.0.14r105127 g_hStartupLog=0000000000000010 g_uNtVerCombined=0x63258000
21c2c.2398: \SystemRoot\System32\ntdll.dll:
31c2c.2398: CreationTime: 2016-01-14T20:29:19.397779000Z
41c2c.2398: LastWriteTime: 2015-12-30T19:32:15.583581100Z
51c2c.2398: ChangeTime: 2016-01-16T14:22:57.724733700Z
61c2c.2398: FileAttributes: 0x20
71c2c.2398: Size: 0x1a7958
81c2c.2398: NT Headers: 0xd8
91c2c.2398: Timestamp: 0x5683f0c5
101c2c.2398: Machine: 0x8664 - amd64
111c2c.2398: Timestamp: 0x5683f0c5
121c2c.2398: Image Version: 6.3
131c2c.2398: SizeOfImage: 0x1ac000 (1753088)
141c2c.2398: Resource Dir: 0x148000 LB 0x624a0
151c2c.2398: ProductName: Microsoft® Windows® Operating System
161c2c.2398: ProductVersion: 6.3.9600.18185
171c2c.2398: FileVersion: 6.3.9600.18185 (winblue_ltsb.151230-0600)
181c2c.2398: FileDescription: NT Layer DLL
191c2c.2398: \SystemRoot\System32\kernel32.dll:
201c2c.2398: CreationTime: 2014-11-21T04:04:49.262835200Z
211c2c.2398: LastWriteTime: 2014-11-21T04:04:49.309710800Z
221c2c.2398: ChangeTime: 2015-12-17T07:33:57.271148500Z
231c2c.2398: FileAttributes: 0x20
241c2c.2398: Size: 0x13fc30
251c2c.2398: NT Headers: 0xf8
261c2c.2398: Timestamp: 0x545054ca
271c2c.2398: Machine: 0x8664 - amd64
281c2c.2398: Timestamp: 0x545054ca
291c2c.2398: Image Version: 6.3
301c2c.2398: SizeOfImage: 0x13e000 (1302528)
311c2c.2398: Resource Dir: 0x12e000 LB 0x518
321c2c.2398: ProductName: Microsoft® Windows® Operating System
331c2c.2398: ProductVersion: 6.3.9600.17415
341c2c.2398: FileVersion: 6.3.9600.17415 (winblue_r4.141028-1500)
351c2c.2398: FileDescription: Windows NT BASE API Client DLL
361c2c.2398: \SystemRoot\System32\KernelBase.dll:
371c2c.2398: CreationTime: 2015-11-27T09:34:21.580371800Z
381c2c.2398: LastWriteTime: 2015-11-27T09:34:21.595997600Z
391c2c.2398: ChangeTime: 2015-12-17T07:33:57.333663300Z
401c2c.2398: FileAttributes: 0x20
411c2c.2398: Size: 0x1150a0
421c2c.2398: NT Headers: 0xf0
431c2c.2398: Timestamp: 0x55c4c341
441c2c.2398: Machine: 0x8664 - amd64
451c2c.2398: Timestamp: 0x55c4c341
461c2c.2398: Image Version: 6.3
471c2c.2398: SizeOfImage: 0x115000 (1134592)
481c2c.2398: Resource Dir: 0x110000 LB 0x3530
491c2c.2398: ProductName: Microsoft® Windows® Operating System
501c2c.2398: ProductVersion: 6.3.9600.18007
511c2c.2398: FileVersion: 6.3.9600.18007 (winblue_ltsb.150807-0612)
521c2c.2398: FileDescription: Windows NT BASE API Client DLL
531c2c.2398: \SystemRoot\System32\apisetschema.dll:
541c2c.2398: CreationTime: 2013-08-22T12:13:09.745625900Z
551c2c.2398: LastWriteTime: 2013-08-22T12:35:12.091034400Z
561c2c.2398: ChangeTime: 2015-12-17T07:30:45.674299400Z
571c2c.2398: FileAttributes: 0x20
581c2c.2398: Size: 0x11360
591c2c.2398: NT Headers: 0xd0
601c2c.2398: Timestamp: 0x52160049
611c2c.2398: Machine: 0x8664 - amd64
621c2c.2398: Timestamp: 0x52160049
631c2c.2398: Image Version: 6.3
641c2c.2398: SizeOfImage: 0x13000 (77824)
651c2c.2398: Resource Dir: 0x11000 LB 0x3f8
661c2c.2398: ProductName: Microsoft® Windows® Operating System
671c2c.2398: ProductVersion: 6.3.9600.16384
681c2c.2398: FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
691c2c.2398: FileDescription: ApiSet Schema DLL
701c2c.2398: NtOpenDirectoryObject failed on \Driver: 0xc0000022
711c2c.2398: supR3HardenedWinFindAdversaries: 0x8
721c2c.2398: \SystemRoot\System32\drivers\tmcomm.sys:
731c2c.2398: CreationTime: 2013-10-31T09:53:18.000000000Z
741c2c.2398: LastWriteTime: 2013-10-31T09:53:18.000000000Z
751c2c.2398: ChangeTime: 2015-12-17T20:17:24.119650000Z
761c2c.2398: FileAttributes: 0x20
771c2c.2398: Size: 0x45e18
781c2c.2398: NT Headers: 0xf8
791c2c.2398: Timestamp: 0x5271c5f6
801c2c.2398: Machine: 0x8664 - amd64
811c2c.2398: Timestamp: 0x5271c5f6
821c2c.2398: Image Version: 6.0
831c2c.2398: SizeOfImage: 0x49000 (299008)
841c2c.2398: Resource Dir: 0x47000 LB 0x760
851c2c.2398: ProductName: Trend Micro Eyes
861c2c.2398: ProductVersion: 6.20
871c2c.2398: FileVersion: 6.20.0.1004
881c2c.2398: SpecialBuild: 1004
891c2c.2398: PrivateBuild: Build 1004 - 10/31/2013
901c2c.2398: FileDescription: TrendMicro Common Module
911c2c.2398: \SystemRoot\System32\drivers\tmactmon.sys:
921c2c.2398: CreationTime: 2014-01-23T16:57:44.000000000Z
931c2c.2398: LastWriteTime: 2014-01-23T16:57:44.000000000Z
941c2c.2398: ChangeTime: 2015-12-17T20:17:24.135258900Z
951c2c.2398: FileAttributes: 0x20
961c2c.2398: Size: 0x14f98
971c2c.2398: NT Headers: 0xe0
981c2c.2398: Timestamp: 0x52e0e760
991c2c.2398: Machine: 0x8664 - amd64
1001c2c.2398: Timestamp: 0x52e0e760
1011c2c.2398: Image Version: 6.0
1021c2c.2398: SizeOfImage: 0x1d000 (118784)
1031c2c.2398: Resource Dir: 0x1b000 LB 0x4d0
1041c2c.2398: ProductName: Trend Micro AEGIS
1051c2c.2398: ProductVersion: 2.97
1061c2c.2398: FileVersion: 2.97.0.1117
1071c2c.2398: SpecialBuild: 1117
1081c2c.2398: PrivateBuild: Build 1117 - 1/23/2014
1091c2c.2398: FileDescription: TrendMicro Activity Monitor Module
1101c2c.2398: \SystemRoot\System32\drivers\tmevtmgr.sys:
1111c2c.2398: CreationTime: 2014-01-23T16:57:18.000000000Z
1121c2c.2398: LastWriteTime: 2014-01-23T16:57:18.000000000Z
1131c2c.2398: ChangeTime: 2015-12-17T20:17:24.119650000Z
1141c2c.2398: FileAttributes: 0x20
1151c2c.2398: Size: 0x10550
1161c2c.2398: NT Headers: 0xe0
1171c2c.2398: Timestamp: 0x52e0e759
1181c2c.2398: Machine: 0x8664 - amd64
1191c2c.2398: Timestamp: 0x52e0e759
1201c2c.2398: Image Version: 6.0
1211c2c.2398: SizeOfImage: 0x15000 (86016)
1221c2c.2398: Resource Dir: 0x13000 LB 0x4d0
1231c2c.2398: ProductName: Trend Micro AEGIS
1241c2c.2398: ProductVersion: 2.97
1251c2c.2398: FileVersion: 2.97.0.1117
1261c2c.2398: SpecialBuild: 1117
1271c2c.2398: PrivateBuild: Build 1117 - 1/23/2014
1281c2c.2398: FileDescription: TrendMicro Event Management Module
1291c2c.2398: \SystemRoot\System32\drivers\tmeevw.sys:
1301c2c.2398: CreationTime: 2013-08-15T16:54:54.000000000Z
1311c2c.2398: LastWriteTime: 2013-08-15T16:54:54.000000000Z
1321c2c.2398: ChangeTime: 2015-12-17T20:16:44.424113600Z
1331c2c.2398: FileAttributes: 0x20
1341c2c.2398: Size: 0x18b20
1351c2c.2398: NT Headers: 0xf0
1361c2c.2398: Timestamp: 0x520ca2f5
1371c2c.2398: Machine: 0x8664 - amd64
1381c2c.2398: Timestamp: 0x520ca2f5
1391c2c.2398: Image Version: 6.1
1401c2c.2398: SizeOfImage: 0x1e000 (122880)
1411c2c.2398: Resource Dir: 0x19000 LB 0x30d8
1421c2c.2398: ProductName: Trend Micro EagleEye
1431c2c.2398: ProductVersion: 1.5
1441c2c.2398: FileVersion: 1.5.0.1143
1451c2c.2398: SpecialBuild: 1143
1461c2c.2398: PrivateBuild: Build 1143 - 8/15/2013
1471c2c.2398: FileDescription: Trend Micro EagleEye Driver (VW) (amd64-fre)
1481c2c.2398: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
1491c2c.2398: Calling main()
1501c2c.2398: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
1511c2c.2398: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
1521c2c.2398: SUPR3HardenedMain: Respawn #1
1531c2c.2398: System32: \Device\HarddiskVolume5\Windows\System32
1541c2c.2398: WinSxS: \Device\HarddiskVolume5\Windows\WinSxS
1551c2c.2398: KnownDllPath: C:\Windows\system32
1561c2c.2398: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
1571c2c.2398: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe)
1581c2c.2398: supR3HardNtEnableThreadCreation:
1591c2c.2398: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffc7a3a8c00 pvNtTerminateThread=00007ffc7a421360
1601c2c.2398: supR3HardenedWinDoReSpawn(1): New child 1548.fd0 [kernel32].
1611c2c.2398: supR3HardNtChildGatherData: PebBaseAddress=00007ff657aaf000 cbPeb=0x388
1621c2c.2398: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffc7a390000 uNtDllChildAddr=00007ffc7a390000
1631c2c.2398: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffc7a3a8c00
1641c2c.2398: supR3HardenedWinSetupChildInit: Start child.
1651c2c.2398: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
1661c2c.2398: supR3HardNtChildPurify: Startup delay kludge #1/0: 515 ms, 32 sleeps
1671c2c.2398: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
1681c2c.2398: *0000000000000000-ffffffffffb8ffff 0x0001/0x0000 0x0000000
1691c2c.2398: *0000000000470000-000000000044ffff 0x0004/0x0004 0x0020000
1701c2c.2398: *0000000000490000-0000000000480fff 0x0002/0x0002 0x0040000
1711c2c.2398: 000000000049f000-000000000049dfff 0x0001/0x0000 0x0000000
1721c2c.2398: *00000000004a0000-00000000003a3fff 0x0000/0x0004 0x0020000
1731c2c.2398: 000000000059c000-0000000000598fff 0x0104/0x0004 0x0020000
1741c2c.2398: 000000000059f000-000000000059dfff 0x0004/0x0004 0x0020000
1751c2c.2398: *00000000005a0000-000000000059bfff 0x0002/0x0002 0x0040000
1761c2c.2398: 00000000005a4000-0000000000597fff 0x0001/0x0000 0x0000000
1771c2c.2398: *00000000005b0000-00000000005adfff 0x0004/0x0004 0x0020000
1781c2c.2398: 00000000005b2000-ffffffff80b83fff 0x0001/0x0000 0x0000000
1791c2c.2398: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
1801c2c.2398: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
1811c2c.2398: 000000007fff0000-ffff800aa855ffff 0x0001/0x0000 0x0000000
1821c2c.2398: *00007ff657a80000-00007ff657a5cfff 0x0002/0x0002 0x0040000
1831c2c.2398: 00007ff657aa3000-00007ff657a98fff 0x0001/0x0000 0x0000000
1841c2c.2398: *00007ff657aad000-00007ff657aaafff 0x0004/0x0004 0x0020000
1851c2c.2398: *00007ff657aaf000-00007ff657aadfff 0x0004/0x0004 0x0020000
1861c2c.2398: 00007ff657ab0000-00007ff65771ffff 0x0001/0x0000 0x0000000
1871c2c.2398: *00007ff657e40000-00007ff657e40fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
1881c2c.2398: 00007ff657e41000-00007ff657ec7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
1891c2c.2398: 00007ff657ec8000-00007ff657ec8fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
1901c2c.2398: 00007ff657ec9000-00007ff657f13fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
1911c2c.2398: 00007ff657f14000-00007ff657f14fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
1921c2c.2398: 00007ff657f15000-00007ff657f15fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
1931c2c.2398: 00007ff657f16000-00007ff657f1afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
1941c2c.2398: 00007ff657f1b000-00007ff657f1bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
1951c2c.2398: 00007ff657f1c000-00007ff657f1cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
1961c2c.2398: 00007ff657f1d000-00007ff657f20fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
1971c2c.2398: 00007ff657f21000-00007ff657f6bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
1981c2c.2398: 00007ff657f6c000-00007ff035b47fff 0x0001/0x0000 0x0000000
1991c2c.2398: *00007ffc7a390000-00007ffc7a390fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
2001c2c.2398: 00007ffc7a391000-00007ffc7a4bcfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
2011c2c.2398: 00007ffc7a4bd000-00007ffc7a4c2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
2021c2c.2398: 00007ffc7a4c3000-00007ffc7a4cffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
2031c2c.2398: 00007ffc7a4d0000-00007ffc7a4d0fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
2041c2c.2398: 00007ffc7a4d1000-00007ffc7a4d3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
2051c2c.2398: 00007ffc7a4d4000-00007ffc7a4d4fff 0x0010/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
2061c2c.2398: 00007ffc7a4d5000-00007ffc7a53bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
2071c2c.2398: 00007ffc7a53c000-00007ff8f4a97fff 0x0001/0x0000 0x0000000
2081c2c.2398: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
2091c2c.2398: VirtualBox.exe: timestamp 0x569e6712 (rc=VINF_SUCCESS)
2101c2c.2398: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
2111c2c.2398: '\Device\HarddiskVolume5\Windows\System32\ntdll.dll' has no imports
2121c2c.2398: supR3HardNtChildPurify: Done after 547 ms and 0 fixes (loop #0).
2131c2c.2398: supR3HardNtEnableThreadCreation:
2141548.fd0: Log file opened: 5.0.14r105127 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x63258000
2151548.fd0: supR3HardenedVmProcessInit: uNtDllAddr=00007ffc7a390000
2161548.fd0: ntdll.dll: timestamp 0x5683f0c5 (rc=VINF_SUCCESS)
2171548.fd0: New simple heap: #1 00000000006c0000 LB 0x400000 (for 1753088 allocation)
2181548.fd0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
2191548.fd0: System32: \Device\HarddiskVolume5\Windows\System32
2201548.fd0: WinSxS: \Device\HarddiskVolume5\Windows\WinSxS
2211548.fd0: KnownDllPath: C:\Windows\system32
2221548.fd0: supR3HardenedVmProcessInit: Opening vboxdrv stub...
2231548.fd0: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
2241548.fd0: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
2251548.fd0: Registered Dll notification callback with NTDLL.
2261548.fd0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\kernel32.dll)
2271548.fd0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\kernel32.dll
2281548.fd0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801:<flags> [calling]
2291548.fd0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
2301548.fd0: supR3HardenedDllNotificationCallback: load 00007ffc775b0000 LB 0x00115000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
2311548.fd0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\KernelBase.dll)
2321548.fd0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\KernelBase.dll
2331548.fd0: supR3HardenedDllNotificationCallback: load 00007ffc78340000 LB 0x0013e000 C:\Windows\system32\KERNEL32.DLL [fFlags=0x0]
2341548.fd0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
2351548.fd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc78340000 'C:\Windows\system32\KERNEL32.DLL'
2361548.fd0: supR3HardenedDllNotificationCallback: load 00007ff657e40000 LB 0x0012c000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
2371548.fd0: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
2381548.fd0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe)
2391548.fd0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
2401548.fd0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffc7a3a8c00 pvNtTerminateThread=00007ffc7a421360
2411c2c.2398: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 62 ms.
2421548.fd0: \SystemRoot\System32\ntdll.dll:
2431548.fd0: CreationTime: 2016-01-14T20:29:19.397779000Z
2441548.fd0: LastWriteTime: 2015-12-30T19:32:15.583581100Z
2451548.fd0: ChangeTime: 2016-01-16T14:22:57.724733700Z
2461548.fd0: FileAttributes: 0x20
2471548.fd0: Size: 0x1a7958
2481548.fd0: NT Headers: 0xd8
2491548.fd0: Timestamp: 0x5683f0c5
2501548.fd0: Machine: 0x8664 - amd64
2511548.fd0: Timestamp: 0x5683f0c5
2521548.fd0: Image Version: 6.3
2531548.fd0: SizeOfImage: 0x1ac000 (1753088)
2541548.fd0: Resource Dir: 0x148000 LB 0x624a0
2551548.fd0: ProductName: Microsoft® Windows® Operating System
2561548.fd0: ProductVersion: 6.3.9600.18185
2571548.fd0: FileVersion: 6.3.9600.18185 (winblue_ltsb.151230-0600)
2581548.fd0: FileDescription: NT Layer DLL
2591548.fd0: \SystemRoot\System32\kernel32.dll:
2601548.fd0: CreationTime: 2014-11-21T04:04:49.262835200Z
2611548.fd0: LastWriteTime: 2014-11-21T04:04:49.309710800Z
2621548.fd0: ChangeTime: 2015-12-17T07:33:57.271148500Z
2631548.fd0: FileAttributes: 0x20
2641548.fd0: Size: 0x13fc30
2651548.fd0: NT Headers: 0xf8
2661548.fd0: Timestamp: 0x545054ca
2671548.fd0: Machine: 0x8664 - amd64
2681548.fd0: Timestamp: 0x545054ca
2691548.fd0: Image Version: 6.3
2701548.fd0: SizeOfImage: 0x13e000 (1302528)
2711548.fd0: Resource Dir: 0x12e000 LB 0x518
2721548.fd0: ProductName: Microsoft® Windows® Operating System
2731548.fd0: ProductVersion: 6.3.9600.17415
2741548.fd0: FileVersion: 6.3.9600.17415 (winblue_r4.141028-1500)
2751548.fd0: FileDescription: Windows NT BASE API Client DLL
2761548.fd0: \SystemRoot\System32\KernelBase.dll:
2771548.fd0: CreationTime: 2015-11-27T09:34:21.580371800Z
2781548.fd0: LastWriteTime: 2015-11-27T09:34:21.595997600Z
2791548.fd0: ChangeTime: 2015-12-17T07:33:57.333663300Z
2801548.fd0: FileAttributes: 0x20
2811548.fd0: Size: 0x1150a0
2821548.fd0: NT Headers: 0xf0
2831548.fd0: Timestamp: 0x55c4c341
2841548.fd0: Machine: 0x8664 - amd64
2851548.fd0: Timestamp: 0x55c4c341
2861548.fd0: Image Version: 6.3
2871548.fd0: SizeOfImage: 0x115000 (1134592)
2881548.fd0: Resource Dir: 0x110000 LB 0x3530
2891548.fd0: ProductName: Microsoft® Windows® Operating System
2901548.fd0: ProductVersion: 6.3.9600.18007
2911548.fd0: FileVersion: 6.3.9600.18007 (winblue_ltsb.150807-0612)
2921548.fd0: FileDescription: Windows NT BASE API Client DLL
2931548.fd0: \SystemRoot\System32\apisetschema.dll:
2941548.fd0: CreationTime: 2013-08-22T12:13:09.745625900Z
2951548.fd0: LastWriteTime: 2013-08-22T12:35:12.091034400Z
2961548.fd0: ChangeTime: 2015-12-17T07:30:45.674299400Z
2971548.fd0: FileAttributes: 0x20
2981548.fd0: Size: 0x11360
2991548.fd0: NT Headers: 0xd0
3001548.fd0: Timestamp: 0x52160049
3011548.fd0: Machine: 0x8664 - amd64
3021548.fd0: Timestamp: 0x52160049
3031548.fd0: Image Version: 6.3
3041548.fd0: SizeOfImage: 0x13000 (77824)
3051548.fd0: Resource Dir: 0x11000 LB 0x3f8
3061548.fd0: ProductName: Microsoft® Windows® Operating System
3071548.fd0: ProductVersion: 6.3.9600.16384
3081548.fd0: FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
3091548.fd0: FileDescription: ApiSet Schema DLL
3101548.fd0: NtOpenDirectoryObject failed on \Driver: 0xc0000022
3111548.fd0: supR3HardenedWinFindAdversaries: 0x8
3121548.fd0: \SystemRoot\System32\drivers\tmcomm.sys:
3131548.fd0: CreationTime: 2013-10-31T09:53:18.000000000Z
3141548.fd0: LastWriteTime: 2013-10-31T09:53:18.000000000Z
3151548.fd0: ChangeTime: 2015-12-17T20:17:24.119650000Z
3161548.fd0: FileAttributes: 0x20
3171548.fd0: Size: 0x45e18
3181548.fd0: NT Headers: 0xf8
3191548.fd0: Timestamp: 0x5271c5f6
3201548.fd0: Machine: 0x8664 - amd64
3211548.fd0: Timestamp: 0x5271c5f6
3221548.fd0: Image Version: 6.0
3231548.fd0: SizeOfImage: 0x49000 (299008)
3241548.fd0: Resource Dir: 0x47000 LB 0x760
3251548.fd0: ProductName: Trend Micro Eyes
3261548.fd0: ProductVersion: 6.20
3271548.fd0: FileVersion: 6.20.0.1004
3281548.fd0: SpecialBuild: 1004
3291548.fd0: PrivateBuild: Build 1004 - 10/31/2013
3301548.fd0: FileDescription: TrendMicro Common Module
3311548.fd0: \SystemRoot\System32\drivers\tmactmon.sys:
3321548.fd0: CreationTime: 2014-01-23T16:57:44.000000000Z
3331548.fd0: LastWriteTime: 2014-01-23T16:57:44.000000000Z
3341548.fd0: ChangeTime: 2015-12-17T20:17:24.135258900Z
3351548.fd0: FileAttributes: 0x20
3361548.fd0: Size: 0x14f98
3371548.fd0: NT Headers: 0xe0
3381548.fd0: Timestamp: 0x52e0e760
3391548.fd0: Machine: 0x8664 - amd64
3401548.fd0: Timestamp: 0x52e0e760
3411548.fd0: Image Version: 6.0
3421548.fd0: SizeOfImage: 0x1d000 (118784)
3431548.fd0: Resource Dir: 0x1b000 LB 0x4d0
3441548.fd0: ProductName: Trend Micro AEGIS
3451548.fd0: ProductVersion: 2.97
3461548.fd0: FileVersion: 2.97.0.1117
3471548.fd0: SpecialBuild: 1117
3481548.fd0: PrivateBuild: Build 1117 - 1/23/2014
3491548.fd0: FileDescription: TrendMicro Activity Monitor Module
3501548.fd0: \SystemRoot\System32\drivers\tmevtmgr.sys:
3511548.fd0: CreationTime: 2014-01-23T16:57:18.000000000Z
3521548.fd0: LastWriteTime: 2014-01-23T16:57:18.000000000Z
3531548.fd0: ChangeTime: 2015-12-17T20:17:24.119650000Z
3541548.fd0: FileAttributes: 0x20
3551548.fd0: Size: 0x10550
3561548.fd0: NT Headers: 0xe0
3571548.fd0: Timestamp: 0x52e0e759
3581548.fd0: Machine: 0x8664 - amd64
3591548.fd0: Timestamp: 0x52e0e759
3601548.fd0: Image Version: 6.0
3611548.fd0: SizeOfImage: 0x15000 (86016)
3621548.fd0: Resource Dir: 0x13000 LB 0x4d0
3631548.fd0: ProductName: Trend Micro AEGIS
3641548.fd0: ProductVersion: 2.97
3651548.fd0: FileVersion: 2.97.0.1117
3661548.fd0: SpecialBuild: 1117
3671548.fd0: PrivateBuild: Build 1117 - 1/23/2014
3681548.fd0: FileDescription: TrendMicro Event Management Module
3691548.fd0: \SystemRoot\System32\drivers\tmeevw.sys:
3701548.fd0: CreationTime: 2013-08-15T16:54:54.000000000Z
3711548.fd0: LastWriteTime: 2013-08-15T16:54:54.000000000Z
3721548.fd0: ChangeTime: 2015-12-17T20:16:44.424113600Z
3731548.fd0: FileAttributes: 0x20
3741548.fd0: Size: 0x18b20
3751548.fd0: NT Headers: 0xf0
3761548.fd0: Timestamp: 0x520ca2f5
3771548.fd0: Machine: 0x8664 - amd64
3781548.fd0: Timestamp: 0x520ca2f5
3791548.fd0: Image Version: 6.1
3801548.fd0: SizeOfImage: 0x1e000 (122880)
3811548.fd0: Resource Dir: 0x19000 LB 0x30d8
3821548.fd0: ProductName: Trend Micro EagleEye
3831548.fd0: ProductVersion: 1.5
3841548.fd0: FileVersion: 1.5.0.1143
3851548.fd0: SpecialBuild: 1143
3861548.fd0: PrivateBuild: Build 1143 - 8/15/2013
3871548.fd0: FileDescription: Trend Micro EagleEye Driver (VW) (amd64-fre)
3881548.fd0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
3891548.fd0: Calling main()
3901548.fd0: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
3911548.fd0: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
3921548.fd0: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
3931548.fd0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe)
3941548.fd0: SUPR3HardenedMain: Respawn #2
3951548.fd0: supR3HardNtEnableThreadCreation:
3961548.fd0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffc7a3a8c00 pvNtTerminateThread=00007ffc7a421360
3971548.fd0: supR3HardenedWinDoReSpawn(2): New child 2194.454 [kernel32].
3981548.fd0: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
3991548.fd0: supR3HardNtChildGatherData: PebBaseAddress=00007ff657b44000 cbPeb=0x388
4001548.fd0: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffc7a390000 uNtDllChildAddr=00007ffc7a390000
4011548.fd0: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffc7a3a8c00
4021548.fd0: supR3HardenedWinSetupChildInit: Start child.
4031548.fd0: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
4041548.fd0: supR3HardNtChildPurify: Startup delay kludge #1/0: 516 ms, 33 sleeps
4051548.fd0: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
4061548.fd0: *0000000000000000-ffffffffff24ffff 0x0001/0x0000 0x0000000
4071548.fd0: *0000000000db0000-0000000000d8ffff 0x0004/0x0004 0x0020000
4081548.fd0: *0000000000dd0000-0000000000dc0fff 0x0002/0x0002 0x0040000
4091548.fd0: 0000000000ddf000-0000000000dddfff 0x0001/0x0000 0x0000000
4101548.fd0: *0000000000de0000-0000000000ce3fff 0x0000/0x0004 0x0020000
4111548.fd0: 0000000000edc000-0000000000ed8fff 0x0104/0x0004 0x0020000
4121548.fd0: 0000000000edf000-0000000000eddfff 0x0004/0x0004 0x0020000
4131548.fd0: *0000000000ee0000-0000000000edbfff 0x0002/0x0002 0x0040000
4141548.fd0: 0000000000ee4000-0000000000ed7fff 0x0001/0x0000 0x0000000
4151548.fd0: *0000000000ef0000-0000000000eedfff 0x0004/0x0004 0x0020000
4161548.fd0: 0000000000ef2000-ffffffff81e03fff 0x0001/0x0000 0x0000000
4171548.fd0: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
4181548.fd0: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
4191548.fd0: 000000007fff0000-ffff800aa84bffff 0x0001/0x0000 0x0000000
4201548.fd0: *00007ff657b20000-00007ff657afcfff 0x0002/0x0002 0x0040000
4211548.fd0: 00007ff657b43000-00007ff657b41fff 0x0001/0x0000 0x0000000
4221548.fd0: *00007ff657b44000-00007ff657b42fff 0x0004/0x0004 0x0020000
4231548.fd0: 00007ff657b45000-00007ff657b3bfff 0x0001/0x0000 0x0000000
4241548.fd0: *00007ff657b4e000-00007ff657b4bfff 0x0004/0x0004 0x0020000
4251548.fd0: 00007ff657b50000-00007ff65785ffff 0x0001/0x0000 0x0000000
4261548.fd0: *00007ff657e40000-00007ff657e40fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
4271548.fd0: 00007ff657e41000-00007ff657ec7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
4281548.fd0: 00007ff657ec8000-00007ff657ec8fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
4291548.fd0: 00007ff657ec9000-00007ff657f13fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
4301548.fd0: 00007ff657f14000-00007ff657f14fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
4311548.fd0: 00007ff657f15000-00007ff657f15fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
4321548.fd0: 00007ff657f16000-00007ff657f1afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
4331548.fd0: 00007ff657f1b000-00007ff657f1bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
4341548.fd0: 00007ff657f1c000-00007ff657f1cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
4351548.fd0: 00007ff657f1d000-00007ff657f20fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
4361548.fd0: 00007ff657f21000-00007ff657f6bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
4371548.fd0: 00007ff657f6c000-00007ff035b47fff 0x0001/0x0000 0x0000000
4381548.fd0: *00007ffc7a390000-00007ffc7a390fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
4391548.fd0: 00007ffc7a391000-00007ffc7a4bcfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
4401548.fd0: 00007ffc7a4bd000-00007ffc7a4c2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
4411548.fd0: 00007ffc7a4c3000-00007ffc7a4cffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
4421548.fd0: 00007ffc7a4d0000-00007ffc7a4d0fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
4431548.fd0: 00007ffc7a4d1000-00007ffc7a4d3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
4441548.fd0: 00007ffc7a4d4000-00007ffc7a4d4fff 0x0010/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
4451548.fd0: 00007ffc7a4d5000-00007ffc7a53bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
4461548.fd0: 00007ffc7a53c000-00007ff8f4a97fff 0x0001/0x0000 0x0000000
4471548.fd0: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
4481548.fd0: VirtualBox.exe: timestamp 0x569e6712 (rc=VINF_SUCCESS)
4491548.fd0: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
4501548.fd0: '\Device\HarddiskVolume5\Windows\System32\ntdll.dll' has no imports
4511548.fd0: supR3HardNtChildPurify: Done after 532 ms and 0 fixes (loop #0).
4521548.fd0: supR3HardenedEarlyCompact: Removed heap 1 (0x000000006c0000 LB 0x400000)
4532194.454: Log file opened: 5.0.14r105127 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x63258000
4542194.454: supR3HardenedVmProcessInit: uNtDllAddr=00007ffc7a390000
4551548.fd0: supR3HardNtEnableThreadCreation:
4562194.454: ntdll.dll: timestamp 0x5683f0c5 (rc=VINF_SUCCESS)
4572194.454: New simple heap: #1 0000000001000000 LB 0x400000 (for 1753088 allocation)
4582194.454: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
4592194.454: System32: \Device\HarddiskVolume5\Windows\System32
4602194.454: WinSxS: \Device\HarddiskVolume5\Windows\WinSxS
4612194.454: KnownDllPath: C:\Windows\system32
4622194.454: supR3HardenedVmProcessInit: Opening vboxdrv...
4632194.454: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
4642194.454: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
4652194.454: Registered Dll notification callback with NTDLL.
4662194.454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\kernel32.dll)
4672194.454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\kernel32.dll
4682194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801:<flags> [calling]
4692194.454: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
4702194.454: supR3HardenedDllNotificationCallback: load 00007ffc775b0000 LB 0x00115000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
4712194.454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\KernelBase.dll)
4722194.454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\KernelBase.dll
4732194.454: supR3HardenedDllNotificationCallback: load 00007ffc78340000 LB 0x0013e000 C:\Windows\system32\KERNEL32.DLL [fFlags=0x0]
4742194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
4752194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc78340000 'C:\Windows\system32\KERNEL32.DLL'
4762194.454: supR3HardenedDllNotificationCallback: load 00007ff657e40000 LB 0x0012c000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
4772194.454: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
4782194.454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe)
4792194.454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
4802194.454: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffc7a3a8c00 pvNtTerminateThread=00007ffc7a421360
4811548.fd0: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 78 ms.
4822194.454: \SystemRoot\System32\ntdll.dll:
4832194.454: CreationTime: 2016-01-14T20:29:19.397779000Z
4842194.454: LastWriteTime: 2015-12-30T19:32:15.583581100Z
4852194.454: ChangeTime: 2016-01-16T14:22:57.724733700Z
4862194.454: FileAttributes: 0x20
4872194.454: Size: 0x1a7958
4882194.454: NT Headers: 0xd8
4892194.454: Timestamp: 0x5683f0c5
4902194.454: Machine: 0x8664 - amd64
4912194.454: Timestamp: 0x5683f0c5
4922194.454: Image Version: 6.3
4932194.454: SizeOfImage: 0x1ac000 (1753088)
4942194.454: Resource Dir: 0x148000 LB 0x624a0
4952194.454: ProductName: Microsoft® Windows® Operating System
4962194.454: ProductVersion: 6.3.9600.18185
4972194.454: FileVersion: 6.3.9600.18185 (winblue_ltsb.151230-0600)
4982194.454: FileDescription: NT Layer DLL
4992194.454: \SystemRoot\System32\kernel32.dll:
5002194.454: CreationTime: 2014-11-21T04:04:49.262835200Z
5012194.454: LastWriteTime: 2014-11-21T04:04:49.309710800Z
5022194.454: ChangeTime: 2015-12-17T07:33:57.271148500Z
5032194.454: FileAttributes: 0x20
5042194.454: Size: 0x13fc30
5052194.454: NT Headers: 0xf8
5062194.454: Timestamp: 0x545054ca
5072194.454: Machine: 0x8664 - amd64
5082194.454: Timestamp: 0x545054ca
5092194.454: Image Version: 6.3
5102194.454: SizeOfImage: 0x13e000 (1302528)
5112194.454: Resource Dir: 0x12e000 LB 0x518
5122194.454: ProductName: Microsoft® Windows® Operating System
5132194.454: ProductVersion: 6.3.9600.17415
5142194.454: FileVersion: 6.3.9600.17415 (winblue_r4.141028-1500)
5152194.454: FileDescription: Windows NT BASE API Client DLL
5162194.454: \SystemRoot\System32\KernelBase.dll:
5172194.454: CreationTime: 2015-11-27T09:34:21.580371800Z
5182194.454: LastWriteTime: 2015-11-27T09:34:21.595997600Z
5192194.454: ChangeTime: 2015-12-17T07:33:57.333663300Z
5202194.454: FileAttributes: 0x20
5212194.454: Size: 0x1150a0
5222194.454: NT Headers: 0xf0
5232194.454: Timestamp: 0x55c4c341
5242194.454: Machine: 0x8664 - amd64
5252194.454: Timestamp: 0x55c4c341
5262194.454: Image Version: 6.3
5272194.454: SizeOfImage: 0x115000 (1134592)
5282194.454: Resource Dir: 0x110000 LB 0x3530
5292194.454: ProductName: Microsoft® Windows® Operating System
5302194.454: ProductVersion: 6.3.9600.18007
5312194.454: FileVersion: 6.3.9600.18007 (winblue_ltsb.150807-0612)
5322194.454: FileDescription: Windows NT BASE API Client DLL
5332194.454: \SystemRoot\System32\apisetschema.dll:
5342194.454: CreationTime: 2013-08-22T12:13:09.745625900Z
5352194.454: LastWriteTime: 2013-08-22T12:35:12.091034400Z
5362194.454: ChangeTime: 2015-12-17T07:30:45.674299400Z
5372194.454: FileAttributes: 0x20
5382194.454: Size: 0x11360
5392194.454: NT Headers: 0xd0
5402194.454: Timestamp: 0x52160049
5412194.454: Machine: 0x8664 - amd64
5422194.454: Timestamp: 0x52160049
5432194.454: Image Version: 6.3
5442194.454: SizeOfImage: 0x13000 (77824)
5452194.454: Resource Dir: 0x11000 LB 0x3f8
5462194.454: ProductName: Microsoft® Windows® Operating System
5472194.454: ProductVersion: 6.3.9600.16384
5482194.454: FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
5492194.454: FileDescription: ApiSet Schema DLL
5502194.454: NtOpenDirectoryObject failed on \Driver: 0xc0000022
5512194.454: supR3HardenedWinFindAdversaries: 0x8
5522194.454: \SystemRoot\System32\drivers\tmcomm.sys:
5532194.454: CreationTime: 2013-10-31T09:53:18.000000000Z
5542194.454: LastWriteTime: 2013-10-31T09:53:18.000000000Z
5552194.454: ChangeTime: 2015-12-17T20:17:24.119650000Z
5562194.454: FileAttributes: 0x20
5572194.454: Size: 0x45e18
5582194.454: NT Headers: 0xf8
5592194.454: Timestamp: 0x5271c5f6
5602194.454: Machine: 0x8664 - amd64
5612194.454: Timestamp: 0x5271c5f6
5622194.454: Image Version: 6.0
5632194.454: SizeOfImage: 0x49000 (299008)
5642194.454: Resource Dir: 0x47000 LB 0x760
5652194.454: ProductName: Trend Micro Eyes
5662194.454: ProductVersion: 6.20
5672194.454: FileVersion: 6.20.0.1004
5682194.454: SpecialBuild: 1004
5692194.454: PrivateBuild: Build 1004 - 10/31/2013
5702194.454: FileDescription: TrendMicro Common Module
5712194.454: \SystemRoot\System32\drivers\tmactmon.sys:
5722194.454: CreationTime: 2014-01-23T16:57:44.000000000Z
5732194.454: LastWriteTime: 2014-01-23T16:57:44.000000000Z
5742194.454: ChangeTime: 2015-12-17T20:17:24.135258900Z
5752194.454: FileAttributes: 0x20
5762194.454: Size: 0x14f98
5772194.454: NT Headers: 0xe0
5782194.454: Timestamp: 0x52e0e760
5792194.454: Machine: 0x8664 - amd64
5802194.454: Timestamp: 0x52e0e760
5812194.454: Image Version: 6.0
5822194.454: SizeOfImage: 0x1d000 (118784)
5832194.454: Resource Dir: 0x1b000 LB 0x4d0
5842194.454: ProductName: Trend Micro AEGIS
5852194.454: ProductVersion: 2.97
5862194.454: FileVersion: 2.97.0.1117
5872194.454: SpecialBuild: 1117
5882194.454: PrivateBuild: Build 1117 - 1/23/2014
5892194.454: FileDescription: TrendMicro Activity Monitor Module
5902194.454: \SystemRoot\System32\drivers\tmevtmgr.sys:
5912194.454: CreationTime: 2014-01-23T16:57:18.000000000Z
5922194.454: LastWriteTime: 2014-01-23T16:57:18.000000000Z
5932194.454: ChangeTime: 2015-12-17T20:17:24.119650000Z
5942194.454: FileAttributes: 0x20
5952194.454: Size: 0x10550
5962194.454: NT Headers: 0xe0
5972194.454: Timestamp: 0x52e0e759
5982194.454: Machine: 0x8664 - amd64
5992194.454: Timestamp: 0x52e0e759
6002194.454: Image Version: 6.0
6012194.454: SizeOfImage: 0x15000 (86016)
6022194.454: Resource Dir: 0x13000 LB 0x4d0
6032194.454: ProductName: Trend Micro AEGIS
6042194.454: ProductVersion: 2.97
6052194.454: FileVersion: 2.97.0.1117
6062194.454: SpecialBuild: 1117
6072194.454: PrivateBuild: Build 1117 - 1/23/2014
6082194.454: FileDescription: TrendMicro Event Management Module
6092194.454: \SystemRoot\System32\drivers\tmeevw.sys:
6102194.454: CreationTime: 2013-08-15T16:54:54.000000000Z
6112194.454: LastWriteTime: 2013-08-15T16:54:54.000000000Z
6122194.454: ChangeTime: 2015-12-17T20:16:44.424113600Z
6132194.454: FileAttributes: 0x20
6142194.454: Size: 0x18b20
6152194.454: NT Headers: 0xf0
6162194.454: Timestamp: 0x520ca2f5
6172194.454: Machine: 0x8664 - amd64
6182194.454: Timestamp: 0x520ca2f5
6192194.454: Image Version: 6.1
6202194.454: SizeOfImage: 0x1e000 (122880)
6212194.454: Resource Dir: 0x19000 LB 0x30d8
6222194.454: ProductName: Trend Micro EagleEye
6232194.454: ProductVersion: 1.5
6242194.454: FileVersion: 1.5.0.1143
6252194.454: SpecialBuild: 1143
6262194.454: PrivateBuild: Build 1143 - 8/15/2013
6272194.454: FileDescription: Trend Micro EagleEye Driver (VW) (amd64-fre)
6282194.454: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
6292194.454: Calling main()
6302194.454: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
6312194.454: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
6322194.454: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
6332194.454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe)
6342194.454: SUPR3HardenedMain: Final process, opening VBoxDrv...
6352194.454: supR3HardenedEarlyCompact: Removed heap 1 (0x00000001000000 LB 0x400000)
6362194.454: supR3HardNtEnableThreadCreation:
6372194.454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
6382194.454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
6392194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6402194.454: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
6412194.454: supR3HardenedDllNotificationCallback: load 00007ffc75e70000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
6422194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
6432194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
6442194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6452194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc75e70000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
6462194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
6472194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6482194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc75e70000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
6492194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc75e70000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
6502194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6512194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'crypt32.dll'.
6522194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'msasn1.dll'.
6532194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
6542194.454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\wintrust.dll)
6552194.454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\wintrust.dll
6562194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6572194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6582194.454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll)
6592194.454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll
6602194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
6612194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume5\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
6622194.454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\msasn1.dll)
6632194.454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\msasn1.dll
6642194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
6652194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume5\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
6662194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6672194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'msasn1.dll'.
6682194.454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\crypt32.dll)
6692194.454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\crypt32.dll
6702194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6712194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6722194.454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\msvcrt.dll)
6732194.454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\msvcrt.dll
6742194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
6752194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume5\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
6762194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
6772194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6782194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6792194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6802194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6812194.454: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
6822194.454: supR3HardenedDllNotificationCallback: load 00007ffc77ef0000 LB 0x000aa000 C:\Windows\system32\msvcrt.dll [fFlags=0x0]
6832194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6842194.454: supR3HardenedDllNotificationCallback: load 00007ffc77590000 LB 0x00011000 C:\Windows\system32\MSASN1.dll [fFlags=0x0]
6852194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
6862194.454: supR3HardenedDllNotificationCallback: load 00007ffc776d0000 LB 0x001df000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0]
6872194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
6882194.454: supR3HardenedDllNotificationCallback: load 00007ffc77a10000 LB 0x00141000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0]
6892194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
6902194.454: supR3HardenedDllNotificationCallback: load 00007ffc778b0000 LB 0x00051000 C:\Windows\system32\Wintrust.dll [fFlags=0x0]
6912194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
6922194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc778b0000 'C:\Windows\system32\Wintrust.dll'
6932194.454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\bcrypt.dll)
6942194.454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\bcrypt.dll
6952194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6962194.454: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
6972194.454: supR3HardenedDllNotificationCallback: load 00007ffc77070000 LB 0x00026000 C:\Windows\system32\bcrypt.dll [fFlags=0x0]
6982194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
6992194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc77070000 'C:\Windows\system32\bcrypt.dll'
7002194.454: bcrypt.dll loaded at 00007ffc77070000, BCryptOpenAlgorithmProvider at 00007ffc770734a0, preloading providers:
7012194.454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\bcryptprimitives.dll)
7022194.454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\bcryptprimitives.dll
7032194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7042194.454: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
7052194.454: supR3HardenedDllNotificationCallback: load 00007ffc773b0000 LB 0x00063000 C:\Windows\system32\bcryptprimitives.dll [fFlags=0x0]
7062194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
7072194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc773b0000 'C:\Windows\system32\bcryptprimitives.dll'
7082194.454: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=0000000001418ca0)
7092194.454: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=0000000001419090)
7102194.454: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=00000000014191b0)
7112194.454: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000000001419400)
7122194.454: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000001419e70)
7132194.454: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=000000000141a0b0)
7142194.454: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000001419b10)
7152194.454: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000001419690)
7162194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
7172194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7182194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc778b0000 'C:\Windows\System32\WINTRUST.DLL'
7192194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
7202194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7212194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc778b0000 'C:\Windows\System32\WINTRUST.DLL'
7222194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
7232194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7242194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc778b0000 'C:\Windows\System32\WINTRUST.DLL'
7252194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
7262194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7272194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc778b0000 'C:\Windows\System32\WINTRUST.DLL'
7282194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
7292194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7302194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc778b0000 'C:\Windows\System32\WINTRUST.DLL'
7312194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
7322194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7332194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc778b0000 'C:\Windows\System32\WINTRUST.DLL'
7342194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
7352194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc778b0000 'C:\Windows\System32\WINTRUST.DLL'
7362194.454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\cryptsp.dll)
7372194.454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\cryptsp.dll
7382194.454: supR3HardenedDllNotificationCallback: load 00007ffc76f30000 LB 0x00020000 C:\Windows\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
7392194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
7402194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcrypt.dll'.
7412194.454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\rsaenh.dll)
7422194.454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\rsaenh.dll
7432194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
7442194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume5\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
7452194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
7462194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7472194.454: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7482194.454: supR3HardenedDllNotificationCallback: load 00007ffc769c0000 LB 0x00036000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
7492194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7502194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
7512194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
7522194.454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\cryptbase.dll)
7532194.454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\cryptbase.dll
7542194.454: supR3HardenedDllNotificationCallback: load 00007ffc77420000 LB 0x0000b000 C:\Windows\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
7552194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
7562194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
7572194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
7582194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume5\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
7592194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
7602194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7612194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc78340000 'C:\Windows\system32\kernel32.dll'
7622194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
7632194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc778b0000 'C:\Windows\System32\WINTRUST.DLL'
7642194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
7652194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
7662194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\CRYPT32.dll'
7672194.454: supR3HardenedDllNotificationCallback: load 00007ffc78600000 LB 0x00016000 C:\Windows\system32\imagehlp.dll [fFlags=0x0]
7682194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
7692194.454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\imagehlp.dll)
7702194.454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\imagehlp.dll
7712194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7722194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
7732194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
7742194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
7752194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7762194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
7772194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'bcrypt.dll'.
7782194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ntasn1.dll'.
7792194.454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\ncrypt.dll)
7802194.454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\ncrypt.dll
7812194.454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\ntasn1.dll)
7822194.454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\ntasn1.dll
7832194.454: supR3HardenedDllNotificationCallback: load 00007ffc77000000 LB 0x00037000 C:\Windows\SYSTEM32\NTASN1.dll [fFlags=0x0]
7842194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ntasn1.dll [lacks WinVerifyTrust]
7852194.454: supR3HardenedDllNotificationCallback: load 00007ffc77040000 LB 0x00025000 C:\Windows\SYSTEM32\ncrypt.dll [fFlags=0x0]
7862194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
7872194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
7882194.454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\sechost.dll)
7892194.454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\sechost.dll
7902194.454: supR3HardenedDllNotificationCallback: load 00007ffc782e0000 LB 0x00059000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0]
7912194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\sechost.dll [lacks WinVerifyTrust]
7922194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
7932194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
7942194.454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\gpapi.dll)
7952194.454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\gpapi.dll
7962194.454: supR3HardenedDllNotificationCallback: load 00007ffc76690000 LB 0x00024000 C:\Windows\SYSTEM32\gpapi.dll [fFlags=0x0]
7972194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
7982194.454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\profapi.dll)
7992194.454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\profapi.dll
8002194.454: supR3HardenedDllNotificationCallback: load 00007ffc774e0000 LB 0x00015000 C:\Windows\SYSTEM32\profapi.dll [fFlags=0x0]
8012194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\profapi.dll [lacks WinVerifyTrust]
8022194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8032194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'crypt32.dll'.
8042194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'wldap32.dll'.
8052194.454: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\cryptnet.dll)
8062194.454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\cryptnet.dll
8072194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
8082194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume5\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
8092194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8102194.454: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\Wldap32.dll)
8112194.454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\Wldap32.dll
8122194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
8132194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume5\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
8142194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
8152194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8162194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8172194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8182194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8192194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8202194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
8212194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8222194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8232194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8242194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8252194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8262194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
8272194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntasn1.dll'...
8282194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntasn1.dll' -> '\Device\HarddiskVolume5\Windows\System32\ntasn1.dll' [rcNtRedir=0xc0150008]
8292194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ntasn1.dll [lacks WinVerifyTrust]
8302194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
8312194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume5\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
8322194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
8332194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8342194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8352194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8362194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8372194.454: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8382194.454: supR3HardenedDllNotificationCallback: load 00007ffc78280000 LB 0x0005c000 C:\Windows\system32\WLDAP32.dll [fFlags=0x0]
8392194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
8402194.454: supR3HardenedDllNotificationCallback: load 00007ffc68ce0000 LB 0x00039000 C:\Windows\system32\cryptnet.dll [fFlags=0x0]
8412194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8422194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8432194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
8442194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68ce0000 'C:\Windows\system32\cryptnet.dll'
8452194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8462194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
8472194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68ce0000 'C:\Windows\system32\cryptnet.dll'
8482194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8492194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
8502194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68ce0000 'C:\Windows\system32\cryptnet.dll'
8512194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8522194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
8532194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68ce0000 'C:\Windows\system32\cryptnet.dll'
8542194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8552194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
8562194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68ce0000 'C:\Windows\system32\cryptnet.dll'
8572194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8582194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
8592194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68ce0000 'C:\Windows\system32\cryptnet.dll'
8602194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8612194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68ce0000 'C:\Windows\system32\cryptnet.dll'
8622194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8632194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68ce0000 'C:\Windows\system32\cryptnet.dll'
8642194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8652194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68ce0000 'C:\Windows\system32\cryptnet.dll'
8662194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8672194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68ce0000 'C:\Windows\system32\cryptnet.dll'
8682194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8692194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68ce0000 'C:\Windows\system32\cryptnet.dll'
8702194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68ce0000 'C:\Windows\system32\cryptnet.dll'
8712194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8722194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68ce0000 'C:\Windows\System32\cryptnet.dll'
8732194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8742194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'sechost.dll'.
8752194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'rpcrt4.dll'.
8762194.454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\advapi32.dll)
8772194.454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\advapi32.dll
8782194.454: supR3HardenedDllNotificationCallback: load 00007ffc78480000 LB 0x000aa000 C:\Windows\SYSTEM32\advapi32.dll [fFlags=0x0]
8792194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
8802194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8812194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8822194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8832194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
8842194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
8852194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume5\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
8862194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\sechost.dll [lacks WinVerifyTrust]
8872194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8882194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8892194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8902194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8912194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
8922194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
8932194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8942194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
8952194.454: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
8962194.454: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000014809d0
8972194.454: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000014809d0
8982194.454: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3BBAF09D443FD93396EDCCD4196733EEF3352519
8992194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
9002194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9012194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc77a10000 'C:\Windows\system32\rpcrt4.dll'
9022194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
9032194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc778b0000 'C:\Windows\System32\WINTRUST.DLL'
9042194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
9052194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc778b0000 'C:\Windows\System32\WINTRUST.DLL'
9062194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
9072194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc778b0000 'C:\Windows\System32\WINTRUST.DLL'
9082194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
9092194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc778b0000 'C:\Windows\System32\WINTRUST.DLL'
9102194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
9112194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc778b0000 'C:\Windows\System32\WINTRUST.DLL'
9122194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
9132194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9142194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc778b0000 'C:\Windows\System32\WINTRUST.DLL'
9152194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
9162194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc778b0000 'C:\Windows\System32\WINTRUST.DLL'
9172194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9182194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9192194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
9202194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
9212194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9222194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
9232194.454: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_29_for_KB3121212~31bf3856ad364e35~amd64~~6.3.1.2.cat'; file='\SystemRoot\System32\ntdll.dll'
9242194.454: g_pfnWinVerifyTrust=00007ffc778b1050
9252194.454: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
9262194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9272194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9282194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
9292194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
9302194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9312194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
9322194.454: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\crypt32.dll'
9332194.454: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
9342194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9352194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9362194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
9372194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll
9382194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9392194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
9402194.454: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\wintrust.dll'
9412194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9422194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9432194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
9442194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
9452194.454: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\advapi32.dll'
9462194.454: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000378 pwszName=\Device\HarddiskVolume5\Windows\System32\Wldap32.dll
9472194.454: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000014809d0
9482194.454: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000014809d0
9492194.454: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BBC3979054487C3D01C936AC44608445F3BDB24A
9502194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9512194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
9522194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
9532194.454: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1991_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume5\Windows\System32\Wldap32.dll'
9542194.454: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
9552194.454: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\Wldap32.dll'
9562194.454: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000037c pwszName=\Device\HarddiskVolume5\Windows\System32\cryptnet.dll
9572194.454: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000014809d0
9582194.454: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000014809d0
9592194.454: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CFA081F787F20E906CEFF5631F4EC1F5B874BBA5
9602194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9612194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
9622194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
9632194.454: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1991_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume5\Windows\System32\cryptnet.dll'
9642194.454: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
9652194.454: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\cryptnet.dll'
9662194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9672194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
9682194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
9692194.454: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\profapi.dll'
9702194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9712194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
9722194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
9732194.454: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\gpapi.dll'
9742194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9752194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
9762194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
9772194.454: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\sechost.dll'
9782194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9792194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
9802194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
9812194.454: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\ntasn1.dll'
9822194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9832194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
9842194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll
9852194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9862194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
9872194.454: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\ncrypt.dll'
9882194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9892194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9902194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
9912194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
9922194.454: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\imagehlp.dll'
9932194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9942194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
9952194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
9962194.454: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\cryptbase.dll'
9972194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9982194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
9992194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
10002194.454: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\rsaenh.dll'
10012194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
10022194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
10032194.454: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\cryptsp.dll'
10042194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
10052194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
10062194.454: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\bcryptprimitives.dll'
10072194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
10082194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
10092194.454: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\bcrypt.dll'
10102194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
10112194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
10122194.454: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll'
10132194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
10142194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
10152194.454: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\msasn1.dll'
10162194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
10172194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
10182194.454: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll'
10192194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
10202194.454: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
10212194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
10222194.454: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe'
10232194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
10242194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
10252194.454: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\KernelBase.dll'
10262194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
10272194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
10282194.454: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\kernel32.dll'
10292194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
10302194.454: supR3HardenedWinIsDesiredRootCA: Adding 0xe66e80ae92a0c5a CN=Sage Germany Cloud Services CA
10312194.454: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
10322194.454: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
10332194.454: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
10342194.454: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
10352194.454: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
10362194.454: supR3HardenedWinIsDesiredRootCA: Adding 0xab2209b59950f200 CN=Sage Germany Cloud Services CA LIVE
10372194.454: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
10382194.454: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
10392194.454: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
10402194.454: supR3HardenedWinIsDesiredRootCA: Adding 0xb9353aff3805b600 CN=Sage AS Intranet CA
10412194.454: supR3HardenedWinIsDesiredRootCA: Adding 0xa12b07674f1bf600 C=US, O=AffirmTrust, CN=AffirmTrust Commercial
10422194.454: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
10432194.454: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
10442194.454: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
10452194.454: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
10462194.454: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
10472194.454: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
10482194.454: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
10492194.454: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
10502194.454: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
10512194.454: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
10522194.454: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
10532194.454: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
10542194.454: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
10552194.454: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
10562194.454: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
10572194.454: supR3HardenedWinIsDesiredRootCA: Adding 0x2fba703484f19900 C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 EV 2009
10582194.454: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
10592194.454: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
10602194.454: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
10612194.454: supR3HardenedWinIsDesiredRootCA: Adding 0x298be035a30bab00 C=DE, O=Deutsche Telekom AG, OU=T-TeleSec Trust Center, CN=Deutsche Telekom Root CA 2
10622194.454: supR3HardenedWinIsDesiredRootCA: Adding 0xabd0695c5d11d15e C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
10632194.454: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
10642194.454: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
10652194.454: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
10662194.454: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
10672194.454: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
10682194.454: supR3HardenedWinIsDesiredRootCA: Adding 0x16e64d2a56ccf200 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., OU=http://certificates.starfieldtech.com/repository/, CN=Starfield Services Root Certificate Authority
10692194.454: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
10702194.454: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
10712194.454: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
10722194.454: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
10732194.454: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
10742194.454: supR3HardenedWinIsDesiredRootCA: Adding 0x6b2e1733cc84b400 C=US, O=AffirmTrust, CN=AffirmTrust Networking
10752194.454: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
10762194.454: supR3HardenedWinIsDesiredRootCA: Adding 0xab549401526569d3 L=Internet, O=VeriSign, Inc., OU=VeriSign Commercial Software Publishers CA
10772194.454: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
10782194.454: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
10792194.454: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
10802194.454: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=50
10812194.454: SUPR3HardenedMain: Load Runtime...
10822194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
10832194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
10842194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
10852194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
10862194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
10872194.454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
10882194.454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll
10892194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
10902194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
10912194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll
10922194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
10932194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
10942194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
10952194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
10962194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'nsi.dll'.
10972194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'.
10982194.454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\ws2_32.dll) WinVerifyTrust
10992194.454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\ws2_32.dll
11002194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
11012194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
11022194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
11032194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
11042194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll
11052194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
11062194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume5\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
11072194.454: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\nsi.dll'.
11082194.454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\nsi.dll)
11092194.454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\nsi.dll
11102194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
11112194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
11122194.454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
11132194.454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll
11142194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
11152194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
11162194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll
11172194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
11182194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
11192194.454: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11202194.454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll)
11212194.454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll
11222194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11232194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
11242194.454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
11252194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
11262194.454: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll
11272194.454: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
11282194.454: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll
11292194.454: supR3HardenedDllNotificationCallback: load 00000000767c0000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
11302194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
11312194.454: supR3HardenedDllNotificationCallback: load 0000000076720000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
11322194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll
11332194.454: supR3HardenedDllNotificationCallback: load 00007ffc7a1c0000 LB 0x00009000 C:\Windows\system32\NSI.dll [fFlags=0x0]
11342194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\nsi.dll [avoiding WinVerifyTrust]
11352194.454: supR3HardenedDllNotificationCallback: load 00007ffc785a0000 LB 0x0005a000 C:\Windows\system32\WS2_32.dll [fFlags=0x0]
11362194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ws2_32.dll
11372194.454: supR3HardenedDllNotificationCallback: load 00007ffc4e3f0000 LB 0x00562000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
11382194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll
11392194.454: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11402194.454: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11412194.454: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\nsi.dll'.
11422194.454: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\nsi.dll' [rescheduled]
11432194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll
11442194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11452194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc4e3f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11462194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll
11472194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11482194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc4e3f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11492194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll
11502194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11512194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc4e3f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11522194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll
11532194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11542194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc4e3f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11552194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll
11562194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11572194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc4e3f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11582194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll
11592194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11602194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc4e3f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11612194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc4e3f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11622194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc4e3f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11632194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc4e3f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11642194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc4e3f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11652194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc4e3f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11662194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc4e3f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11672194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc4e3f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11682194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll
11692194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11702194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc4e3f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11712194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc4e3f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11722194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc4e3f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11732194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc4e3f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11742194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc4e3f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11752194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc4e3f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11762194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc4e3f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11772194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc4e3f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11782194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc4e3f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11792194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc4e3f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11802194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc4e3f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11812194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc4e3f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11822194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc4e3f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11832194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc4e3f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11842194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc4e3f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11852194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc4e3f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11862194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll
11872194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11882194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc4e3f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11892194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc4e3f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11902194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc4e3f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11912194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc4e3f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11922194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc778b0000 'C:\Windows\system32\Wintrust.dll'
11932194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
11942194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
11952194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
11962194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
11972194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll
11982194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
11992194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
12002194.454: SUPR3HardenedMain: Load TrustedMain...
12012194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
12022194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
12032194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
12042194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
12052194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
12062194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
12072194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qtguivbox4.dll'.
12082194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qtopenglvbox4.dll'.
12092194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
12102194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
12112194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'advapi32.dll'.
12122194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'shell32.dll'.
12132194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'ole32.dll'.
12142194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'oleaut32.dll'.
12152194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'comdlg32.dll'.
12162194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'.
12172194.454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
12182194.454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.dll
12192194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
12202194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume5\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
12212194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
12222194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
12232194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
12242194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcrt.dll'.
12252194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'user32.dll'.
12262194.454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\winmm.dll) WinVerifyTrust
12272194.454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\winmm.dll
12282194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
12292194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume5\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
12302194.454: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000460 pwszName=\Device\HarddiskVolume5\Windows\System32\comdlg32.dll
12312194.454: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000014809d0
12322194.454: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000014809d0
12332194.454: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A8D428FD3A844AF383E2EA2C23013320CECD6296
12342194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12352194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12362194.454: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\user32.dll'.
12372194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'gdi32.dll'.
12382194.454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\user32.dll)
12392194.454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\user32.dll
12402194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12412194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12422194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll
12432194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
12442194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume5\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
12452194.454: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\winmmbase.dll'.
12462194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
12472194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'devobj.dll'.
12482194.454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\winmmbase.dll)
12492194.454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\winmmbase.dll
12502194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
12512194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume5\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
12522194.454: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\devobj.dll'.
12532194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12542194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'cfgmgr32.dll'.
12552194.454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\devobj.dll)
12562194.454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\devobj.dll
12572194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12582194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12592194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12602194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
12612194.454: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\gdi32.dll'.
12622194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'user32.dll'.
12632194.454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\gdi32.dll)
12642194.454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\gdi32.dll
12652194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12662194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12672194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust]
12682194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
12692194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume5\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
12702194.454: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\cfgmgr32.dll'.
12712194.454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\cfgmgr32.dll)
12722194.454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\cfgmgr32.dll
12732194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12742194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12752194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
12762194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
12772194.454: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1358_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume5\Windows\System32\comdlg32.dll'
12782194.454: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12792194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12802194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'.
12812194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
12822194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
12832194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'.
12842194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
12852194.454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\comdlg32.dll) WinVerifyTrust
12862194.454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\comdlg32.dll
12872194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
12882194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume5\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
12892194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
12902194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume5\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
12912194.454: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\shell32.dll'.
12922194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12932194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #55 'user32.dll'.
12942194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #57 'shlwapi.dll'.
12952194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #59 'gdi32.dll'.
12962194.454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\shell32.dll)
12972194.454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\shell32.dll
12982194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
12992194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume5\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
13002194.454: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume5\Windows\System32\comctl32.dll'.
13012194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
13022194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
13032194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
13042194.454: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\comctl32.dll)
13052194.454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\comctl32.dll
13062194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13072194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13082194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
13092194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13102194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13112194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust]
13122194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
13132194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume5\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
13142194.454: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\shlwapi.dll'.
13152194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
13162194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'user32.dll'.
13172194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'gdi32.dll'.
13182194.454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\shlwapi.dll)
13192194.454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\shlwapi.dll
13202194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13212194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13222194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13232194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13242194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
13252194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13262194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13272194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust]
13282194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13292194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13302194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13312194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13322194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust]
13332194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13342194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13352194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
13362194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
13372194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
13382194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll
13392194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13402194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13412194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
13422194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
13432194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume5\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
13442194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
13452194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13462194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13472194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust]
13482194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13492194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13502194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
13512194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
13522194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
13532194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'combase.dll'.
13542194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
13552194.454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\oleaut32.dll) WinVerifyTrust
13562194.454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\oleaut32.dll
13572194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
13582194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
13592194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
13602194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
13612194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll
13622194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
13632194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume5\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
13642194.454: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\combase.dll'.
13652194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
13662194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
13672194.454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\combase.dll)
13682194.454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\combase.dll
13692194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13702194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13712194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
13722194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
13732194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13742194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13752194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
13762194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
13772194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
13782194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
13792194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'gdi32.dll'.
13802194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'user32.dll'.
13812194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'combase.dll'.
13822194.454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\ole32.dll) WinVerifyTrust
13832194.454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\ole32.dll
13842194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
13852194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume5\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
13862194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\shell32.dll [redoing WinVerifyTrust]
13872194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
13882194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume5\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
13892194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\combase.dll [lacks WinVerifyTrust]
13902194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13912194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13922194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust]
13932194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13942194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13952194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
13962194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
13972194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
13982194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13992194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
14002194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll
14012194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
14022194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
14032194.454: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\shell32.dll'
14042194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
14052194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
14062194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll
14072194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
14082194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
14092194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
14102194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
14112194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
14122194.454: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\gdi32.dll'
14132194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14142194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14152194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [redoing WinVerifyTrust]
14162194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
14172194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
14182194.454: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\user32.dll'
14192194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtopenglvbox4.dll'...
14202194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtopenglvbox4.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qtopenglvbox4.dll' [rcNtRedir=0xc0150008]
14212194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
14222194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
14232194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
14242194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
14252194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qtguivbox4.dll'.
14262194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
14272194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'.
14282194.454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll) WinVerifyTrust
14292194.454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
14302194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
14312194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
14322194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
14332194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
14342194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
14352194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
14362194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
14372194.454: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll'.
14382194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
14392194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
14402194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
14412194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
14422194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
14432194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
14442194.454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll)
14452194.454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
14462194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
14472194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
14482194.454: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll'.
14492194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
14502194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'comdlg32.dll'.
14512194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'.
14522194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
14532194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
14542194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
14552194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
14562194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
14572194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'advapi32.dll'.
14582194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shell32.dll'.
14592194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'qtcorevbox4.dll'.
14602194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp100.dll'.
14612194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcr100.dll'.
14622194.454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll)
14632194.454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
14642194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14652194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14662194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll
14672194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
14682194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
14692194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll
14702194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
14712194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume5\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
14722194.454: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume5\Windows\System32\opengl32.dll'.
14732194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14742194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
14752194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
14762194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
14772194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
14782194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
14792194.454: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\opengl32.dll)
14802194.454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\opengl32.dll
14812194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14822194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14832194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
14842194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume5\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
14852194.454: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume5\Windows\System32\ddraw.dll'.
14862194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14872194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'user32.dll'.
14882194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'gdi32.dll'.
14892194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'dciman32.dll'.
14902194.454: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\ddraw.dll)
14912194.454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\ddraw.dll
14922194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
14932194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume5\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
14942194.454: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume5\Windows\System32\glu32.dll'.
14952194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14962194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
14972194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
14982194.454: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\glu32.dll)
14992194.454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\glu32.dll
15002194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15012194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15022194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll
15032194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
15042194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
15052194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll
15062194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15072194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15082194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
15092194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
15102194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
15112194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
15122194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
15132194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll
15142194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
15152194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
15162194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [lacks WinVerifyTrust]
15172194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
15182194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume5\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
15192194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\shell32.dll
15202194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
15212194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
15222194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll
15232194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15242194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15252194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
15262194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
15272194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ole32.dll
15282194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
15292194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume5\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
15302194.454: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume5\Windows\System32\winspool.drv'.
15312194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
15322194.454: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\winspool.drv)
15332194.454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\winspool.drv
15342194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
15352194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume5\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
15362194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\winmm.dll
15372194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
15382194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume5\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
15392194.454: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\imm32.dll'.
15402194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
15412194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'msctf.dll'.
15422194.454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\imm32.dll)
15432194.454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\imm32.dll
15442194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
15452194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume5\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
15462194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\oleaut32.dll
15472194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
15482194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume5\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
15492194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\comdlg32.dll
15502194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15512194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15522194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
15532194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
15542194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
15552194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
15562194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
15572194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll
15582194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
15592194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
15602194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ws2_32.dll
15612194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
15622194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
15632194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll
15642194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
15652194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
15662194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ole32.dll
15672194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15682194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15692194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
15702194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume5\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
15712194.454: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\msctf.dll'.
15722194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
15732194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
15742194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
15752194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'imm32.dll'.
15762194.454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\msctf.dll)
15772194.454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\msctf.dll
15782194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15792194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15802194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15812194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15822194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15832194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15842194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
15852194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume5\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
15862194.454: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
15872194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15882194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15892194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
15902194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume5\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
15912194.454: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume5\Windows\System32\dciman32.dll'.
15922194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
15932194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
15942194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
15952194.454: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\dciman32.dll)
15962194.454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\dciman32.dll
15972194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15982194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15992194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16002194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16012194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16022194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16032194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16042194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16052194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16062194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16072194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16082194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16092194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
16102194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume5\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
16112194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\imm32.dll [lacks WinVerifyTrust]
16122194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16132194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16142194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16152194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16162194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll
16172194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16182194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16192194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
16202194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
16212194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'comdlg32.dll'.
16222194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'.
16232194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
16242194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
16252194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
16262194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
16272194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
16282194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'advapi32.dll'.
16292194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shell32.dll'.
16302194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'qtcorevbox4.dll'.
16312194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp100.dll'.
16322194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcr100.dll'.
16332194.454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll) WinVerifyTrust
16342194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
16352194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
16362194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [redoing WinVerifyTrust]
16372194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
16382194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
16392194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
16402194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
16412194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
16422194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll
16432194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
16442194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
16452194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [lacks WinVerifyTrust]
16462194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
16472194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume5\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
16482194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\shell32.dll
16492194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
16502194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
16512194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll
16522194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16532194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16542194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
16552194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
16562194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ole32.dll
16572194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
16582194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume5\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
16592194.454: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\winspool.drv [lacks WinVerifyTrust]
16602194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
16612194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume5\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
16622194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\winmm.dll
16632194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
16642194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume5\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
16652194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\imm32.dll [lacks WinVerifyTrust]
16662194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
16672194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume5\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
16682194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\oleaut32.dll
16692194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
16702194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume5\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
16712194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\comdlg32.dll
16722194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16732194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16742194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
16752194.454: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll'
16762194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
16772194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
16782194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll [redoing WinVerifyTrust]
16792194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
16802194.454: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll'
16812194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
16822194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
16832194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll
16842194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
16852194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
16862194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
16872194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume5\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
16882194.454: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
16892194.454: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000540 pwszName=\Device\HarddiskVolume5\Windows\System32\opengl32.dll
16902194.454: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000014809d0
16912194.454: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000014809d0
16922194.454: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2C6D4490D969C3233E8843AD4B11DB3F390C0B16
16932194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
16942194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
16952194.454: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1537_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume5\Windows\System32\opengl32.dll'
16962194.454: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16972194.454: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\opengl32.dll'
16982194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
16992194.454: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.dll
17002194.454: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\opengl32.dll
17012194.454: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
17022194.454: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [avoiding WinVerifyTrust]
17032194.454: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
17042194.454: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\winmm.dll
17052194.454: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
17062194.454: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\ddraw.dll [avoiding WinVerifyTrust]
17072194.454: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
17082194.454: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\combase.dll [avoiding WinVerifyTrust]
17092194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
17102194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
17112194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
17122194.454: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_34ae2abd958aedeb\comctl32.dll)
17132194.454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_34ae2abd958aedeb\comctl32.dll
17142194.454: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
17152194.454: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\dciman32.dll [avoiding WinVerifyTrust]
17162194.454: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\cfgmgr32.dll [avoiding WinVerifyTrust]
17172194.454: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\devobj.dll [avoiding WinVerifyTrust]
17182194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17192194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'combase.dll'.
17202194.454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\SHCore.dll)
17212194.454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\SHCore.dll
17222194.454: supR3HardenedDllNotificationCallback: load 00007ffc7a040000 LB 0x00177000 C:\Windows\system32\USER32.dll [fFlags=0x0]
17232194.454: supR3HardenedDllNotificationCallback: load 00007ffc7a240000 LB 0x00150000 C:\Windows\system32\GDI32.dll [fFlags=0x0]
17242194.454: supR3HardenedDllNotificationCallback: load 00007ffc74850000 LB 0x00009000 C:\Windows\SYSTEM32\DCIMAN32.dll [fFlags=0x0]
17252194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\dciman32.dll [avoiding WinVerifyTrust]
17262194.454: supR3HardenedDllNotificationCallback: load 00007ffc675a0000 LB 0x000f8000 C:\Windows\SYSTEM32\DDRAW.dll [fFlags=0x0]
17272194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\ddraw.dll [avoiding WinVerifyTrust]
17282194.454: supR3HardenedDllNotificationCallback: load 00007ffc71b80000 LB 0x0002e000 C:\Windows\SYSTEM32\GLU32.dll [fFlags=0x0]
17292194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
17302194.454: supR3HardenedDllNotificationCallback: load 00007ffc68370000 LB 0x0012b000 C:\Windows\SYSTEM32\OPENGL32.dll [fFlags=0x0]
17312194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\opengl32.dll
17322194.454: supR3HardenedDllNotificationCallback: load 00007ffc77cd0000 LB 0x00211000 C:\Windows\SYSTEM32\combase.dll [fFlags=0x0]
17332194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\combase.dll [avoiding WinVerifyTrust]
17342194.454: supR3HardenedDllNotificationCallback: load 00007ffc78620000 LB 0x00194000 C:\Windows\system32\ole32.dll [fFlags=0x0]
17352194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ole32.dll
17362194.454: supR3HardenedDllNotificationCallback: load 0000000076440000 LB 0x002de000 C:\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [fFlags=0x0]
17372194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
17382194.454: supR3HardenedDllNotificationCallback: load 00007ffc7a1d0000 LB 0x00054000 C:\Windows\system32\SHLWAPI.dll [fFlags=0x0]
17392194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\shlwapi.dll [avoiding WinVerifyTrust]
17402194.454: supR3HardenedDllNotificationCallback: load 00007ffc74b00000 LB 0x000a4000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_34ae2abd958aedeb\COMCTL32.dll [fFlags=0x0]
17412194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_34ae2abd958aedeb\comctl32.dll [avoiding WinVerifyTrust]
17422194.454: supR3HardenedDllNotificationCallback: load 00007ffc78a30000 LB 0x0152b000 C:\Windows\system32\SHELL32.dll [fFlags=0x0]
17432194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\shell32.dll
17442194.454: supR3HardenedDllNotificationCallback: load 00007ffc75d80000 LB 0x000b2000 C:\Windows\SYSTEM32\SHCORE.DLL [fFlags=0x0]
17452194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\SHCore.dll [avoiding WinVerifyTrust]
17462194.454: supR3HardenedDllNotificationCallback: load 00007ffc781c0000 LB 0x000b6000 C:\Windows\system32\COMDLG32.dll [fFlags=0x0]
17472194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\comdlg32.dll
17482194.454: supR3HardenedDllNotificationCallback: load 00007ffc79f60000 LB 0x000c1000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
17492194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\oleaut32.dll
17502194.454: supR3HardenedDllNotificationCallback: load 00007ffc77b70000 LB 0x00152000 C:\Windows\system32\MSCTF.dll [fFlags=0x0]
17512194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msctf.dll [avoiding WinVerifyTrust]
17522194.454: supR3HardenedDllNotificationCallback: load 00007ffc78180000 LB 0x00036000 C:\Windows\system32\IMM32.dll [fFlags=0x0]
17532194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
17542194.454: supR3HardenedDllNotificationCallback: load 00007ffc77910000 LB 0x0004f000 C:\Windows\SYSTEM32\cfgmgr32.dll [fFlags=0x0]
17552194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\cfgmgr32.dll [avoiding WinVerifyTrust]
17562194.454: supR3HardenedDllNotificationCallback: load 00007ffc762f0000 LB 0x00028000 C:\Windows\SYSTEM32\DEVOBJ.dll [fFlags=0x0]
17572194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\devobj.dll [avoiding WinVerifyTrust]
17582194.454: supR3HardenedDllNotificationCallback: load 00007ffc74f50000 LB 0x0002a000 C:\Windows\SYSTEM32\WINMMBASE.dll [fFlags=0x0]
17592194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
17602194.454: supR3HardenedDllNotificationCallback: load 00007ffc75000000 LB 0x00022000 C:\Windows\SYSTEM32\WINMM.dll [fFlags=0x0]
17612194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\winmm.dll
17622194.454: supR3HardenedDllNotificationCallback: load 00007ffc748c0000 LB 0x00082000 C:\Windows\SYSTEM32\WINSPOOL.DRV [fFlags=0x0]
17632194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
17642194.454: supR3HardenedDllNotificationCallback: load 0000000075ad0000 LB 0x0096c000 C:\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [fFlags=0x0]
17652194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [avoiding WinVerifyTrust]
17662194.454: supR3HardenedDllNotificationCallback: load 00000000759f0000 LB 0x000dc000 C:\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll [fFlags=0x0]
17672194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
17682194.454: supR3HardenedDllNotificationCallback: load 00007ffc4ac70000 LB 0x00abe000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
17692194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.dll
17702194.454: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\SHCore.dll'.
17712194.454: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\SHCore.dll' [rescheduled]
17722194.454: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume5\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_34ae2abd958aedeb\comctl32.dll'.
17732194.454: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_34ae2abd958aedeb\comctl32.dll' [rescheduled]
17742194.454: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume5\Windows\System32\dciman32.dll'.
17752194.454: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\dciman32.dll' [rescheduled]
17762194.454: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\msctf.dll'.
17772194.454: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\msctf.dll' [rescheduled]
17782194.454: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\imm32.dll'.
17792194.454: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\imm32.dll' [rescheduled]
17802194.454: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume5\Windows\System32\winspool.drv'.
17812194.454: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\winspool.drv' [rescheduled]
17822194.454: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume5\Windows\System32\glu32.dll'.
17832194.454: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\glu32.dll' [rescheduled]
17842194.454: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume5\Windows\System32\ddraw.dll'.
17852194.454: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\ddraw.dll' [rescheduled]
17862194.454: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll'.
17872194.454: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll' [rescheduled]
17882194.454: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\combase.dll'.
17892194.454: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\combase.dll' [rescheduled]
17902194.454: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\shlwapi.dll'.
17912194.454: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\shlwapi.dll' [rescheduled]
17922194.454: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume5\Windows\System32\comctl32.dll'.
17932194.454: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\comctl32.dll' [rescheduled]
17942194.454: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\cfgmgr32.dll'.
17952194.454: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\cfgmgr32.dll' [rescheduled]
17962194.454: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\devobj.dll'.
17972194.454: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\devobj.dll' [rescheduled]
17982194.454: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\winmmbase.dll'.
17992194.454: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\winmmbase.dll' [rescheduled]
18002194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\imm32.dll [redoing WinVerifyTrust]
18012194.454: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\imm32.dll'.
18022194.454: supR3HardenedScreenImage/LdrLoadDll: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume5\Windows\System32\imm32.dll
18032194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
18042194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume5\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
18052194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\combase.dll [redoing WinVerifyTrust]
18062194.454: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\combase.dll'.
18072194.454: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume5\Windows\System32\combase.dll
18082194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18092194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18102194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18112194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18122194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18132194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18142194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
18152194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
18162194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll
18172194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18182194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc78180000 'C:\Windows\system32\imm32.dll'
18192194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc4ac70000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
18202194.454: SUPR3HardenedMain: Calling TrustedMain (00007ffc4ac710d0)...
18212194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\winmm.dll
18222194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18232194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc75000000 'C:\Windows\system32\winmm.dll'
18242194.454: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000648 pwszName=\Device\HarddiskVolume5\Windows\System32\uxtheme.dll
18252194.454: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000014809d0
18262194.454: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000014809d0
18272194.454: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=011C79DEF7FEEC81838000B9664073BAE4A7CB92
18282194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
18292194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
18302194.454: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1357_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume5\Windows\System32\uxtheme.dll'
18312194.454: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18322194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18332194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
18342194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'gdi32.dll'.
18352194.454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\uxtheme.dll) WinVerifyTrust
18362194.454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\uxtheme.dll
18372194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18382194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18392194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll
18402194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18412194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18422194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18432194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18442194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
18452194.454: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\uxtheme.dll
18462194.454: supR3HardenedDllNotificationCallback: load 00007ffc76150000 LB 0x00129000 C:\Windows\system32\uxtheme.dll [fFlags=0x0]
18472194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\uxtheme.dll
18482194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc76150000 'C:\Windows\system32\uxtheme.dll'
18492194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\uxtheme.dll
18502194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
18512194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc76150000 'C:\Windows\system32\uxtheme.dll'
18522194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\uxtheme.dll
18532194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
18542194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc76150000 'C:\Windows\system32\uxtheme.dll'
18552194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\uxtheme.dll
18562194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
18572194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc76150000 'C:\Windows\system32\uxtheme.dll'
18582194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18592194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'user32.dll'.
18602194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'gdi32.dll'.
18612194.454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\dwmapi.dll)
18622194.454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\dwmapi.dll
18632194.454: supR3HardenedDllNotificationCallback: load 00007ffc75b80000 LB 0x00021000 C:\Windows\system32\dwmapi.dll [fFlags=0x0]
18642194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
18652194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcrt.dll'.
18662194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
18672194.454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\kernel.appcore.dll)
18682194.454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\kernel.appcore.dll
18692194.454: supR3HardenedDllNotificationCallback: load 00007ffc76340000 LB 0x0000b000 C:\Windows\SYSTEM32\kernel.appcore.dll [fFlags=0x0]
18702194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kernel.appcore.dll [avoiding WinVerifyTrust]
18712194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
18722194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
18732194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18742194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18752194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18762194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18772194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18782194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18792194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18802194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18812194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
18822194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
18832194.454: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\kernel.appcore.dll'
18842194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
18852194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
18862194.454: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\dwmapi.dll'
18872194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\shell32.dll
18882194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18892194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc78a30000 'C:\Windows\system32\shell32.dll'
18902194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kernel32.dll
18912194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18922194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc78340000 'C:\Windows\system32\kernel32.dll'
18932194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\uxtheme.dll
18942194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18952194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc76150000 'C:\Windows\system32\uxtheme.dll'
18962194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\uxtheme.dll
18972194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18982194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc76150000 'C:\Windows\system32\uxtheme.dll'
18992194.454: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
19002194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
19012194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll'
19022194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc7a040000 'C:\Windows\system32\user32.dll'
19032194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\uxtheme.dll
19042194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
19052194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc76150000 'C:\Windows\system32\uxtheme.dll'
19062194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc7a040000 'C:\Windows\system32\user32.dll'
19072194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc78480000 'C:\Windows\system32\advapi32.dll'
19082194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
19092194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
19102194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19112194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
19122194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'profapi.dll'.
19132194.454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\userenv.dll) WinVerifyTrust
19142194.454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\userenv.dll
19152194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
19162194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume5\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
19172194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\profapi.dll
19182194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
19192194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
19202194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19212194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19222194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
19232194.454: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\userenv.dll
19242194.454: supR3HardenedDllNotificationCallback: load 00007ffc76a00000 LB 0x00021000 C:\Windows\system32\userenv.dll [fFlags=0x0]
19252194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\userenv.dll
19262194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc76a00000 'C:\Windows\system32\userenv.dll'
19272194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kernel32.dll
19282194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
19292194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc78340000 'C:\Windows\system32\kernel32.dll'
19302194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19312194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
19322194.454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\clbcatq.dll)
19332194.454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\clbcatq.dll
19342194.454: supR3HardenedDllNotificationCallback: load 00007ffc787c0000 LB 0x000b6000 C:\Windows\SYSTEM32\clbcatq.dll [fFlags=0x0]
19352194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\clbcatq.dll [avoiding WinVerifyTrust]
19362194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
19372194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
19382194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19392194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19402194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
19412194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
19422194.454: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\clbcatq.dll'
19432194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
19442194.2334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
19452194.2334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
19462194.2334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
19472194.2334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'psapi.dll'.
19482194.2334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
19492194.2334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
19502194.2334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'version.dll'.
19512194.2334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ws2_32.dll'.
19522194.2334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'.
19532194.2334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
19542194.2334: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
19552194.2334: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxC.dll
19562194.2334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
19572194.2334: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume5\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
19582194.2334: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\oleaut32.dll
19592194.2334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
19602194.2334: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
19612194.2334: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ole32.dll
19622194.2334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
19632194.2334: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
19642194.2334: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ws2_32.dll
19652194.2334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
19662194.2334: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume5\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
19672194.2334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
19682194.2334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
19692194.2334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
19702194.2334: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\version.dll) WinVerifyTrust
19712194.2334: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\version.dll
19722194.2334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
19732194.2334: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
19742194.2334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
19752194.2334: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
19762194.2334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'psapi.dll'...
19772194.2334: supR3HardenedWinVerifyCacheProcessImportTodos: 'psapi.dll' -> '\Device\HarddiskVolume5\Windows\System32\psapi.dll' [rcNtRedir=0xc0150008]
19782194.2334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19792194.2334: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19802194.2334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
19812194.2334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
19822194.2334: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\psapi.dll) WinVerifyTrust
19832194.2334: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\psapi.dll
19842194.2334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
19852194.2334: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
19862194.2334: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll
19872194.2334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
19882194.2334: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
19892194.2334: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll
19902194.2334: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
19912194.2334: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxC.dll
19922194.2334: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\version.dll
19932194.2334: supR3HardenedDllNotificationCallback: load 00007ffc7a030000 LB 0x00007000 C:\Windows\system32\PSAPI.DLL [fFlags=0x0]
19942194.2334: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\psapi.dll
19952194.2334: supR3HardenedDllNotificationCallback: load 00007ffc75060000 LB 0x0000a000 C:\Windows\SYSTEM32\VERSION.dll [fFlags=0x0]
19962194.2334: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\version.dll
19972194.2334: supR3HardenedDllNotificationCallback: load 00007ffc4de10000 LB 0x005d8000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
19982194.2334: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxC.dll
19992194.2334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc4de10000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
20002194.2334: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\oleaut32.dll
20012194.2334: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
20022194.2334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc79f60000 'C:\Windows\System32\oleaut32.dll'
20032194.2334: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\sxs.dll)
20042194.2334: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\sxs.dll
20052194.2334: supR3HardenedDllNotificationCallback: load 00007ffc77430000 LB 0x00099000 C:\Windows\SYSTEM32\sxs.dll [fFlags=0x0]
20062194.2334: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\sxs.dll [avoiding WinVerifyTrust]
20072194.454: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000006dc pwszName=\Device\HarddiskVolume5\Windows\System32\sxs.dll
20082194.454: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000014809d0
20092194.454: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000014809d0
20102194.454: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CE9E354C30F5B2A6EDC3DE9416DF14533BE89816
20112194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
20122194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
20132194.454: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_68_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume5\Windows\System32\sxs.dll'
20142194.454: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20152194.454: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\sxs.dll'
20162194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\oleaut32.dll
20172194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.dll (Input=OLEAUT32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20182194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc79f60000 'C:\Windows\system32\OLEAUT32.dll'
20192194.454: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
20202194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20212194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll'
20222194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc7a240000 'C:\Windows\system32\gdi32.dll'
20232194.22f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
20242194.22f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
20252194.22f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
20262194.22f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
20272194.22f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
20282194.22f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll) WinVerifyTrust
20292194.22f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
20302194.22f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
20312194.22f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
20322194.22f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
20332194.22f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
20342194.22f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxPuelMain.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20352194.22f4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
20362194.22f4: supR3HardenedDllNotificationCallback: load 00007ffc75e60000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL [fFlags=0x0]
20372194.22f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
20382194.22f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc75e60000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxPuelMain.DLL'
20392194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc7a040000 'C:\Windows\system32\user32.dll'
20402194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\shell32.dll
20412194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20422194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc78a30000 'C:\Windows\system32\shell32.dll'
20432194.454: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b04 pwszName=\Device\HarddiskVolume5\Windows\System32\apphelp.dll
20442194.454: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000014809d0
20452194.454: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000014809d0
20462194.454: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=42E26D076286ECAAC1729250540377F2004F5DC1
20472194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
20482194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
20492194.454: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB3107998~31bf3856ad364e35~amd64~~6.3.1.1.cat'; file='\Device\HarddiskVolume5\Windows\System32\apphelp.dll'
20502194.454: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20512194.454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\apphelp.dll) WinVerifyTrust
20522194.454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\apphelp.dll
20532194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
20542194.454: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\apphelp.dll
20552194.454: supR3HardenedDllNotificationCallback: load 00007ffc75850000 LB 0x0008e000 C:\Windows\system32\apphelp.dll [fFlags=0x0]
20562194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\apphelp.dll
20572194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc75850000 'C:\Windows\system32\apphelp.dll'
20582194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ole32.dll
20592194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
20602194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc78620000 'C:\Windows\system32\ole32.dll'
20612194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ole32.dll
20622194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20632194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc78620000 'C:\Windows\system32\ole32.dll'
20642194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\oleaut32.dll
20652194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20662194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc79f60000 'C:\Windows\system32\OLEAUT32.dll'
20672194.454: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b28 pwszName=\Device\HarddiskVolume5\Windows\System32\wbem\wbemprox.dll
20682194.454: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000014809d0
20692194.454: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000014809d0
20702194.454: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=423F3447A3399AF560C707709A03AE5E23FA1CAD
20712194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
20722194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
20732194.454: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_746_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume5\Windows\System32\wbem\wbemprox.dll'
20742194.454: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20752194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20762194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
20772194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
20782194.454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
20792194.454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\wbem\wbemprox.dll
20802194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
20812194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume5\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
20822194.454: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b80 pwszName=\Device\HarddiskVolume5\Windows\System32\wbemcomn.dll
20832194.454: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000014809d0
20842194.454: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000014809d0
20852194.454: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3E264B83DD0BC4A26011E964C5856C40BC4FD6A4
20862194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
20872194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
20882194.454: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_746_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume5\Windows\System32\wbemcomn.dll'
20892194.454: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20902194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20912194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'ws2_32.dll'.
20922194.454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\wbemcomn.dll) WinVerifyTrust
20932194.454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\wbemcomn.dll
20942194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
20952194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
20962194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ws2_32.dll
20972194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20982194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20992194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
21002194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
21012194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ws2_32.dll
21022194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21032194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21042194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
21052194.454: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wbem\wbemprox.dll
21062194.454: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wbemcomn.dll
21072194.454: supR3HardenedDllNotificationCallback: load 00007ffc73580000 LB 0x00082000 C:\Windows\SYSTEM32\wbemcomn.dll [fFlags=0x0]
21082194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wbemcomn.dll
21092194.454: supR3HardenedDllNotificationCallback: load 00007ffc73610000 LB 0x00011000 C:\Windows\system32\wbem\wbemprox.dll [fFlags=0x0]
21102194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wbem\wbemprox.dll
21112194.454: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
21122194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc775b0000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
21132194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc73610000 'C:\Windows\system32\wbem\wbemprox.dll'
21142194.454: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000930 pwszName=\Device\HarddiskVolume5\Windows\System32\wbem\wbemsvc.dll
21152194.454: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000014809d0
21162194.454: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000014809d0
21172194.454: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=34CAAFAC191912291EB7000AE3D54335A7FD4C18
21182194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll
21192194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21202194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
21212194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
21222194.454: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_746_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume5\Windows\System32\wbem\wbemsvc.dll'
21232194.454: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21242194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21252194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
21262194.454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
21272194.454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\wbem\wbemsvc.dll
21282194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
21292194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
21302194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21312194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21322194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll
21332194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
21342194.454: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wbem\wbemsvc.dll
21352194.454: supR3HardenedDllNotificationCallback: load 00007ffc6a7e0000 LB 0x00015000 C:\Windows\system32\wbem\wbemsvc.dll [fFlags=0x0]
21362194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wbem\wbemsvc.dll
21372194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc6a7e0000 'C:\Windows\system32\wbem\wbemsvc.dll'
21382194.454: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
21392194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc775b0000 'api-ms-win-core-localization-l1-2-0.dll'
21402194.454: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
21412194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc775b0000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
21422194.454: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ba8 pwszName=\Device\HarddiskVolume5\Windows\System32\wbem\fastprox.dll
21432194.454: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000014809d0
21442194.454: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000014809d0
21452194.454: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=92F5EA7DEF5292B930D85382B83309F563FFA69F
21462194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
21472194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
21482194.454: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_746_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume5\Windows\System32\wbem\fastprox.dll'
21492194.454: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21502194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21512194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
21522194.454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
21532194.454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\wbem\fastprox.dll
21542194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
21552194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume5\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
21562194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wbemcomn.dll
21572194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21582194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21592194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
21602194.454: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wbem\fastprox.dll
21612194.454: supR3HardenedDllNotificationCallback: load 00007ffc6a800000 LB 0x000fb000 C:\Windows\system32\wbem\fastprox.dll [fFlags=0x0]
21622194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wbem\fastprox.dll
21632194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc6a800000 'C:\Windows\system32\wbem\fastprox.dll'
21642194.454: supR3HardenedMonitor_LdrLoadDll: 'C:\Windows\system32\comctl32.dll' -> 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_34ae2abd958aedeb\comctl32.dll' [redir]
21652194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_34ae2abd958aedeb\comctl32.dll [redoing WinVerifyTrust]
21662194.454: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005bc pwszName=\Device\HarddiskVolume5\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_34ae2abd958aedeb\comctl32.dll
21672194.454: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000014809d0
21682194.454: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000014809d0
21692194.454: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F6522FA6F02EF4787F28DA6C27054084E2173E41
21702194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
21712194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
21722194.454: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB3059317~31bf3856ad364e35~amd64~~6.3.1.0.cat'; file='\Device\HarddiskVolume5\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_34ae2abd958aedeb\comctl32.dll'
21732194.454: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21742194.454: supR3HardenedScreenImage/LdrLoadDll: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_34ae2abd958aedeb\comctl32.dll'
21752194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_34ae2abd958aedeb\comctl32.dll (Input=C:\Windows\system32\comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21762194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc74b00000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_34ae2abd958aedeb\comctl32.dll'
21772194.1728: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
21782194.1728: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
21792194.1728: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
21802194.1728: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
21812194.1728: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
21822194.1728: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxVMM.dll
21832194.1728: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
21842194.1728: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
21852194.1728: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
21862194.1728: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
21872194.1728: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
21882194.1728: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
21892194.1728: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
21902194.1728: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
21912194.1728: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
21922194.1728: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxREM.dll
21932194.1728: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
21942194.1728: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
21952194.1728: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21962194.1728: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21972194.1728: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
21982194.1728: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
21992194.1728: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxVMM.dll
22002194.1728: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
22012194.1728: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
22022194.1728: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22032194.1728: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxVMM.dll
22042194.1728: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxREM.dll
22052194.1728: supR3HardenedDllNotificationCallback: load 00000000758e0000 LB 0x0010a000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
22062194.1728: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxREM.dll
22072194.1728: supR3HardenedDllNotificationCallback: load 00007ffc4da50000 LB 0x0029c000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
22082194.1728: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxVMM.dll
22092194.1728: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc4da50000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
22102194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
22112194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
22122194.2024: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\drivers\VBoxUSBMon.sys)
22132194.2024: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\drivers\VBoxUSBMon.sys
22142194.2024: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\drivers\VBoxUSBMon.sys [avoiding WinVerifyTrust]
22152194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
22162194.2024: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\drivers\VBoxDrv.sys)
22172194.2024: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\drivers\VBoxDrv.sys
22182194.2024: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\drivers\VBoxDrv.sys [avoiding WinVerifyTrust]
22192194.2024: \Device\HarddiskVolume5\Windows\System32\drivers\VBoxNetAdp6.sys: Owner is administrators group.
22202194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ndis.sys'.
22212194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ntoskrnl.exe'.
22222194.2024: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\drivers\VBoxNetAdp6.sys)
22232194.2024: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\drivers\VBoxNetAdp6.sys
22242194.2024: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\drivers\VBoxNetAdp6.sys [avoiding WinVerifyTrust]
22252194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
22262194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ndis.sys'.
22272194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'netio.sys'.
22282194.2024: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\drivers\VBoxNetLwf.sys)
22292194.2024: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\drivers\VBoxNetLwf.sys
22302194.2024: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\drivers\VBoxNetLwf.sys [avoiding WinVerifyTrust]
22312194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netio.sys'...
22322194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'netio.sys' -> '\Device\HarddiskVolume5\Windows\System32\drivers\netio.sys' [rcNtRedir=0xc0150008]
22332194.2024: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\drivers\netio.sys'.
22342194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
22352194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ndis.sys'.
22362194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msrpc.sys'.
22372194.2024: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\drivers\netio.sys)
22382194.2024: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\drivers\netio.sys
22392194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ndis.sys'...
22402194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'ndis.sys' -> '\Device\HarddiskVolume5\Windows\System32\drivers\ndis.sys' [rcNtRedir=0xc0150008]
22412194.2024: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\drivers\ndis.sys'.
22422194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
22432194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
22442194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'netio.sys'.
22452194.2024: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\drivers\ndis.sys)
22462194.2024: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\drivers\ndis.sys
22472194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
22482194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
22492194.2024: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe'.
22502194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'pshed.dll'.
22512194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'hal.dll'.
22522194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'bootvid.dll'.
22532194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'kdcom.dll'.
22542194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'ci.dll'.
22552194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'msrpc.sys'.
22562194.2024: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe)
22572194.2024: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe
22582194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
22592194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
22602194.2024: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
22612194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ndis.sys'...
22622194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'ndis.sys' -> '\Device\HarddiskVolume5\Windows\System32\drivers\ndis.sys' [rcNtRedir=0xc0150008]
22632194.2024: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\drivers\ndis.sys [lacks WinVerifyTrust]
22642194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
22652194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
22662194.2024: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
22672194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
22682194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
22692194.2024: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
22702194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msrpc.sys'...
22712194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Failed to locate 'msrpc.sys'
22722194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ci.dll'...
22732194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'ci.dll' -> '\Device\HarddiskVolume5\Windows\System32\ci.dll' [rcNtRedir=0xc0150008]
22742194.2024: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\ci.dll'.
22752194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
22762194.2024: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\ci.dll)
22772194.2024: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\ci.dll
22782194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'kdcom.dll'...
22792194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'kdcom.dll' -> '\Device\HarddiskVolume5\Windows\System32\kdcom.dll' [rcNtRedir=0xc0150008]
22802194.2024: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\kdcom.dll'.
22812194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
22822194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
22832194.2024: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\kdcom.dll)
22842194.2024: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\kdcom.dll
22852194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bootvid.dll'...
22862194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'bootvid.dll' -> '\Device\HarddiskVolume5\Windows\System32\bootvid.dll' [rcNtRedir=0xc0150008]
22872194.2024: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\BOOTVID.DLL'.
22882194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
22892194.2024: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\BOOTVID.DLL)
22902194.2024: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\BOOTVID.DLL
22912194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
22922194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume5\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
22932194.2024: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\hal.dll'.
22942194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
22952194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'kdcom.dll'.
22962194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'pshed.dll'.
22972194.2024: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\hal.dll)
22982194.2024: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\hal.dll
22992194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'pshed.dll'...
23002194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'pshed.dll' -> '\Device\HarddiskVolume5\Windows\System32\pshed.dll' [rcNtRedir=0xc0150008]
23012194.2024: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\PSHED.DLL'.
23022194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
23032194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
23042194.2024: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\PSHED.DLL)
23052194.2024: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\PSHED.DLL
23062194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netio.sys'...
23072194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'netio.sys' -> '\Device\HarddiskVolume5\Windows\System32\drivers\netio.sys' [rcNtRedir=0xc0150008]
23082194.2024: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\drivers\netio.sys [lacks WinVerifyTrust]
23092194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
23102194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume5\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
23112194.2024: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\hal.dll [lacks WinVerifyTrust]
23122194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
23132194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
23142194.2024: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
23152194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msrpc.sys'...
23162194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'msrpc.sys' -> '\Device\HarddiskVolume5\Windows\System32\drivers\msrpc.sys' [rcNtRedir=0xc0150008]
23172194.2024: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\drivers\msrpc.sys'.
23182194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
23192194.2024: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\drivers\msrpc.sys)
23202194.2024: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\drivers\msrpc.sys
23212194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ndis.sys'...
23222194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'ndis.sys' -> '\Device\HarddiskVolume5\Windows\System32\drivers\ndis.sys' [rcNtRedir=0xc0150008]
23232194.2024: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\drivers\ndis.sys [lacks WinVerifyTrust]
23242194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
23252194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
23262194.2024: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
23272194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
23282194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
23292194.2024: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
23302194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
23312194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume5\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
23322194.2024: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\hal.dll [lacks WinVerifyTrust]
23332194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
23342194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
23352194.2024: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
23362194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'pshed.dll'...
23372194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'pshed.dll' -> '\Device\HarddiskVolume5\Windows\System32\pshed.dll' [rcNtRedir=0xc0150008]
23382194.2024: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\PSHED.DLL [lacks WinVerifyTrust]
23392194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'kdcom.dll'...
23402194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'kdcom.dll' -> '\Device\HarddiskVolume5\Windows\System32\kdcom.dll' [rcNtRedir=0xc0150008]
23412194.2024: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kdcom.dll [lacks WinVerifyTrust]
23422194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
23432194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
23442194.2024: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
23452194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
23462194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
23472194.2024: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
23482194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
23492194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume5\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
23502194.2024: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\hal.dll [lacks WinVerifyTrust]
23512194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
23522194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
23532194.2024: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
23542194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
23552194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
23562194.2024: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
23572194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
23582194.2024: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\drivers\VBoxNetLwf.sys'
23592194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
23602194.2024: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\drivers\VBoxNetAdp6.sys'
23612194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
23622194.2024: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\drivers\VBoxDrv.sys'
23632194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
23642194.2024: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\drivers\VBoxUSBMon.sys'
23652194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
23662194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
23672194.2024: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\drivers\msrpc.sys'
23682194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
23692194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
23702194.2024: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\PSHED.DLL'
23712194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
23722194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
23732194.2024: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\hal.dll'
23742194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
23752194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
23762194.2024: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\BOOTVID.DLL'
23772194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
23782194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
23792194.2024: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\kdcom.dll'
23802194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
23812194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
23822194.2024: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\ci.dll'
23832194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
23842194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
23852194.2024: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\ntoskrnl.exe'
23862194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
23872194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
23882194.2024: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\drivers\ndis.sys'
23892194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
23902194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
23912194.2024: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\drivers\netio.sys'
23922194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
23932194.2024: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll
23942194.2024: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23952194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
23962194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23972194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'.
23982194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'nsi.dll'.
23992194.2024: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\netcfgx.dll) WinVerifyTrust
24002194.2024: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\netcfgx.dll
24012194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
24022194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume5\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
24032194.2024: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\nsi.dll [redoing WinVerifyTrust]
24042194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
24052194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
24062194.2024: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\nsi.dll'
24072194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
24082194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume5\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
24092194.2024: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\oleaut32.dll
24102194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24112194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24122194.2024: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\netcfgx.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
24132194.2024: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\netcfgx.dll
24142194.2024: supR3HardenedDllNotificationCallback: load 00007ffc70390000 LB 0x00079000 C:\Windows\System32\netcfgx.dll [fFlags=0x0]
24152194.2024: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\netcfgx.dll
24162194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc70390000 'C:\Windows\System32\netcfgx.dll'
24172194.2024: supR3HardenedDllNotificationCallback: load 00007ffc77fa0000 LB 0x001da000 C:\Windows\system32\SETUPAPI.dll [fFlags=0x0]
24182194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'cfgmgr32.dll'.
24192194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
24202194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
24212194.2024: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\setupapi.dll)
24222194.2024: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\setupapi.dll
24232194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24242194.2024: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\devrtl.dll)
24252194.2024: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\devrtl.dll
24262194.2024: supR3HardenedDllNotificationCallback: load 00007ffc734d0000 LB 0x00016000 C:\Windows\System32\devrtl.DLL [fFlags=0x0]
24272194.2024: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\devrtl.dll [avoiding WinVerifyTrust]
24282194.2130: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c20 pwszName=\Device\HarddiskVolume5\Windows\System32\devrtl.dll
24292194.2130: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000014809d0
24302194.2130: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000014809d0
24312194.2130: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1BD420FD87C527DD7764DD8C12C3F1C9F0448C71
24322194.2130: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24332194.2130: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24342194.2130: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
24352194.2130: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
24362194.2130: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24372194.2130: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24382194.2130: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
24392194.2130: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume5\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
24402194.2130: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust]
24412194.2130: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
24422194.2130: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
24432194.2130: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1966_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume5\Windows\System32\devrtl.dll'
24442194.2130: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24452194.2130: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\devrtl.dll'
24462194.2130: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
24472194.2130: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
24482194.2130: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\setupapi.dll'
24492194.2130: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
24502194.2130: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
24512194.2130: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
24522194.2130: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
24532194.2130: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
24542194.2130: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
24552194.2130: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
24562194.2130: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
24572194.2130: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
24582194.2130: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
24592194.2130: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
24602194.2130: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
24612194.2130: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
24622194.2130: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxVMM.dll
24632194.2130: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24642194.2130: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
24652194.2130: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24662194.2130: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
24672194.2130: supR3HardenedDllNotificationCallback: load 00007ffc67a60000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
24682194.2130: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
24692194.2130: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc67a60000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
24702194.2144: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
24712194.2144: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
24722194.2144: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
24732194.2144: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
24742194.2144: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
24752194.2144: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
24762194.2144: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
24772194.2144: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
24782194.2144: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
24792194.2144: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
24802194.2144: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll
24812194.2144: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24822194.2144: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
24832194.2144: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24842194.2144: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
24852194.2144: supR3HardenedDllNotificationCallback: load 00007ffc67490000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
24862194.2144: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
24872194.2144: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc67490000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
24882194.18c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
24892194.18c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
24902194.18c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
24912194.18c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
24922194.18c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
24932194.18c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
24942194.18c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
24952194.18c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
24962194.18c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
24972194.18c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
24982194.18c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24992194.18c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
25002194.18c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25012194.18c0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
25022194.18c0: supR3HardenedDllNotificationCallback: load 00007ffc67050000 LB 0x0000f000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
25032194.18c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
25042194.18c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc67050000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
25052194.3b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
25062194.3b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
25072194.3b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
25082194.3b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
25092194.3b0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
25102194.3b0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
25112194.3b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
25122194.3b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
25132194.3b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
25142194.3b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
25152194.3b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
25162194.3b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
25172194.3b0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25182194.3b0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
25192194.3b0: supR3HardenedDllNotificationCallback: load 00007ffc64790000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
25202194.3b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
25212194.3b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc64790000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
25222194.2024: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\shell32.dll
25232194.2024: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/Shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25242194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc78a30000 'C:\Windows\system32/Shell32.dll'
25252194.2024: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxVMM.dll
25262194.2024: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25272194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc4da50000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
25282194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
25292194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
25302194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
25312194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
25322194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
25332194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
25342194.2024: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll) WinVerifyTrust
25352194.2024: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
25362194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
25372194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume5\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
25382194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
25392194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
25402194.2024: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ole32.dll
25412194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
25422194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
25432194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
25442194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
25452194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
25462194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
25472194.2024: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25482194.2024: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
25492194.2024: supR3HardenedDllNotificationCallback: load 00007ffc5a310000 LB 0x00033000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
25502194.2024: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
25512194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc5a310000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxHostWebcam.DLL'
25522194.2024: supR3HardenedDllNotificationCallback: Unload 00007ffc5a310000 LB 0x00033000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
25532194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
25542194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
25552194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
25562194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
25572194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
25582194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
25592194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
25602194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
25612194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
25622194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
25632194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
25642194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
25652194.2024: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
25662194.2024: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDD.dll
25672194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
25682194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume5\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
25692194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
25702194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
25712194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
25722194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winnsi.dll'.
25732194.2024: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
25742194.2024: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\IPHLPAPI.DLL
25752194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
25762194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
25772194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
25782194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
25792194.2024: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ws2_32.dll
25802194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
25812194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume5\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
25822194.2024: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\setupapi.dll
25832194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
25842194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
25852194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
25862194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
25872194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
25882194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume5\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
25892194.2024: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\winnsi.dll'.
25902194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
25912194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
25922194.2024: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\winnsi.dll)
25932194.2024: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\winnsi.dll
25942194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
25952194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume5\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
25962194.2024: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\nsi.dll
25972194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
25982194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume5\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
25992194.2024: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\nsi.dll
26002194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
26012194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
26022194.2024: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll
26032194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
26042194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
26052194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
26062194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
26072194.2024: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
26082194.2024: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDD2.dll
26092194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
26102194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
26112194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
26122194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
26132194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
26142194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
26152194.2024: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxVMM.dll
26162194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
26172194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
26182194.2024: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll
26192194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
26202194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
26212194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
26222194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
26232194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
26242194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'newdev.dll'.
26252194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
26262194.2024: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
26272194.2024: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDDU.dll
26282194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
26292194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
26302194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
26312194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
26322194.2024: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxVMM.dll
26332194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
26342194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
26352194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
26362194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
26372194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'newdev.dll'...
26382194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'newdev.dll' -> '\Device\HarddiskVolume5\Windows\System32\newdev.dll' [rcNtRedir=0xc0150008]
26392194.2024: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000cec pwszName=\Device\HarddiskVolume5\Windows\System32\newdev.dll
26402194.2024: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000014809d0
26412194.2024: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000014809d0
26422194.2024: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9B90F53BC1E04734936A6993D9005F5A7C816F8F
26432194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
26442194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
26452194.2024: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_868_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume5\Windows\System32\newdev.dll'
26462194.2024: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
26472194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26482194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
26492194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
26502194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
26512194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'uxtheme.dll'.
26522194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'cfgmgr32.dll'.
26532194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'setupapi.dll'.
26542194.2024: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\newdev.dll) WinVerifyTrust
26552194.2024: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\newdev.dll
26562194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
26572194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume5\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
26582194.2024: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\setupapi.dll
26592194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
26602194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
26612194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
26622194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
26632194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
26642194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
26652194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
26662194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume5\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
26672194.2024: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\setupapi.dll
26682194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
26692194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume5\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
26702194.2024: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\cfgmgr32.dll [redoing WinVerifyTrust]
26712194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
26722194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
26732194.2024: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\cfgmgr32.dll'
26742194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uxtheme.dll'...
26752194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'uxtheme.dll' -> '\Device\HarddiskVolume5\Windows\System32\uxtheme.dll' [rcNtRedir=0xc0150008]
26762194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
26772194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
26782194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
26792194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
26802194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
26812194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
26822194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26832194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26842194.2024: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26852194.2024: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDD.dll
26862194.2024: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDDU.dll
26872194.2024: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDD2.dll
26882194.2024: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\IPHLPAPI.DLL
26892194.2024: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\newdev.dll
26902194.2024: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\winnsi.dll [avoiding WinVerifyTrust]
26912194.2024: supR3HardenedDllNotificationCallback: load 00007ffc734f0000 LB 0x00056000 C:\Windows\SYSTEM32\newdev.dll [fFlags=0x0]
26922194.2024: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\newdev.dll
26932194.2024: supR3HardenedDllNotificationCallback: load 00007ffc59b40000 LB 0x00061000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
26942194.2024: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDDU.dll
26952194.2024: supR3HardenedDllNotificationCallback: load 00007ffc5a310000 LB 0x00035000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
26962194.2024: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDD2.dll
26972194.2024: supR3HardenedDllNotificationCallback: load 00007ffc73860000 LB 0x0000a000 C:\Windows\SYSTEM32\WINNSI.DLL [fFlags=0x0]
26982194.2024: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\winnsi.dll [avoiding WinVerifyTrust]
26992194.2024: supR3HardenedDllNotificationCallback: load 00007ffc73550000 LB 0x0002a000 C:\Windows\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
27002194.2024: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\IPHLPAPI.DLL
27012194.2024: supR3HardenedDllNotificationCallback: load 00007ffc4a380000 LB 0x008e5000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
27022194.2024: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDD.dll
27032194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc4a380000 'C:\Program Files\Oracle\VirtualBox/VBoxDD.DLL'
27042194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
27052194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
27062194.2024: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\winnsi.dll'
27072194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
27082194.2024: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
27092194.2024: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27102194.2024: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
27112194.2024: supR3HardenedDllNotificationCallback: load 00007ffc599e0000 LB 0x00033000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
27122194.2024: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
27132194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc599e0000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxHostWebcam.DLL'
27142194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
27152194.2024: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxC.dll
27162194.2024: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27172194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc4de10000 'C:\Program Files\Oracle\VirtualBox/VBoxC.DLL'
27182194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
27192194.2024: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDD2.dll
27202194.2024: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27212194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc5a310000 'C:\Program Files\Oracle\VirtualBox/VBoxDD2.DLL'
27222194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
27232194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
27242194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
27252194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
27262194.2024: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll) WinVerifyTrust
27272194.2024: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
27282194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
27292194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
27302194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
27312194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
27322194.2024: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxEhciR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27332194.2024: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
27342194.2024: supR3HardenedDllNotificationCallback: load 00007ffc5d3d0000 LB 0x0001f000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [fFlags=0x0]
27352194.2024: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
27362194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc5d3d0000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxEhciR3.DLL'
27372194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
27382194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
27392194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
27402194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
27412194.2024: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll) WinVerifyTrust
27422194.2024: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
27432194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
27442194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
27452194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
27462194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
27472194.2024: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxUsbCardReaderR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27482194.2024: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
27492194.2024: supR3HardenedDllNotificationCallback: load 00007ffc5d310000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [fFlags=0x0]
27502194.2024: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
27512194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc5d310000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxUsbCardReaderR3.DLL'
27522194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
27532194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
27542194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
27552194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
27562194.2024: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll) WinVerifyTrust
27572194.2024: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
27582194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
27592194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
27602194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
27612194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
27622194.2024: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxUsbWebcamR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27632194.2024: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
27642194.2024: supR3HardenedDllNotificationCallback: load 00007ffc5bab0000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [fFlags=0x0]
27652194.2024: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
27662194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc5bab0000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxUsbWebcamR3.DLL'
27672194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
27682194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
27692194.1308: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
27702194.1308: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
27712194.1308: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
27722194.1308: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
27732194.1308: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
27742194.1308: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
27752194.1308: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
27762194.1308: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
27772194.1308: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
27782194.1308: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
27792194.1308: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxVMM.dll
27802194.1308: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
27812194.1308: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
27822194.1308: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27832194.1308: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
27842194.1308: supR3HardenedDllNotificationCallback: load 00007ffc602d0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
27852194.1308: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
27862194.1308: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc602d0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
27872194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc4da50000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
27882194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
27892194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
27902194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
27912194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
27922194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
27932194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
27942194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
27952194.2024: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll) WinVerifyTrust
27962194.2024: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
27972194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
27982194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
27992194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
28002194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
28012194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
28022194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
28032194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
28042194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
28052194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
28062194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
28072194.2024: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VDPluginCrypt.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28082194.2024: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
28092194.2024: supR3HardenedDllNotificationCallback: load 00007ffc59a70000 LB 0x000c4000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL [fFlags=0x0]
28102194.2024: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
28112194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc59a70000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VDPluginCrypt.DLL'
28122194.2024: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ffc pwszName=\Device\HarddiskVolume5\Windows\System32\dsound.dll
28132194.2024: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000014809d0
28142194.2024: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000014809d0
28152194.2024: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DF2CE4B6EA46F5759902C86AAA15DD883AC6DD4E
28162194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
28172194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
28182194.2024: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_779_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume5\Windows\System32\dsound.dll'
28192194.2024: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
28202194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28212194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
28222194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
28232194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
28242194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winmm.dll'.
28252194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'powrprof.dll'.
28262194.2024: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\dsound.dll) WinVerifyTrust
28272194.2024: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\dsound.dll
28282194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'powrprof.dll'...
28292194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'powrprof.dll' -> '\Device\HarddiskVolume5\Windows\System32\powrprof.dll' [rcNtRedir=0xc0150008]
28302194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
28312194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
28322194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28332194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
28342194.2024: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\powrprof.dll) WinVerifyTrust
28352194.2024: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\powrprof.dll
28362194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
28372194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume5\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
28382194.2024: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\winmm.dll
28392194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
28402194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
28412194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
28422194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
28432194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
28442194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
28452194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28462194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28472194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
28482194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
28492194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28502194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28512194.2024: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28522194.2024: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\dsound.dll
28532194.2024: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\powrprof.dll
28542194.2024: supR3HardenedDllNotificationCallback: load 00007ffc76b20000 LB 0x00046000 C:\Windows\SYSTEM32\POWRPROF.dll [fFlags=0x0]
28552194.2024: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\powrprof.dll
28562194.2024: supR3HardenedDllNotificationCallback: load 00007ffc5a250000 LB 0x0009d000 C:\Windows\system32\dsound.dll [fFlags=0x0]
28572194.2024: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\dsound.dll
28582194.2024: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\dsound.dll
28592194.2024: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28602194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc5a250000 'C:\Windows\system32\dsound.dll'
28612194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc5a250000 'C:\Windows\system32/dsound.dll'
28622194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
28632194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
28642194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28652194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'rpcrt4.dll'.
28662194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'devobj.dll'.
28672194.2024: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\MMDevAPI.dll) WinVerifyTrust
28682194.2024: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\MMDevAPI.dll
28692194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
28702194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume5\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
28712194.2024: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\devobj.dll [redoing WinVerifyTrust]
28722194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
28732194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
28742194.2024: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\devobj.dll'
28752194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
28762194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
28772194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28782194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28792194.2024: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
28802194.2024: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\MMDevAPI.dll
28812194.2024: supR3HardenedDllNotificationCallback: load 00007ffc75490000 LB 0x00070000 C:\Windows\System32\MMDevApi.dll [fFlags=0x0]
28822194.2024: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\MMDevAPI.dll
28832194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc75490000 'C:\Windows\System32\MMDevApi.dll'
28842194.2024: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\MMDevAPI.dll
28852194.2024: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28862194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc75490000 'C:\Windows\system32\MMDEVAPI.DLL'
28872194.2024: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\winmm.dll
28882194.2024: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28892194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc75000000 'C:\Windows\system32\winmm.dll'
28902194.2024: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e64 pwszName=\Device\HarddiskVolume5\Windows\System32\wdmaud.drv
28912194.2024: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000014809d0
28922194.2024: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000014809d0
28932194.2024: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=39D0975C289FEE943955B8CE81B02A0395FAA747
28942194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
28952194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
28962194.2024: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_779_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume5\Windows\System32\wdmaud.drv'
28972194.2024: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
28982194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28992194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'mmdevapi.dll'.
29002194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'user32.dll'.
29012194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'winmm.dll'.
29022194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'ksuser.dll'.
29032194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'avrt.dll'.
29042194.2024: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\wdmaud.drv) WinVerifyTrust
29052194.2024: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\wdmaud.drv
29062194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
29072194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
29082194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
29092194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
29102194.2024: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\avrt.dll) WinVerifyTrust
29112194.2024: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\avrt.dll
29122194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
29132194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume5\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
29142194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
29152194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
29162194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29172194.2024: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\ksuser.dll) WinVerifyTrust
29182194.2024: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\ksuser.dll
29192194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
29202194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume5\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
29212194.2024: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\winmm.dll
29222194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
29232194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
29242194.2024: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll
29252194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
29262194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume5\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
29272194.2024: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\MMDevAPI.dll
29282194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29292194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29302194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29312194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29322194.2024: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29332194.2024: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wdmaud.drv
29342194.2024: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ksuser.dll
29352194.2024: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\avrt.dll
29362194.2024: supR3HardenedDllNotificationCallback: load 00007ffc73870000 LB 0x00008000 C:\Windows\SYSTEM32\ksuser.dll [fFlags=0x0]
29372194.2024: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ksuser.dll
29382194.2024: supR3HardenedDllNotificationCallback: load 00007ffc73630000 LB 0x0000c000 C:\Windows\SYSTEM32\AVRT.dll [fFlags=0x0]
29392194.2024: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\avrt.dll
29402194.2024: supR3HardenedDllNotificationCallback: load 00007ffc594e0000 LB 0x0003e000 C:\Windows\system32\wdmaud.drv [fFlags=0x0]
29412194.2024: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wdmaud.drv
29422194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc594e0000 'C:\Windows\system32\wdmaud.drv'
29432194.2024: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wdmaud.drv
29442194.2024: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29452194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc594e0000 'C:\Windows\system32\wdmaud.drv'
29462194.2024: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wdmaud.drv
29472194.2024: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29482194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc594e0000 'C:\Windows\system32\wdmaud.drv'
29492194.2024: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wdmaud.drv
29502194.2024: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29512194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc594e0000 'C:\Windows\system32\wdmaud.drv'
29522194.2024: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wdmaud.drv
29532194.2024: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29542194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc594e0000 'C:\Windows\system32\wdmaud.drv'
29552194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
29562194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
29572194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29582194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
29592194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
29602194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'mmdevapi.dll'.
29612194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'combase.dll'.
29622194.2024: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\AudioSes.dll) WinVerifyTrust
29632194.2024: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\AudioSes.dll
29642194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
29652194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume5\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
29662194.2024: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\combase.dll [redoing WinVerifyTrust]
29672194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
29682194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
29692194.2024: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\combase.dll'
29702194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
29712194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume5\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
29722194.2024: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\MMDevAPI.dll
29732194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
29742194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume5\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
29752194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
29762194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
29772194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29782194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29792194.2024: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29802194.2024: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\AudioSes.dll
29812194.2024: supR3HardenedDllNotificationCallback: load 00007ffc60250000 LB 0x0007e000 C:\Windows\system32\AUDIOSES.DLL [fFlags=0x0]
29822194.2024: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\AudioSes.dll
29832194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc60250000 'C:\Windows\system32\AUDIOSES.DLL'
29842194.2024: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wdmaud.drv
29852194.2024: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29862194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc594e0000 'C:\Windows\system32\wdmaud.drv'
29872194.2024: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wdmaud.drv
29882194.2024: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29892194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc594e0000 'C:\Windows\system32\wdmaud.drv'
29902194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc594e0000 'C:\Windows\system32\wdmaud.drv'
29912194.2024: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c90 pwszName=\Device\HarddiskVolume5\Windows\System32\msacm32.drv
29922194.2024: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000014809d0
29932194.2024: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000014809d0
29942194.2024: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FC41C5E1A841A83249581F1B29E14A708B8981A9
29952194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
29962194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
29972194.2024: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_779_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume5\Windows\System32\msacm32.drv'
29982194.2024: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
29992194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
30002194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
30012194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
30022194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msacm32.dll'.
30032194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'mmdevapi.dll'.
30042194.2024: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\msacm32.drv) WinVerifyTrust
30052194.2024: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\msacm32.drv
30062194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
30072194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume5\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
30082194.2024: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\MMDevAPI.dll
30092194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
30102194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume5\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
30112194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
30122194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
30132194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
30142194.2024: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\msacm32.dll) WinVerifyTrust
30152194.2024: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\msacm32.dll
30162194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
30172194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume5\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
30182194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
30192194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
30202194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
30212194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
30222194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
30232194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
30242194.2024: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30252194.2024: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msacm32.drv
30262194.2024: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msacm32.dll
30272194.2024: supR3HardenedDllNotificationCallback: load 00007ffc5b950000 LB 0x0001c000 C:\Windows\SYSTEM32\MSACM32.dll [fFlags=0x0]
30282194.2024: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msacm32.dll
30292194.2024: supR3HardenedDllNotificationCallback: load 00007ffc5f210000 LB 0x0000b000 C:\Windows\system32\msacm32.drv [fFlags=0x0]
30302194.2024: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msacm32.drv
30312194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc5f210000 'C:\Windows\system32\msacm32.drv'
30322194.2024: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msacm32.drv
30332194.2024: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30342194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc5f210000 'C:\Windows\system32\msacm32.drv'
30352194.2024: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msacm32.drv
30362194.2024: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30372194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc5f210000 'C:\Windows\system32\msacm32.drv'
30382194.2024: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msacm32.drv
30392194.2024: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30402194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc5f210000 'C:\Windows\system32\msacm32.drv'
30412194.2024: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msacm32.drv
30422194.2024: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30432194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc5f210000 'C:\Windows\system32\msacm32.drv'
30442194.2024: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msacm32.drv
30452194.2024: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30462194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc5f210000 'C:\Windows\system32\msacm32.drv'
30472194.2024: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msacm32.drv
30482194.2024: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30492194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc5f210000 'C:\Windows\system32\msacm32.drv'
30502194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc5f210000 'C:\Windows\system32\msacm32.drv'
30512194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc5f210000 'C:\Windows\system32\msacm32.drv'
30522194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc5f210000 'C:\Windows\system32\msacm32.drv'
30532194.2024: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001028 pwszName=\Device\HarddiskVolume5\Windows\System32\midimap.dll
30542194.2024: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000014809d0
30552194.2024: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000014809d0
30562194.2024: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A0F2984C30BFC77017EA7B9BF6F656853E29D991
30572194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
30582194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
30592194.2024: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_779_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume5\Windows\System32\midimap.dll'
30602194.2024: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
30612194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
30622194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
30632194.2024: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
30642194.2024: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\midimap.dll) WinVerifyTrust
30652194.2024: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\midimap.dll
30662194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
30672194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume5\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
30682194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
30692194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
30702194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
30712194.2024: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
30722194.2024: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30732194.2024: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\midimap.dll
30742194.2024: supR3HardenedDllNotificationCallback: load 00007ffc5f090000 LB 0x0000a000 C:\Windows\system32\midimap.dll [fFlags=0x0]
30752194.2024: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\midimap.dll
30762194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc5f090000 'C:\Windows\system32\midimap.dll'
30772194.2024: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\midimap.dll
30782194.2024: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30792194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc5f090000 'C:\Windows\system32\midimap.dll'
30802194.2024: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\midimap.dll
30812194.2024: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30822194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc5f090000 'C:\Windows\system32\midimap.dll'
30832194.2024: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\midimap.dll
30842194.2024: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30852194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc5f090000 'C:\Windows\system32\midimap.dll'
30862194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc75000000 'C:\Windows\system32\winmm.dll'
30872194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc75000000 'C:\Windows\system32\winmm.dll'
30882194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc75000000 'C:\Windows\system32\winmm.dll'
30892194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc75000000 'C:\Windows\system32\winmm.dll'
30902194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc75000000 'C:\Windows\system32\winmm.dll'
30912194.2024: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\winmm.dll
30922194.2024: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30932194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc75000000 'C:\Windows\system32\winmm.dll'
30942194.2024: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\dsound.dll
30952194.2024: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
30962194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc5a250000 'C:\Windows\System32\dsound.dll'
30972194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc75000000 'C:\Windows\system32\winmm.dll'
30982194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc75000000 'C:\Windows\system32\winmm.dll'
30992194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc75000000 'C:\Windows\system32\winmm.dll'
31002194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc4da50000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
31012194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
31022194.2024: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kernel32.dll
31032194.2024: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
31042194.2024: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc78340000 'C:\Windows\system32/kernel32.dll'
31052194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\opengl32.dll
31062194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OPENGL32.dll (Input=OPENGL32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
31072194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
31082194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc7a240000 'C:\Windows\system32\gdi32.dll'
31092194.454: \Device\HarddiskVolume5\Windows\System32\nvinitx.dll: Owner is administrators group.
31102194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
31112194.454: supR3HardNtViCallWinVerifyTrust: WinVerifyTrust failed with 0x800b010a (CERT_E_CHAINING) on '\Device\HarddiskVolume5\Windows\System32\nvinitx.dll'
31122194.454: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000530 pwszName=\Device\HarddiskVolume5\Windows\System32\nvinitx.dll
31132194.454: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000014809d0
31142194.454: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000014809d0
31152194.454: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A2F2EBA1C0140F976FB679231D95DC4796103B1B
31162194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll
31172194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
31182194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
31192194.454: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem12.cat'; file='\Device\HarddiskVolume5\Windows\System32\nvinitx.dll'
31202194.454: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (was CERT_E_CHAINING)
31212194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'version.dll'.
31222194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
31232194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
31242194.454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\nvinitx.dll) WinVerifyTrust
31252194.454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\nvinitx.dll
31262194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
31272194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
31282194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
31292194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
31302194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
31312194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume5\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
31322194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\version.dll
31332194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\nvinitx.dll (Input=nvinitx.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
31342194.454: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\nvinitx.dll
31352194.454: supR3HardenedDllNotificationCallback: load 00007ffc60820000 LB 0x00031000 C:\Windows\system32\nvinitx.dll [fFlags=0x0]
31362194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\nvinitx.dll
31372194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc60820000 'C:\Windows\system32\nvinitx.dll'
31382194.454: \Device\HarddiskVolume5\Windows\System32\ig75icd64.dll: Owner is administrators group.
31392194.454: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000011dc pwszName=\Device\HarddiskVolume5\Windows\System32\ig75icd64.dll
31402194.454: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000014809d0
31412194.454: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000014809d0
31422194.1724: supR3HardenedDllNotificationCallback: Unload 00007ffc60820000 LB 0x00031000 C:\Windows\system32\nvinitx.dll [flags=0x0]
31432194.454: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=655CB51730FFAD72995F98C4DE35B7C46DDFDA79
31442194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
31452194.454: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem9.CAT'; file='\Device\HarddiskVolume5\Windows\System32\ig75icd64.dll'
31462194.454: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
31472194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
31482194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'igdusc64.dll'.
31492194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
31502194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
31512194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
31522194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
31532194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'wtsapi32.dll'.
31542194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'dwmapi.dll'.
31552194.454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\ig75icd64.dll) WinVerifyTrust
31562194.454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\ig75icd64.dll
31572194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
31582194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume5\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
31592194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\dwmapi.dll
31602194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wtsapi32.dll'...
31612194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'wtsapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\wtsapi32.dll' [rcNtRedir=0xc0150008]
31622194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
31632194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
31642194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
31652194.454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\wtsapi32.dll) WinVerifyTrust
31662194.454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\wtsapi32.dll
31672194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
31682194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume5\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
31692194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\shell32.dll
31702194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
31712194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
31722194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll
31732194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
31742194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
31752194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
31762194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
31772194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'igdusc64.dll'...
31782194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'igdusc64.dll' -> '\Device\HarddiskVolume5\Windows\System32\igdusc64.dll' [rcNtRedir=0xc0150008]
31792194.454: \Device\HarddiskVolume5\Windows\System32\igdusc64.dll: Owner is administrators group.
31802194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
31812194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
31822194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
31832194.454: supR3HardNtViCallWinVerifyTrust: WinVerifyTrust failed with 0x800b010a (CERT_E_CHAINING) on '\Device\HarddiskVolume5\Windows\System32\igdusc64.dll'
31842194.454: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000011d4 pwszName=\Device\HarddiskVolume5\Windows\System32\igdusc64.dll
31852194.454: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000014809d0
31862194.454: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000014809d0
31872194.454: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=12824B3EF1BB321B3B5D3CC32A44B317404A87E5
31882194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
31892194.454: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem9.CAT'; file='\Device\HarddiskVolume5\Windows\System32\igdusc64.dll'
31902194.454: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (was CERT_E_CHAINING)
31912194.454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\igdusc64.dll) WinVerifyTrust
31922194.454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\igdusc64.dll
31932194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
31942194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume5\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
31952194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\opengl32.dll
31962194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ig75icd64.dll (Input=ig75icd64.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
31972194.454: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ig75icd64.dll
31982194.454: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\igdusc64.dll
31992194.454: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wtsapi32.dll
32002194.454: supR3HardenedDllNotificationCallback: load 00007ffc61cf0000 LB 0x009e5000 C:\Windows\SYSTEM32\igdusc64.dll [fFlags=0x0]
32012194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\igdusc64.dll
32022194.454: supR3HardenedDllNotificationCallback: load 00007ffc760f0000 LB 0x00012000 C:\Windows\SYSTEM32\WTSAPI32.dll [fFlags=0x0]
32032194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wtsapi32.dll
32042194.454: supR3HardenedDllNotificationCallback: load 00007ffc49a50000 LB 0x0092e000 C:\Windows\system32\ig75icd64.dll [fFlags=0x0]
32052194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ig75icd64.dll
32062194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc49a50000 'C:\Windows\system32\ig75icd64.dll'
32072194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc7a240000 'C:\Windows\system32\gdi32.dll'
32082194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc7a240000 'C:\Windows\system32\gdi32.dll'
32092194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\opengl32.dll
32102194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OPENGL32.dll (Input=OPENGL32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32112194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
32122194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\opengl32.dll
32132194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OPENGL32.dll (Input=OPENGL32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32142194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
32152194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
32162194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
32172194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
32182194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\version.dll
32192194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\version.dll (Input=version.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32202194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc75060000 'C:\Windows\system32\version.dll'
32212194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
32222194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ig75icd64.dll
32232194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\SYSTEM32\ig75icd64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
32242194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc49a50000 'C:\Windows\SYSTEM32\ig75icd64.dll'
32252194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
32262194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
32272194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
32282194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\opengl32.dll
32292194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OPENGL32.dll (Input=OPENGL32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32302194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
32312194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
32322194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
32332194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\version.dll
32342194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\version.dll (Input=version.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32352194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc75060000 'C:\Windows\system32\version.dll'
32362194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
32372194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
32382194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
32392194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
32402194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
32412194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
32422194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
32432194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
32442194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
32452194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
32462194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
32472194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
32482194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
32492194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\opengl32.dll
32502194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OPENGL32.dll (Input=OPENGL32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32512194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
32522194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
32532194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
32542194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
32552194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
32562194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
32572194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
32582194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
32592194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
32602194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
32612194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
32622194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
32632194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
32642194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
32652194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
32662194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
32672194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
32682194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
32692194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
32702194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
32712194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
32722194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
32732194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
32742194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
32752194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
32762194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
32772194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
32782194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
32792194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
32802194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
32812194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
32822194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
32832194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\opengl32.dll
32842194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OPENGL32.dll (Input=OPENGL32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32852194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
32862194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
32872194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
32882194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
32892194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
32902194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
32912194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
32922194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
32932194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
32942194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
32952194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\version.dll
32962194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\version.dll (Input=version.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32972194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc75060000 'C:\Windows\system32\version.dll'
32982194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
32992194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
33002194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
33012194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
33022194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
33032194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\dwmapi.dll
33042194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33052194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc75b80000 'C:\Windows\system32\dwmapi.dll'
33062194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
33072194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
33082194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
33092194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
33102194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
33112194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
33122194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\version.dll
33132194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\version.dll (Input=version.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33142194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc75060000 'C:\Windows\system32\version.dll'
33152194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
33162194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
33172194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
33182194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
33192194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
33202194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
33212194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
33222194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\version.dll
33232194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\version.dll (Input=version.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33242194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc75060000 'C:\Windows\system32\version.dll'
33252194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
33262194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
33272194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc68370000 'C:\Windows\system32\OPENGL32.dll'
33282194.454: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000011a4 pwszName=\Device\HarddiskVolume5\Windows\System32\mscms.dll
33292194.454: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000014809d0
33302194.454: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000014809d0
33312194.454: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C01A2E8CE3347A322BF0830A5BC147EBA8BAD06F
33322194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
33332194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
33342194.454: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1529_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume5\Windows\System32\mscms.dll'
33352194.454: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
33362194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
33372194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'userenv.dll'.
33382194.454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\mscms.dll) WinVerifyTrust
33392194.454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\mscms.dll
33402194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'...
33412194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume5\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008]
33422194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\userenv.dll
33432194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
33442194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
33452194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\mscms.dll (Input=mscms.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33462194.454: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\mscms.dll
33472194.454: supR3HardenedDllNotificationCallback: load 00007ffc75e80000 LB 0x00092000 C:\Windows\system32\mscms.dll [fFlags=0x0]
33482194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\mscms.dll
33492194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc75e80000 'C:\Windows\system32\mscms.dll'
33502194.454: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001218 pwszName=\Device\HarddiskVolume5\Windows\System32\icm32.dll
33512194.454: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000014809d0
33522194.454: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000014809d0
33532194.454: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=47D46A3D26A83E75181F440594F6DC145125C84E
33542194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc769c0000 'C:\Windows\system32\rsaenh.dll'
33552194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc776d0000 'C:\Windows\system32\crypt32.dll'
33562194.454: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1529_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume5\Windows\System32\icm32.dll'
33572194.454: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
33582194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
33592194.454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'mscms.dll'.
33602194.454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\icm32.dll) WinVerifyTrust
33612194.454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\icm32.dll
33622194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mscms.dll'...
33632194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'mscms.dll' -> '\Device\HarddiskVolume5\Windows\System32\mscms.dll' [rcNtRedir=0xc0150008]
33642194.454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\mscms.dll
33652194.454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
33662194.454: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
33672194.454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\icm32.dll (Input=icm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
33682194.454: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\icm32.dll
33692194.454: supR3HardenedDllNotificationCallback: load 00007ffc60810000 LB 0x00041000 C:\Windows\system32\icm32.dll [fFlags=0x0]
33702194.454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\icm32.dll
33712194.454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc60810000 'C:\Windows\system32\icm32.dll'
33722194.1dcc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\avrt.dll
33732194.1dcc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\avrt.dll (Input=avrt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33742194.1dcc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc73630000 'C:\Windows\system32\avrt.dll'
33752194.1308: supR3HardenedDllNotificationCallback: Unload 00007ffc602d0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [flags=0x0]
33762194.3b0: supR3HardenedDllNotificationCallback: Unload 00007ffc64790000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [flags=0x0]
33772194.18c0: supR3HardenedDllNotificationCallback: Unload 00007ffc67050000 LB 0x0000f000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [flags=0x0]
33782194.2144: supR3HardenedDllNotificationCallback: Unload 00007ffc67490000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [flags=0x0]
33792194.2130: supR3HardenedDllNotificationCallback: Unload 00007ffc67a60000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [flags=0x0]
33802194.2024: supR3HardenedDllNotificationCallback: Unload 00007ffc5bab0000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [flags=0x0]
33812194.2024: supR3HardenedDllNotificationCallback: Unload 00007ffc5d310000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [flags=0x0]
33822194.2024: supR3HardenedDllNotificationCallback: Unload 00007ffc5d3d0000 LB 0x0001f000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [flags=0x0]
33832194.2024: supR3HardenedDllNotificationCallback: Unload 00007ffc599e0000 LB 0x00033000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
33842194.2024: supR3HardenedDllNotificationCallback: Unload 00007ffc4a380000 LB 0x008e5000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [flags=0x0]
33852194.2024: supR3HardenedDllNotificationCallback: Unload 00007ffc59b40000 LB 0x00061000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [flags=0x0]
33862194.2024: supR3HardenedDllNotificationCallback: Unload 00007ffc734f0000 LB 0x00056000 C:\Windows\SYSTEM32\newdev.dll [flags=0x0]
33872194.2024: supR3HardenedDllNotificationCallback: Unload 00007ffc5a310000 LB 0x00035000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [flags=0x0]
33882194.2024: supR3HardenedDllNotificationCallback: Unload 00007ffc73550000 LB 0x0002a000 C:\Windows\SYSTEM32\IPHLPAPI.DLL [flags=0x0]
33892194.2024: supR3HardenedDllNotificationCallback: Unload 00007ffc73860000 LB 0x0000a000 C:\Windows\SYSTEM32\WINNSI.DLL [flags=0x0]
33902194.454: supR3HardenedDllNotificationCallback: Unload 00007ffc75e60000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL [flags=0x0]
33912194.454: supR3HardenedDllNotificationCallback: Unload 00007ffc70390000 LB 0x00079000 C:\Windows\System32\netcfgx.dll [flags=0x0]
33922194.454: supR3HardenedDllNotificationCallback: Unload 00007ffc77fa0000 LB 0x001da000 C:\Windows\system32\SETUPAPI.dll [flags=0x0]
33932194.454: supR3HardenedDllNotificationCallback: Unload 00007ffc734d0000 LB 0x00016000 C:\Windows\System32\devrtl.DLL [flags=0x0]
33942194.454: supR3HardenedDllNotificationCallback: Unload 00007ffc6a800000 LB 0x000fb000 C:\Windows\system32\wbem\fastprox.dll [flags=0x0]
33952194.454: supR3HardenedDllNotificationCallback: Unload 00007ffc6a7e0000 LB 0x00015000 C:\Windows\system32\wbem\wbemsvc.dll [flags=0x0]
33962194.454: supR3HardenedDllNotificationCallback: Unload 00007ffc73610000 LB 0x00011000 C:\Windows\system32\wbem\wbemprox.dll [flags=0x0]
33972194.454: supR3HardenedDllNotificationCallback: Unload 00007ffc73580000 LB 0x00082000 C:\Windows\SYSTEM32\wbemcomn.dll [flags=0x0]
33982194.454: supR3HardenedDllNotificationCallback: Unload 00007ffc4de10000 LB 0x005d8000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [flags=0x0]
33992194.454: supR3HardenedDllNotificationCallback: Unload 00007ffc7a030000 LB 0x00007000 C:\Windows\system32\PSAPI.DLL [flags=0x0]
34002194.454: supR3HardenedDllNotificationCallback: Unload 00007ffc75060000 LB 0x0000a000 C:\Windows\SYSTEM32\VERSION.dll [flags=0x0]
34012194.454: Terminating the normal way: rcExit=0
34021548.fd0: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 431128 ms, the end);
34031c2c.2398: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 431769 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy